Hello.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and let me know if you agree. As soon as I have your approval, the cleaning procedure will begin.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

Okay, I haven't seen any more of these fake virus pop-ups since the day I posted the request. I haven't made any particular changes to the system since then, either, though, so I don't know why they would have stopped. 0o

 

I marked the topic as Inactive, since I hadn't got your reply.

Let me know if you would like me to check your logs. Reviewing the logs takes time, and I would like to be sure that you will stay with me until the end.

 

Yeah, I didn't post any more comments because I was watching to see what analysis you had of my logs before I said anything more. Didn't notice the part about needing to respond within three days or the thread goes inactive that was hidden in the fine-print.

That said... I dunno if the problem is gonna come back, or not, and I've not seen hide nor hair of it now for days. 0o

 

Yeah, I didn't post any more comments because I was watching to see what analysis you had of my logs before I said anything more

Actually, seing the fix and then decide if you stay or not is not right. As I said, logs' review takes a lot of time and effort and that's why I'm asking if a user is with me before starting my analysis.

Since you say that the problem is gone, I'm marking the topic as Solved. You can return if you think that something is wrong.

 

Well, I didn't see anything in this thread that said what to do in my case, just the preliminary, standard "Okay, we'll soon examine your system logs and get back to you..." post. In any event, I'm not sure if its fixed, just that the last time it DID happen, if was when I was on a particular virtual-chat web-page, coded and run by someone I know online, and on their Google Drive looking at a text document. When I quit out of those two pages, the pop-ups stopped. I later went back to the Google Drive page, and didn't get the pop-ups, and on another occasion logged into the chatroom thing, and didn't get the fake-antivirus pop-ups then either, but haven't done both at once since that last time, and the time when I'm doing both of those together only happens once a week. It's part of a writers-workshop I'm in, and I'm pretty sure none of the participants, or the one who created that virtual voice-chat website and who is also part of the workshop are knowingly inserting anything malicious into the system. It may also have been a sheer coincidence that it was going on that particular day while I was there. I suppose I'll know this Tuesday evening when I'm back over there again if it goes back to it. 0o

In any event, for the time being its not doing it, but I didn't really do anything special to stop it that last time except exit out of the two pages, and then notice that the pop-ups stopped. Which may also have simply been because it was right at about midnight and whatever mechanism was generating it decided midnight was as good a time as any to shut itself down. o0

 

Hello.

It seems that there is a misunderstanding. In my first post reply in this topic I asked you this:

Please, adhere to the guidelines below, and let me know if you agree. As soon as I have your approval, the cleaning procedure will begin.

So, I'm asking you again: Do you agree with the guidlines so I can start the cleaning procedure?

 

Okay. Yes, I agree to the guidelines. Lets do this.

 

Good.

I'll be back to you within the day. Have in mind that it's 12:20 here now.

 

Hi.

You have so many security programs installed. And there are remnants from McAfee TrueKey.

AV: Windows Defender (built-in Windows 10)
AV: Malwarebytes
Zemana AntiMalware version 3.2.28
HitmanPro 3.8
SpyHunter 5
AdGuard

I recommend you to stay with Windows Defender, keep Malwarebytes and remove all the others. If you want to keep Zemana too as an extra opinion, that's fine. But all those products there are really too much.

Have in mind that many antivirus in the system may cause:

• False positives: When the anti virus software tells you that your PC has a virus when it actually doesn't.
• Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
• Low performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
• Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

So, let me know which of those security programs did you decide to uninstall.

Aso, uninstall Java 8 Update 291. There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version. You can do that at the end of the cleaning procedure, when I tell you.

After uninstalling them, I would like to see fresh FRST logs (Addition and FRST).

 

Okay, uninstalled:

HitmanPro 3.8
SpyHunter 5
AdGuard
Java 8 Update 291

Will reboot in a moment, and then get the FRST logs...

And is there a recommended third-party replacement for Oracle's version of Java?

 

And is there a recommended third-party replacement for Oracle's version of Java?

No. If you really need it, then you can install the latest version at the end, and be careful to keep it updated in the future.

I'll be waiting for your fresh logs, which I'll review tomorrow. It's late for me now.

 

Okay, attaching fresh logs now. ("Put another log on the fiiiirrrrre......!")

 

Hi, NomadofNorad.

Here is my next set of instructions/comments:

1. Opera Notifications

Did you intentionally enable notifications from these sites?

hxxps://baraag.net;
hxxps://calendar.google.com;
hxxps://chat.allthefallen.moe;
hxxps://designbundles.net;
hxxps://discaffix.com;
hxxps://drive.google.com;
hxxps://fhu.community;
hxxps://fontbundles.net;
hxxps://forums.highfidelity.com;
hxxps://forums.woot.com;
hxxps://gab.ai; hxxps://gab.com;
hxxps://joindiaspora.com;
hxxps://livescience.onesignal.com;
hxxps://mewe.com;
hxxps://steemit.com;
hxxps://vid.me; hxxps://windowsforum.com

Also, are you aware of the following as your default Search engine?

hxxps://github.com/mubaidr

2. McAfee products removal

There are remnants of McAfee True key. Use the Method 2 here to uninstall any remnant of McAfee products in the computer.

3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2021-02-11] (Bitdefender SRL -> Bitdefender)
Task: {9E1C7C53-4948-4BFF-8BEB-E2DB4496E552} - System32\Tasks\Apple Diagnostics => C:\Users\David\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2022-02-04] () [simlink -> ]
Task: {A41E29BE-F62F-4FCB-ADBF-A01FF057958B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {AB89E8C0-BFAF-4CD9-9FC6-A72E4090B6CB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 6970EDDBE2B0E5B1 => C:\Users\David\AppData\Local\Mozilla Firefox\default-browser-agent.exe do-task "6970EDDBE2B0E5B1"
SearchScopes: HKU\S-1-5-21-118719561-41743233-1106231141-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [TCP Query User{DA97B2D6-3877-42A5-AE53-D8E9FCBDD3F8}C:\users\david\appdata\local\programs\opera\76.0.4017.94\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\76.0.4017.94\opera.exe => No File
FirewallRules: [UDP Query User{F8530A33-C3EB-4B24-914D-BA0AF9A2CB5C}C:\users\david\appdata\local\programs\opera\76.0.4017.94\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\76.0.4017.94\opera.exe => No File
FirewallRules: [TCP Query User{9CA23A2A-BE4F-4BB6-ACFA-94F5A2BA4A6E}C:\users\david\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [UDP Query User{0214E54A-4D5C-416B-BC85-6A07AFF17A0B}C:\users\david\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [TCP Query User{08A69C9E-BAC2-4B76-99A7-3FB88F74847B}C:\users\david\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [UDP Query User{A3ACDA6D-A6F1-4074-9164-D5628B125B42}C:\users\david\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [TCP Query User{BA09DC50-2B69-44A1-B01E-2D8B4F729FF0}C:\users\david\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [UDP Query User{8EBF822C-5BF0-4892-93FF-926C4CD31B5B}C:\users\david\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [TCP Query User{3D4FBB66-0C10-4FDE-A990-90DE9DC3745B}C:\users\david\appdata\local\programs\opera\77.0.4054.172\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.172\opera.exe => No File
FirewallRules: [UDP Query User{6C50706E-CB3B-4D01-98B1-A695EB4F2391}C:\users\david\appdata\local\programs\opera\77.0.4054.172\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.172\opera.exe => No File
FirewallRules: [TCP Query User{5DD5990D-B707-4EED-B28D-D54046C1C37A}C:\users\david\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{F127CA11-509E-4E76-91C3-F50EBAACED80}C:\users\david\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{3D4FBB66-0C10-4FDE-A990-90DE9DC3745B}C:\users\david\appdata\local\programs\opera\77.0.4054.172\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.172\opera.exe => No File
FirewallRules: [UDP Query User{6C50706E-CB3B-4D01-98B1-A695EB4F2391}C:\users\david\appdata\local\programs\opera\77.0.4054.172\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.172\opera.exe => No File
FirewallRules: [TCP Query User{5DD5990D-B707-4EED-B28D-D54046C1C37A}C:\users\david\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{F127CA11-509E-4E76-91C3-F50EBAACED80}C:\users\david\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{13F573FD-31FD-4568-BB98-5AA624E52946}C:\users\david\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{B8D1ED58-121A-4CC1-AC61-4EEDF24EF32A}C:\users\david\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{674322EA-E40E-47A1-A5E9-0575C6B2BB86}C:\users\david\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
FirewallRules: [UDP Query User{82F6FF98-FEA2-4C40-BB00-93C14B1ECEEC}C:\users\david\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
FirewallRules: [TCP Query User{85CC2654-C4E1-4BEC-B058-E26658AD0957}C:\users\david\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{6D996170-21A8-49D3-8128-B07026B3663E}C:\users\david\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{A1E205A7-0435-4794-ABEF-3C4ACFC8814B}C:\users\david\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{7FE4B743-85C6-414F-A9FC-5F6E85BC3675}C:\users\david\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
FirewallRules: [UDP Query User{D1636907-FD75-432C-8AC4-C75D35981B48}C:\users\david\appdata\local\programs\opera\78.0.4093.231\opera.exe] => (Allow) C:\users\david\appdata\local\programs\opera\78.0.4093.231\opera.exe => No File
C:\ProgramData\Adguard
C:\ProgramData\HitmanPro
C:\Program Files\TrueKey
EmptyTemp:
End::

• Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Please post the log in your next reply.

4. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now.
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Filestab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

5. Run Malwarebytes (scan only)

• Open Malwarebytes you have already installed in the computer.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is NOT checked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

In your next reply, please post:

1. Your reply about notifications and the Search engine in Opera
2. If McAfee removal tool found things and removed them
3. The fixlog.txt
4. The AdwCleaner[S0*].txt
5. The Malwarebytes report

 

Okay, looking at the list of sites with notifications enabled, I don't see any on there that alarm me. Mostly they're various forums and social-networks I've been on. I'm not sure what was going on with the set default search engine, though. When I subsequently went in to Opera to check that, after doing the Fix script and the subsequent reboots, it showed Google as my default search engine, and I've now set that to DDG.

Anyway, I did some of this slightly out of sequence, I did the Fix thing, then realized I needed to do the remove-McAfee thing first, so went back and did that (and its subsequent, requested reboot afterwards) then ran The Fix again. For that reason, I've attached both versions of the Fixlog.

Also, the MalwareBytes scan took 3 hours and 22 minutes, not the 10 minutes you said it would. Fifty lashes with a wet noodle! 😛 🤪

 

Hi!

3 hours for Malwarebytes to run is too much indeed. It detected one item and we need to remove it. After that, I will need fresh FRST logs.

1. Run Malwarebytes (Clean mode)

• Open Malwarebytes.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is unchecked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Thread Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
• If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
• You may need to restart the computer.
• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

2. Fresh FRST logs

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

In your next reply, please post:

1. The Malwarebytes report
2. The fresh FRST logs, Addition and FRST

 

Looking at the MB log, the one item it found is an exe sitting in a downloads related subfolder from ages back. It appears to be one of the programs some other tech-help forum recommended to fix or diagnose a BSOD problem I was having some years back. It isn't placed where the OS is likely to run it on its own, I'd have to go in and manually launch it before it would do anything. Would it suffice to simply rename it from whatevertheheck.exe to whatevertheheck.exe.bak or something? (Does that preemtively.)

 

(Several hours later...)

Okay, it still found and complained about the renamed version of that file. 0o I've let it quarantine the thing.

 

Hi.

PC HealthBoost is a system optimizer utility, which is promoted via other free downloads, and once installed it claims that several issues were been detected on your computer. If you try to fix these problems, PC HealthBoost will state that you need to buy its full version before being able to do so. That's why it is characterized as an adware. Even if you intentionally installed it, have in mind that with these programs the potential is ever present to cause more problems than they claim to fix. So, removing it was necessary.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
OPR Notifications: Opera Stable -> hxxps://baraag.net; hxxps://calendar.google.com; hxxps://chat.allthefallen.moe; hxxps://designbundles.net; hxxps://discaffix.com; hxxps://drive.google.com; hxxps://fhu.community; hxxps://fontbundles.net; hxxps://forums.highfidelity.com; hxxps://forums.woot.com; hxxps://gab.ai; hxxps://gab.com; hxxps://joindiaspora.com; hxxps://livescience.onesignal.com; hxxps://mewe.com; hxxps://steemit.com; hxxps://vid.me; hxxps://windowsforum.com
OPR DefaultSearchURL: Opera Stable -> hxxps://github.com/mubaidr
2022-02-24 17:19 - 2022-02-24 17:19 - 000000258 _____ () C:\ProgramData\fontcacheev1.dat
2015-02-25 05:13 - 2016-07-25 15:49 - 000055196 _____ () C:\Users\David\IP_Log_Data.js
2013-08-25 01:00 - 2016-07-26 01:00 - 000630540 _____ () C:\Users\David\Network_Meter_Data.js
EmptyTemp:
End::

• Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Please post the log in your next reply.

2. Upgrade the Operating System

You are stil runninng Windows 10, version 2004, which is not supported since 14 Dec 2021. It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. Now the computer is clean, recommend you to upgrade to the latest version, 21H2 as soon as possible.

To do so:

• Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
• Save the tool on your Desktop and double click to run it.
• On the License terms page, if you accept the license terms, select Accept.
• On the What do you want to do page, select Upgrade this PC now, and then select Next.
• Follow the instructions and select Keep personal files and apps, when you are asked to.
• It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don't turn off your PC.
• After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

In your next reply please post:

1. The fixlog.txt
2. If everything ran smoothly with the upgrade.

 

Okay, ran the Fix, and it rebooted me.

As for Windows 10, I could have sworn I had it set to automatically, periodically do OS updates. Anyway, I have it acquiring the update to 21H2 now, initiated from Start > Settings > Windows Update > Check for updates.

 

I purposly gave to you instructions to upgrade using the media tool. This would reinstall and update the operating system and fix any corruptions, without removing any file or program. Since you started the procedure from the Settings, let it run and we will check the system at the end.

I still see this in the fix:

OPR DefaultSearchURL: Opera Stable -> hxxps://github.com/mubaidr => Error: No automatic fix found for this entry.

You can check manually about your Opera Search Engine and change it as you like. Perhaps this will help you.

 

Settings About now shows me as having Windows 10 Pro, version 21H2, installed 5/5/2021, OS build 19044.1586, Experience Windows Feature Experiences Pack 120.2212.4170.0, and the update and subsequent reboot went without any obvious troubles.

As for Opera, in Settings it shows my default search engine as Duck Duck Go, from when I set it to that a couple days ago. I don't know what that other element is about, because I don't see anything mentioning that one in the Search engine Advanced pane. When I go to the address at Github, it appears to be some programmer's account profile page, the sort that lists what all projects the programmer is working on, and giving his contact info. Is something trying to use that user-profile-page as a search engine? Or is it something tied to one of my installed Opera Extensions? I don't understand what's going on here. o0

 

Hang on, looking through my Opera Extensions, I notice that something called Reload Images is by that user, mubaidr. It is an add-on for Opera that, if a particular image on a page didn't load in a timely basis and times out, maybe because the overall web-forum is performing slow, I can then right-click on the little broken-image-symbol for that image in the page and select Reload This Image, and it will query the web-forum or whatever to send me that image again, that way I don't have to reload the entire web-page to get that stuck image to display. It is one of the legitimate Extensions from Opera's website itself.

 

Hi, Nomad. You did a good investigation.

What I would do: uninstall the extension and re-check with the following FRST fix:

Start::
CreateRestorePoint:
CloseProcesses:
OPR DefaultSearchURL: Opera Stable -> hxxps://github.com/mubaidr
EmptyTemp:
End::

If the fix completes successfully, then the line is due to the specific extension.

 

Restart after unisntalling the extension, before the FIX.