Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old February 20th, 2021, 02:57 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
Cool click a link on a webpage and an incorrect tab opens

This recently started, when I click on a link within a webpage, a tab opens but it is for something that is completely different.
For example, I'm on my Amazon page and I click on "my orders", I get a new tab for Vitaly - Shop Online. I try again and I get a new tab for FlixLuv.
Any help would be greatly appreciated. I do not have any malware on my computer. I believe something happened to my settings.

Last edited by gaesilva; February 20th, 2021 at 08:31 PM. Reason: I have checked and I do not have any malware on my computer
Reply With Quote
  #2  
Old February 21st, 2021, 07:53 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hello gaesvila and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
So you have a redirect problem. For solution, we need to update the host file.

Let's check.

I Would like you to do the following

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.
Reply With Quote
  #3  
Old February 21st, 2021, 11:16 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
Part I of FRST

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) =============

2020-04-23 11:40 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-11-19 13:12 - 2020-11-19 13:12 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2020-04-23 11:41 - 2005-04-21 23:36 - 000143360 ____R () [File not signed] C:\Windows\system32\BrSNMP64.dll
2020-04-21 13:20 - 2013-02-04 12:00 - 000054784 _____ () [File not signed] C:\Windows\System32\sdtnpm.dll
2005-09-07 13:03 - 2005-09-07 13:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2020-04-23 11:41 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2020-04-23 11:41 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2020-04-23 11:41 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2020-04-23 11:41 - 2012-11-29 18:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2020-04-23 11:41 - 2013-01-30 14:17 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2020-04-23 11:41 - 2012-12-21 11:31 - 000078848 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2020-04-23 11:41 - 2012-12-21 11:31 - 017666560 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2020-04-23 11:41 - 2013-01-18 13:31 - 000074240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2020-04-23 11:41 - 2012-10-19 07:02 - 000087040 ____R (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2020-08-14 20:29 - 2020-08-14 20:29 - 000122880 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Inter op.dll
2013-02-23 00:11 - 2013-02-23 00:11 - 000090112 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.Common.dll
2013-02-23 00:12 - 2013-02-23 00:12 - 000029696 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Interop.dll
2013-02-23 00:11 - 2013-02-23 00:11 - 000038400 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Logging.dll
Reply With Quote
  #4  
Old February 21st, 2021, 11:19 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
Part 2 FRST==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> DefaultScope {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2020-07-11 20:46 - 2020-07-11 20:46 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;% SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT %\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\Sy stem32\OpenSSH\;C:\Program Files\Common Files\NeatReceipts\Drivers\M12\
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele\AppData\Local\Microsoft\Windows\The mes\RoamedThemeFiles\DesktopBackground\venice 6.jpg
HKU\S-1-5-21-3842255837-3436847461-3918225103-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{933E377D-ABC5-468B-93AC-DADE6B2C54BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4007F4FA-2B3E-4A5A-84A4-367775D3F9A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EFBFF624-85EA-4EB4-B0CB-AE2E7E1EE095}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [UDP Query User{48709466-9B36-434E-AEA0-0DF45B9BFC97}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{35FF8A67-A859-4F1B-BCA9-2133A1C71A89}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{40998A15-BA9B-4E37-85C8-B0426E88DB7A}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{C29E846E-8040-4D80-A2D3-86D5506B3F46}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FEFD4A0D-25F6-41D2-89B9-864A7C3A14D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AACD10F-9026-4A7C-AB25-197715BB546D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{F9D2C818-0C21-4893-BF55-A8FCAF167251}] => (Allow) LPort=54925
FirewallRules: [{8F31D18F-892E-4920-8A2F-42B9EFBBFA46}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3A5DB7A7-7521-48B5-8D7B-D5FB4430C09F}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EAFF5570-08C7-4A05-B17F-CAECBB4F0D3B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C9431988-EDB0-40C2-9979-5B54897119E6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7DD7E813-1748-4667-A103-DE84AD2AFD89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96333CCA-5F54-4992-96B1-1F18585B516C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57A4C315-A5E4-44B9-88A5-F8DB5C3EC717}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{818528C3-03C8-4847-B22A-71EA3C97FD7A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2A9FCF11-2197-41D0-BBC6-0956451FD72B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B82E6AF9-975E-4593-A9D4-833FC57D2B19}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6B47270-71B0-4C97-979D-39C6CF1AD07F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C8173A4-6328-4A59-970B-04CF1E652BE8}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{12B89BA1-FAAC-4661-83D5-CFC1A1D43747}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{B4FA3753-669E-4ED1-98DF-517B1B9F8A46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{023100BA-02F8-41E1-965F-17C149DF3B8D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5FD2A7FE-B5CA-4B8E-9F66-3837A078EFF4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{705E3EF7-1C40-486F-B0F3-D1CE672D83B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{301506FF-9C01-4DE8-8957-02153789889B}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{DF23AED6-4563-4FBF-98C2-6DE1C5163175}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D85F2B87-A5CF-401F-917D-A617A3A71183}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D478E6D9-0EDF-47AC-B9B2-F2926999B93E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{82ACEA06-C493-4A0A-92CF-5277B7BD6B62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0DA36B8F-B188-411D-9791-73C3822FE8C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B16D44A-5A35-46FE-9AC5-B25CEBD38FF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8FD2D89F-AED4-42CA-B684-CADC09696277}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D854C8F7-E898-4028-8534-B4747B482413}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A01845C3-8ADB-4369-82DB-247CF6C4C23E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

19-02-2021 07:18:34 Scheduled Checkpoint
20-02-2021 08:12:47 click on a link on a webpage and another page opens

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/21/2021 04:24:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Reply With Quote
  #5  
Old February 21st, 2021, 11:19 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
Part 3 FRST Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}

Error: (02/21/2021 04:23:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}

Error: (02/21/2021 02:24:34 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DESKTOP-BMEMOL4)
Description: Failed to update 1 user custom wordlist: -2147024864. Spell checking will remain available, but this user wordlist will not be updated.

Error: (02/21/2021 10:20:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}

Error: (02/21/2021 10:14:10 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}

Error: (02/21/2021 09:24:34 AM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DESKTOP-BMEMOL4)
Description: Failed to update 1 user custom wordlist: -2147024864. Spell checking will remain available, but this user wordlist will not be updated.

Error: (02/21/2021 04:36:08 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 16216 and the required size was 38560.

Error: (02/20/2021 04:10:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}


System errors:
=============
Error: (02/21/2021 12:51:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/20/2021 12:51:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/19/2021 12:51:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/18/2021 01:49:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/18/2021 01:19:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/18/2021 12:52:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/18/2021 11:45:46 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-BMEMOL4)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/17/2021 02:50:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-02-20 23:18:34.712
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-19 21:18:34.355
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-16 15:45:10.462
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-15 14:21:58.742
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-14 13:10:55.006
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: Dell Inc. 1.8.0 12/09/2020
Motherboard: Dell Inc. 0FK9H3
Processor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 16211.9 MB
Available physical RAM: 8710.2 MB
Total Virtual: 18643.9 MB
Available Virtual: 8901.07 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.33 GB) (Free:350.56 GB) (Protected) NTFS

\\?\Volume{8e2bc93f-dd12-4ff5-b42e-0fc3bade6af7}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.53 GB) NTFS
\\?\Volume{d0b37552-bf1b-4b39-ad62-86292094221c}\ (Image) (Fixed) (Total:12.89 GB) (Free:0.16 GB) NTFS
\\?\Volume{4988a97e-9505-4118-b14c-3180736c6216}\ (DELLSUPPORT) (Fixed) (Total:1.47 GB) (Free:0.61 GB) NTFS
\\?\Volume{7fca93ed-3a6a-4a78-a866-f52509a16548}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 476.9 GB) (Disk ID: E68B182D)

Partition: GPT.

==================== End of Addition.txt =======================
Reply With Quote
  #6  
Old February 21st, 2021, 11:25 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
Additional TXT
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2021
Ran by gaele (21-02-2021 16:42:58)
Running from C:\Users\gaele\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2020-04-14 19:36:49)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-3842255837-3436847461-3918225103-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3842255837-3436847461-3918225103-503 - Limited - Disabled)
gaele (S-1-5-21-3842255837-3436847461-3918225103-1001 - Administrator - Enabled) => C:\Users\gaele
Guest (S-1-5-21-3842255837-3436847461-3918225103-501 - Limited - Disabled)
Visitor (S-1-5-21-3842255837-3436847461-3918225103-1002 - Limited - Enabled) => C:\Users\Visitor
WDAGUtilityAccount (S-1-5-21-3842255837-3436847461-3918225103-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 88.0.7977.153 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{81C48559-E2EB-4F18-9854-51331B9DB552}) (Version: 4.0.70.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{4674F112-9AB7-4701-AEC0-C1FD1FE7CD4E}) (Version: 2.0.8401 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{EC45CAE6-9000-43EC-B7BA-54D3D654BF21}) (Version: 5.3.2.13868 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{26e99410-cf21-40aa-9a6e-75bdd110d349}) (Version: 5.3.2.13868 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{3C4F6923-3BE1-4E6C-8DEE-9EEF1E433795}) (Version: 5.2.1.12926 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{8d32f870-d6fd-4420-b5cb-c29ac65f628d}) (Version: 5.2.1.12926 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.1.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{437102ED-22A2-4C3D-BA6B-E5ECAE798DFA}) (Version: 1.0.3.0 - DELL)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Google Photos Backup (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.8141 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{4a50fa17-2911-43ed-a2a1-d3a34411e2bb}) (Version: 21.110.2.1 - Intel Corporation) Hidden
Java(TM) SE Development Kit 15.0.2 (64-bit) (HKLM\...\{2041CF7D-1F63-5C58-9F35-C445251E39C9}) (Version: 15.0.2.0 - Oracle Corporation)
LastPass (HKLM-x32\...\{E7A548B6-D49C-4A10-8EDF-BC6379E5CA9A}) (Version: 4.64.0.1986 - LogMeIn)
MakeMKV v1.15.4 (HKLM-x32\...\MakeMKV) (Version: v1.15.4 - GuinpinSoft inc)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.13628.20448 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (HKLM-x32\...\{99432E4C-1189-4887-9D75-DAA796015FFD}) (Version: 5.1.31.16 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Obsidian 0.9.20 (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\bd400747-f0c1-5638-a859-982036102edf) (Version: 0.9.20 - Obsidian)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20330 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Opera Stable 74.0.3911.107 (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Opera 74.0.3911.107) (Version: 74.0.3911.107 - Opera Software)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9018.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.)
Republic Anywhere (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\republicanywhere) (Version: 2.5.12 - Republic Wireless, Inc.)
Revo Uninstaller 2.1.7 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.7 - VS Revo Group, Ltd.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Wondershare TunesGo ( Version 9.6.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.6.0 - Wondershare)
YI Home (HKLM-x32\...\YI Home) (Version: 1.0.0.0_202003271500 - XiaoYi)

Packages:
=========
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0 _x64__htrsf667h5kn2 [2020-04-14] (Dell Inc)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor _2.2.22.0_x64__2dgmkzkw4h30c [2020-09-15] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2. 45.0_x64__htrsf667h5kn2 [2020-07-22] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0. 70.0_x64__htrsf667h5kn2 [2021-01-19] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-01-25] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.8.10.0_x64__htrsf667h5kn2 [2021-01-17] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86_ _htrsf667h5kn2 [2021-02-03] (Dell Inc)
Desktop Live Wallpapers -> C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktop Wallpapers_1.2.17.0_neutral__agy8jafheqhng [2020-10-10] (Ambient Software) [Startup Task]
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64 __xbfy0k16fey96 [2020-04-14] (Dropbox Inc.)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6 mqt6hf9g46tw [2020-04-15] (Fitbit)
GMX Mail -> C:\Program Files\WindowsApps\4659BB81.GMXMail_3.33.8.0_x64__9 r8rjdwa12808 [2020-09-06] (1&1 Mail & Media GmbH)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.3282.0_x64__8j3eq9eme6ctt [2020-12-29] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_ 3.3.0.0_x64__8j3eq9eme6ctt [2020-04-14] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.0.1017.0_x64__8j3eq9eme6ctt [2020-11-25] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa [2020-11-18] (Apple Inc.) [Startup Task]
LastPass for Windows Desktop -> C:\Program Files\WindowsApps\LastPass.LastPass_4.5.1.0_x64__s bg7naapqq8fj [2021-02-06] (LastPass)
Match 3D - Matching Puzzle Game -> C:\Program Files\WindowsApps\23385HappyFamilyGames.Match3D-MatchingPuzzleGame_1.1.0.0_x64__pbwsxs408fxew [2021-01-04] (Happy Family Games)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.22661.0_x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.7.25.0_x64__htr sf667h5kn2 [2020-12-11] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64_ _mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Mai n_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-09] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-08-26] (Microsoft Corporation)
QR Code for Windows 10 -> C:\Program Files\WindowsApps\17036IYIA.QRCodeforWindows10_6.1 .2.0_x64__dggz0n4pnn0ge [2021-01-12] (IYIA)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.958. 0_x64__rh07ty8m5nkag [2021-01-13] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0 [2021-02-20] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0 _x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell20 19_2.0.54.0_x64__fh4rh281wavaa [2020-04-08] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============
Reply With Quote
  #7  
Old February 21st, 2021, 11:28 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
FRST64 SCAN Part 1-Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2021
Ran by gaele (21-02-2021 16:42:58)
Running from C:\Users\gaele\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2020-04-14 19:36:49)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-3842255837-3436847461-3918225103-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3842255837-3436847461-3918225103-503 - Limited - Disabled)
gaele (S-1-5-21-3842255837-3436847461-3918225103-1001 - Administrator - Enabled) => C:\Users\gaele
Guest (S-1-5-21-3842255837-3436847461-3918225103-501 - Limited - Disabled)
Visitor (S-1-5-21-3842255837-3436847461-3918225103-1002 - Limited - Enabled) => C:\Users\Visitor
WDAGUtilityAccount (S-1-5-21-3842255837-3436847461-3918225103-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 88.0.7977.153 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{81C48559-E2EB-4F18-9854-51331B9DB552}) (Version: 4.0.70.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{4674F112-9AB7-4701-AEC0-C1FD1FE7CD4E}) (Version: 2.0.8401 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{EC45CAE6-9000-43EC-B7BA-54D3D654BF21}) (Version: 5.3.2.13868 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{26e99410-cf21-40aa-9a6e-75bdd110d349}) (Version: 5.3.2.13868 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{3C4F6923-3BE1-4E6C-8DEE-9EEF1E433795}) (Version: 5.2.1.12926 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{8d32f870-d6fd-4420-b5cb-c29ac65f628d}) (Version: 5.2.1.12926 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.1.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{437102ED-22A2-4C3D-BA6B-E5ECAE798DFA}) (Version: 1.0.3.0 - DELL)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Google Photos Backup (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.8141 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{4a50fa17-2911-43ed-a2a1-d3a34411e2bb}) (Version: 21.110.2.1 - Intel Corporation) Hidden
Java(TM) SE Development Kit 15.0.2 (64-bit) (HKLM\...\{2041CF7D-1F63-5C58-9F35-C445251E39C9}) (Version: 15.0.2.0 - Oracle Corporation)
LastPass (HKLM-x32\...\{E7A548B6-D49C-4A10-8EDF-BC6379E5CA9A}) (Version: 4.64.0.1986 - LogMeIn)
MakeMKV v1.15.4 (HKLM-x32\...\MakeMKV) (Version: v1.15.4 - GuinpinSoft inc)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.13628.20448 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (HKLM-x32\...\{99432E4C-1189-4887-9D75-DAA796015FFD}) (Version: 5.1.31.16 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Obsidian 0.9.20 (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\bd400747-f0c1-5638-a859-982036102edf) (Version: 0.9.20 - Obsidian)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20330 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Opera Stable 74.0.3911.107 (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Opera 74.0.3911.107) (Version: 74.0.3911.107 - Opera Software)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9018.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.)
Republic Anywhere (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\republicanywhere) (Version: 2.5.12 - Republic Wireless, Inc.)
Revo Uninstaller 2.1.7 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.7 - VS Revo Group, Ltd.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Wondershare TunesGo ( Version 9.6.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.6.0 - Wondershare)
YI Home (HKLM-x32\...\YI Home) (Version: 1.0.0.0_202003271500 - XiaoYi)

Packages:
=========
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0 _x64__htrsf667h5kn2 [2020-04-14] (Dell Inc)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor _2.2.22.0_x64__2dgmkzkw4h30c [2020-09-15] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2. 45.0_x64__htrsf667h5kn2 [2020-07-22] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0. 70.0_x64__htrsf667h5kn2 [2021-01-19] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-01-25] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.8.10.0_x64__htrsf667h5kn2 [2021-01-17] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86_ _htrsf667h5kn2 [2021-02-03] (Dell Inc)
Desktop Live Wallpapers -> C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktop Wallpapers_1.2.17.0_neutral__agy8jafheqhng [2020-10-10] (Ambient Software) [Startup Task]
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64 __xbfy0k16fey96 [2020-04-14] (Dropbox Inc.)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6 mqt6hf9g46tw [2020-04-15] (Fitbit)
GMX Mail -> C:\Program Files\WindowsApps\4659BB81.GMXMail_3.33.8.0_x64__9 r8rjdwa12808 [2020-09-06] (1&1 Mail & Media GmbH)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.3282.0_x64__8j3eq9eme6ctt [2020-12-29] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_ 3.3.0.0_x64__8j3eq9eme6ctt [2020-04-14] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.0.1017.0_x64__8j3eq9eme6ctt [2020-11-25] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa [2020-11-18] (Apple Inc.) [Startup Task]
LastPass for Windows Desktop -> C:\Program Files\WindowsApps\LastPass.LastPass_4.5.1.0_x64__s bg7naapqq8fj [2021-02-06] (LastPass)
Match 3D - Matching Puzzle Game -> C:\Program Files\WindowsApps\23385HappyFamilyGames.Match3D-MatchingPuzzleGame_1.1.0.0_x64__pbwsxs408fxew [2021-01-04] (Happy Family Games)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.22661.0_x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.7.25.0_x64__htr sf667h5kn2 [2020-12-11] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64_ _mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Mai n_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-09] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-08-26] (Microsoft Corporation)
QR Code for Windows 10 -> C:\Program Files\WindowsApps\17036IYIA.QRCodeforWindows10_6.1 .2.0_x64__dggz0n4pnn0ge [2021-01-12] (IYIA)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.958. 0_x64__rh07ty8m5nkag [2021-01-13] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0 [2021-02-20] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0 _x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell20 19_2.0.54.0_x64__fh4rh281wavaa [2020-04-08] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_7c85c995bf1fb3d8\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-14] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) =============

2020-04-23 11:40 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-11-19 13:12 - 2020-11-19 13:12 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2020-04-23 11:41 - 2005-04-21 23:36 - 000143360 ____R () [File not signed] C:\Windows\system32\BrSNMP64.dll
2020-04-21 13:20 - 2013-02-04 12:00 - 000054784 _____ () [File not signed] C:\Windows\System32\sdtnpm.dll
2005-09-07 13:03 - 2005-09-07 13:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2020-04-23 11:41 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2020-04-23 11:41 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2020-04-23 11:41 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2020-04-23 11:41 - 2012-11-29 18:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2020-04-23 11:41 - 2013-01-30 14:17 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2020-04-23 11:41 - 2012-12-21 11:31 - 000078848 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2020-04-23 11:41 - 2012-12-21 11:31 - 017666560 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2020-04-23 11:41 - 2013-01-18 13:31 - 000074240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2020-04-23 11:41 - 2012-10-19 07:02 - 000087040 ____R (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2020-08-14 20:29 - 2020-08-14 20:29 - 000122880 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Inter op.dll
2013-02-23 00:11 - 2013-02-23 00:11 - 000090112 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.Common.dll
2013-02-23 00:12 - 2013-02-23 00:12 - 000029696 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Interop.dll
2013-02-23 00:11 - 2013-02-23 00:11 - 000038400 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Logging.dll
Reply With Quote
  #8  
Old February 21st, 2021, 11:29 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
FRST64 Scan Part 2 -==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> DefaultScope {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2020-07-11 20:46 - 2020-07-11 20:46 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;% SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT %\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\Sy stem32\OpenSSH\;C:\Program Files\Common Files\NeatReceipts\Drivers\M12\
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele\AppData\Local\Microsoft\Windows\The mes\RoamedThemeFiles\DesktopBackground\venice 6.jpg
HKU\S-1-5-21-3842255837-3436847461-3918225103-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{933E377D-ABC5-468B-93AC-DADE6B2C54BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4007F4FA-2B3E-4A5A-84A4-367775D3F9A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EFBFF624-85EA-4EB4-B0CB-AE2E7E1EE095}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [UDP Query User{48709466-9B36-434E-AEA0-0DF45B9BFC97}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{35FF8A67-A859-4F1B-BCA9-2133A1C71A89}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{40998A15-BA9B-4E37-85C8-B0426E88DB7A}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{C29E846E-8040-4D80-A2D3-86D5506B3F46}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FEFD4A0D-25F6-41D2-89B9-864A7C3A14D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AACD10F-9026-4A7C-AB25-197715BB546D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{F9D2C818-0C21-4893-BF55-A8FCAF167251}] => (Allow) LPort=54925
FirewallRules: [{8F31D18F-892E-4920-8A2F-42B9EFBBFA46}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3A5DB7A7-7521-48B5-8D7B-D5FB4430C09F}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EAFF5570-08C7-4A05-B17F-CAECBB4F0D3B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C9431988-EDB0-40C2-9979-5B54897119E6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7DD7E813-1748-4667-A103-DE84AD2AFD89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96333CCA-5F54-4992-96B1-1F18585B516C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57A4C315-A5E4-44B9-88A5-F8DB5C3EC717}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{818528C3-03C8-4847-B22A-71EA3C97FD7A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2A9FCF11-2197-41D0-BBC6-0956451FD72B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B82E6AF9-975E-4593-A9D4-833FC57D2B19}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6B47270-71B0-4C97-979D-39C6CF1AD07F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C8173A4-6328-4A59-970B-04CF1E652BE8}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{12B89BA1-FAAC-4661-83D5-CFC1A1D43747}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{B4FA3753-669E-4ED1-98DF-517B1B9F8A46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{023100BA-02F8-41E1-965F-17C149DF3B8D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5FD2A7FE-B5CA-4B8E-9F66-3837A078EFF4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{705E3EF7-1C40-486F-B0F3-D1CE672D83B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{301506FF-9C01-4DE8-8957-02153789889B}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{DF23AED6-4563-4FBF-98C2-6DE1C5163175}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D85F2B87-A5CF-401F-917D-A617A3A71183}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D478E6D9-0EDF-47AC-B9B2-F2926999B93E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{82ACEA06-C493-4A0A-92CF-5277B7BD6B62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0DA36B8F-B188-411D-9791-73C3822FE8C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B16D44A-5A35-46FE-9AC5-B25CEBD38FF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8FD2D89F-AED4-42CA-B684-CADC09696277}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D854C8F7-E898-4028-8534-B4747B482413}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A01845C3-8ADB-4369-82DB-247CF6C4C23E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

19-02-2021 07:18:34 Scheduled Checkpoint
20-02-2021 08:12:47 click on a link on a webpage and another page opens

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/21/2021 04:24:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}

Error: (02/21/2021 04:23:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}

Error: (02/21/2021 02:24:34 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DESKTOP-BMEMOL4)
Description: Failed to update 1 user custom wordlist: -2147024864. Spell checking will remain available, but this user wordlist will not be updated.

Error: (02/21/2021 10:20:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}

Error: (02/21/2021 10:14:10 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}

Error: (02/21/2021 09:24:34 AM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DESKTOP-BMEMOL4)
Description: Failed to update 1 user custom wordlist: -2147024864. Spell checking will remain available, but this user wordlist will not be updated.

Error: (02/21/2021 04:36:08 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 16216 and the required size was 38560.

Error: (02/20/2021 04:10:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}


System errors:
=============
Error: (02/21/2021 12:51:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/20/2021 12:51:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/19/2021 12:51:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/18/2021 01:49:08 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/18/2021 01:19:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/18/2021 12:52:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/18/2021 11:45:46 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-BMEMOL4)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/17/2021 02:50:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-02-20 23:18:34.712
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-19 21:18:34.355
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-16 15:45:10.462
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-15 14:21:58.742
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-14 13:10:55.006
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: Dell Inc. 1.8.0 12/09/2020
Motherboard: Dell Inc. 0FK9H3
Processor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 16211.9 MB
Available physical RAM: 8710.2 MB
Total Virtual: 18643.9 MB
Available Virtual: 8901.07 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.33 GB) (Free:350.56 GB) (Protected) NTFS

\\?\Volume{8e2bc93f-dd12-4ff5-b42e-0fc3bade6af7}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.53 GB) NTFS
\\?\Volume{d0b37552-bf1b-4b39-ad62-86292094221c}\ (Image) (Fixed) (Total:12.89 GB) (Free:0.16 GB) NTFS
\\?\Volume{4988a97e-9505-4118-b14c-3180736c6216}\ (DELLSUPPORT) (Fixed) (Total:1.47 GB) (Free:0.61 GB) NTFS
\\?\Volume{7fca93ed-3a6a-4a78-a866-f52509a16548}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 476.9 GB) (Disk ID: E68B182D)

Partition: GPT.

==================== End of Addition.txt
Reply With Quote
  #9  
Old February 22nd, 2021, 08:07 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi gaesilva,

I could not see the frst.txt log.
Please do the following instructions.

Step 1:

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it to your Desktop
  • Close all open programs and browsers
  • Click I agree
  • Click Scan now
  • Allow the program to remove what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
  • When completed click View Scan Log File
  • Copy and paste the contents in your reply
Step 2:


I see that you have MalwareBytes installed.


MalwareBytes run;

Right-click on the MBAM icon and select Run as administrator to run the tool.

Click Yes to accept any security warnings that may appear.

Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.

On the left menu pane click the Settings tab, and then select the Protection tab on the top.

Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.

Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button

Note: The scan may take some time to finish, so please be patient.

If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.

While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.

The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.

Step 3:

Tweaking.com - Repair Hosts File 1.9.10

https://www.majorgeeks.com/files/det...osts_file.html

Please download the software and run it.


************************************************


Is the problem solved?
Reply With Quote
  #10  
Old February 22nd, 2021, 08:55 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
***** [ Registry ] *****

Deleted HKCU\Software\ParetoLogic
Deleted HKLM\SOFTWARE\Classes\Unknown\shell\openas\command |FileCure.old
Deleted HKLM\Software\Wow6432Node\ParetoLogic

***** [ Chromium (and derivatives) ] *****

Deleted SwagButton - gngocbkfmikdgphklgmmehbjjlfgdemm

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.SmartByte Folder C:\Program Files\RIVET NETWORKS
Deleted Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E03220 04-99F2-48D6-AF2E-DD3676189680}
Deleted Preinstalled.SmartByte Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartByt e Telemetry
Deleted Preinstalled.SmartByte Task C:\Windows\System32\Tasks\SMARTBYTE TELEMETRY


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3562 octets] - [22/02/2021 14:52:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Reply With Quote
  #11  
Old February 22nd, 2021, 09:15 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
I am not able to do step 2. I run Malwarebytes as an administrator but my panes are not the same as what you mention. My first pane is Detection History with No items quarantined. ( I did scan it) My next pane is a scanner and the only thing I can do there is to scan. And the last (3rd) pane gives real-time protection.
Web Protection on.
Malware Protection on.
Ransomware Protection on.
Exploit Protection on.
I did a premium trial to see if that would bring up the other panes you speak about. But the panes are the same.
I did not go on to step 3 as I had not completely step 2.
Please advise. Thank you.
Gae

How can I become a subscriber?
Reply With Quote
  #12  
Old February 22nd, 2021, 09:36 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Quote:
I am not able to do step 2. I run Malwarebytes as an administrator but my panes are not the same as what you mention
The software is updated rapidly and continuously. Therefore some differences are normal.

----------------------------------------

Gae, run the software as an administrator. Quarantine all found. and share the log with me. Then do step 3, please.
Reply With Quote
  #13  
Old February 22nd, 2021, 10:15 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/22/21
Scan Time: 3:01 PM
Log File: b8fa39ea-7548-11eb-ab5d-84c5a6b2f281.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37399
License: Free

-System Information-
OS: Windows 10 (Build 18363.1379)
CPU: x64
File System: NTFS
User: DESKTOP-BMEMOL4\gaele

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 303444
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
Reply With Quote
  #14  
Old February 22nd, 2021, 10:29 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
Log:
Repair Hosts File
Start (2/22/2021 4:27:54 PM)
Running Repair Under System Account
Done (2/22/2021 4:27:57 PM)

Total Repair Time: 00:00:03
Reply With Quote
  #15  
Old February 22nd, 2021, 10:34 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
I rebooted my computer and the same problem keeps occurring. Did I miss a step or something?
Thank you,
Gae
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
every click a new window opens Soudager Malware Removal 27 May 19th, 2018 12:30 AM
A new window opens with every click Soudager Windows 7 1 February 26th, 2016 03:32 AM
Google opens another webpage jklauer Internet / Browsers 1 January 25th, 2009 11:33 PM
link opens pop-up window DJoe Web Development & Graphic Design 7 October 2nd, 2005 09:27 PM
Click on MP3 link, file opens in same browser window w/MediaPlayer,but file doesnt DL wh00t Windows 98 4 March 6th, 2002 04:55 AM


All times are GMT +1. The time now is 02:20 PM.