Topic: click a link on a webpage and an incorrect tab opens
View Single Post
  #4  
Old February 21st, 2021, 11:19 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
  
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
Part 2 FRST==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> DefaultScope {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2020-07-11 20:46 - 2020-07-11 20:46 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;% SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT %\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\Sy stem32\OpenSSH\;C:\Program Files\Common Files\NeatReceipts\Drivers\M12\
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele\AppData\Local\Microsoft\Windows\The mes\RoamedThemeFiles\DesktopBackground\venice 6.jpg
HKU\S-1-5-21-3842255837-3436847461-3918225103-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{933E377D-ABC5-468B-93AC-DADE6B2C54BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4007F4FA-2B3E-4A5A-84A4-367775D3F9A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EFBFF624-85EA-4EB4-B0CB-AE2E7E1EE095}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [UDP Query User{48709466-9B36-434E-AEA0-0DF45B9BFC97}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{35FF8A67-A859-4F1B-BCA9-2133A1C71A89}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{40998A15-BA9B-4E37-85C8-B0426E88DB7A}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{C29E846E-8040-4D80-A2D3-86D5506B3F46}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FEFD4A0D-25F6-41D2-89B9-864A7C3A14D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AACD10F-9026-4A7C-AB25-197715BB546D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{F9D2C818-0C21-4893-BF55-A8FCAF167251}] => (Allow) LPort=54925
FirewallRules: [{8F31D18F-892E-4920-8A2F-42B9EFBBFA46}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3A5DB7A7-7521-48B5-8D7B-D5FB4430C09F}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EAFF5570-08C7-4A05-B17F-CAECBB4F0D3B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C9431988-EDB0-40C2-9979-5B54897119E6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7DD7E813-1748-4667-A103-DE84AD2AFD89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96333CCA-5F54-4992-96B1-1F18585B516C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57A4C315-A5E4-44B9-88A5-F8DB5C3EC717}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{818528C3-03C8-4847-B22A-71EA3C97FD7A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2A9FCF11-2197-41D0-BBC6-0956451FD72B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B82E6AF9-975E-4593-A9D4-833FC57D2B19}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6B47270-71B0-4C97-979D-39C6CF1AD07F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C8173A4-6328-4A59-970B-04CF1E652BE8}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{12B89BA1-FAAC-4661-83D5-CFC1A1D43747}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{B4FA3753-669E-4ED1-98DF-517B1B9F8A46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{023100BA-02F8-41E1-965F-17C149DF3B8D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5FD2A7FE-B5CA-4B8E-9F66-3837A078EFF4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{705E3EF7-1C40-486F-B0F3-D1CE672D83B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{301506FF-9C01-4DE8-8957-02153789889B}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{DF23AED6-4563-4FBF-98C2-6DE1C5163175}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D85F2B87-A5CF-401F-917D-A617A3A71183}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D478E6D9-0EDF-47AC-B9B2-F2926999B93E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{82ACEA06-C493-4A0A-92CF-5277B7BD6B62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0DA36B8F-B188-411D-9791-73C3822FE8C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B16D44A-5A35-46FE-9AC5-B25CEBD38FF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8FD2D89F-AED4-42CA-B684-CADC09696277}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D854C8F7-E898-4028-8534-B4747B482413}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A01845C3-8ADB-4369-82DB-247CF6C4C23E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

19-02-2021 07:18:34 Scheduled Checkpoint
20-02-2021 08:12:47 click on a link on a webpage and another page opens

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/21/2021 04:24:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Reply With Quote