View Single Post
  #23  
Old February 24th, 2021, 02:54 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 77
Posts: 159
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2021
Ran by gaele (24-02-2021 08:45:56) Run:1
Running from C:\Users\gaele\Desktop
Loaded Profiles: gaele & Visitor
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start:
CloseProcesses:
CreateRestorePoint:

SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> DefaultScope {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
C:\Windows\system32\drivers\etc\hosts.ics
FirewallRules: [{35FF8A67-A859-4F1B-BCA9-2133A1C71A89}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{40998A15-BA9B-4E37-85C8-B0426E88DB7A}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\MountPoints2: {1067b956-92b4-11ea-9428-84c5a6b2f281} - "E:\LaunchU3.exe" -a
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR HomePage: Default -> hxxp://www.ighome.com/
CHR StartupUrls: Default -> "hxxp://www.ighome.com/?t=429193"
CHR NewTab: Default -> Not-active:"chrome-extension://conoiojhfhpoboccndegeemkpgkcnkoe/new-tab.html"
CHR Extension: (Flash Player for Web) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcakfkioeanhfiojkchcndahga gcidbd [2020-11-06]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding}
S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X]
S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X]
S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X]
S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X]
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
C:\Windows\invcol.tmp
C:\Users\gaele\Downloads\jdk-15.0.2_windows-x64_bin.exe
C:\Users\gaele\AppData\Local\resmon.resmoncfg

Folder: C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D}

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R

CMD: Bitsadmin /Reset /Allusers
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FD7D2FD-D155-4799-A076-B1F10B3316D9} => removed successfully
C:\Windows\system32\drivers\etc\hosts.ics => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{35FF8 A67-A859-4F1B-BCA9-2133A1C71A89}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{40998 A15-BA9B-4E37-85C8-B0426E88DB7A}" => removed successfully
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{1067b956-92b4-11ea-9428-84c5a6b2f281} => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome NewTab" => removed successfully
CHR Extension: (Flash Player for Web) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcakfkioeanhfiojkchcndahga gcidbd [2020-11-06] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \hdokiejnpimakedhajhdlcegeplioahd => removed successfully
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding} => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\RAPSService => removed successfully
RAPSService => service removed successfully
HKLM\System\CurrentControlSet\Services\RNDBWM => removed successfully
RNDBWM => service removed successfully
HKLM\System\CurrentControlSet\Services\SmartByte Analytics Service => removed successfully
SmartByte Analytics Service => service removed successfully
HKLM\System\CurrentControlSet\Services\SmartByte Network Service x64 => removed successfully
SmartByte Network Service x64 => service removed successfully
HKLM\System\CurrentControlSet\Services\WsAppServic e => removed successfully
WsAppService => service removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully
HKLM\System\CurrentControlSet\Services\SmbCoSvc => removed successfully
SmbCoSvc => service removed successfully
C:\Windows\invcol.tmp => moved successfully
C:\Users\gaele\Downloads\jdk-15.0.2_windows-x64_bin.exe => moved successfully
C:\Users\gaele\AppData\Local\resmon.resmoncfg => moved successfully

========================= Folder: C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D} ========================

2021-02-03 00:06 - 2021-01-20 07:04 - 024769536 ____A [DB2DF4C15817826C19B4C6C288D3E91C] () C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D}\DellUpdateApp.msi

====== End of Folder: ======


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "C:\Windows\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {646D5569-6E15-4ECD-B1F7-0525E6BDE797}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 9 while it has its media disconnected.
No operation can be performed on Local Area Connection* 10 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940::1
IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940:2101:c565:e44f:1daf
Temporary IPv6 Address. . . . . . : 2601:6c5:204:1940:c176:ac70:1a8:696d
Link-local IPv6 Address . . . . . : fe80::2101:c565:e44f:1daf%17
Default Gateway . . . . . . . . . : fe80::e298:61ff:fef9:7040%17

Wireless LAN adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 9 while it has its media disconnected.
No operation can be performed on Local Area Connection* 10 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940::1
IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940:2101:c565:e44f:1daf
Temporary IPv6 Address. . . . . . : 2601:6c5:204:1940:c176:ac70:1a8:696d
Link-local IPv6 Address . . . . . : fe80::2101:c565:e44f:1daf%17
IPv4 Address. . . . . . . . . . . : 192.168.0.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::e298:61ff:fef9:7040%17
192.168.0.1

Wireless LAN adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53638380 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 9978682 B
Edge => 120 B
Chrome => 886443008 B
Firefox => 0 B
Opera => 152356 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 217392532 B
systemprofile32 => 217392951 B
LocalService => 217404329 B
NetworkService => 230247041 B
gaele => 254478809 B
Visitor => 254527849 B

RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:46:31 ====
Reply With Quote