|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#16
|
||||
|
||||
Quote:
Which browsers the problem is happening. Please post a fresh FRST logfile for my review. (Frst.txt and Additional.txt) Run the software as an administrator. Your logs must be complete. |
#17
|
||||
|
||||
It only happens in chrome. I just checked that out. I'll go back and do FRST again.
|
#18
|
||||
|
||||
This is the 1st part of FRST. Had to split into 2 sections due to restrictions on much I can put on this message.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2021 Ran by gaele (administrator) on DESKTOP-BMEMOL4 (Dell Inc. Inspiron 5490 AIO) (22-02-2021 17:49:25) Running from C:\Users\gaele\Desktop Loaded Profiles: gaele & Visitor Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe () [File not signed] C:\Program Files (x86)\Dell\DELLOSD\MediaButtons.exe (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Ambient Software) C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktop Wallpapers_1.2.17.0_neutral__agy8jafheqhng\LiveWal lpaper\LiveWallpaper.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <40> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.e xe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64 .exe (GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal .inf_amd64_0b214be229a13e84\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms .inf_amd64_c0fd909ca6e7d672\LMS.exe (Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igc c_dch.inf_amd64_5b19dfe7970a7139\OneApp.IGCC.WinSe rvice.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_cb5b3ac4d6a4f65a\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_cb5b3ac4d6a4f65a\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_6f434727639750b3\IntelCpHDCPSvc.ex e (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_6f434727639750b3\IntelCpHeciSvc.ex e (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ias torac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.100 1.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.52 1.2012.0_x64__8wekyb3d8bbwe\GameBar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.52 1.2012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.7240.285\DSAPI.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHand ler.exe (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHand ler64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe (The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\NeatStartupService.exe (Two Pilots) [File not signed] C:\Windows\VPDAgent_x64.exe (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_f9e3e5f664173b9e\WavesSysSvc64. exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1141544 2020-09-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe [1774688 2020-09-03] (Waves Inc -> Waves Audio Ltd.) HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConn ectWelcome.exe [345848 2019-06-20] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [47432 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [31048 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1941352 2021-02-08] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [Google Update] => C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\GoogleUpdateCore.exe [216392 2021-02-04] (Google LLC -> Google LLC) HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [com.squirrel.MightyText.MightyText] => C:\Users\gaele\AppData\Local\MightyText\Update.exe [1845096 2020-01-09] (Openphone Inc. -> GitHub) HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation) HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [Opera Browser Assistant] => C:\Users\gaele\AppData\Local\Programs\Opera\assist ant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software) HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [GoogleChromeAutoLaunch_346B33A8A6A436AE5B8CF58AA44 48B06] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\MountPoints2: {1067b956-92b4-11ea-9428-84c5a6b2f281} - "E:\LaunchU3.exe" -a HKU\S-1-5-21-3842255837-3436847461-3918225103-1002\...\Run: [033C58EC75C39EFAEF85CCD0D5647A974F26D65B._service_ run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8 HKU\S-1-5-21-3842255837-3436847461-3918225103-1002\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1941352 2021-02-08] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\sdtnm: C:\Windows\system32\sdtnpm.dll [54784 2013-02-04] () [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [Neat ADF Scanner 2008] -> reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f HKLM\Software\Microsoft\Active Setup\Installed Components: [Send To Neat] -> reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\88.1.8016.153\Installer\chrmst p.exe [2021-02-22] (Piriform Software Ltd -> Piriform Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Inst aller\chrmstp.exe [2021-02-17] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update UWP App.lnk [2021-02-03] ShortcutTarget: Update UWP App.lnk -> C:\Program Files (x86)\LastPass\lpwinmetro\AppxUpgradeUwp.exe (LogMeIn, Inc. -> ) Startup: C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Republic Anywhere.lnk [2020-05-24] ShortcutTarget: Republic Anywhere.lnk -> C:\Users\gaele\AppData\Local\republicanywhere\Repu blic Anywhere.exe (Republic Wireless) [File not signed] HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0285E833-D864-456E-8EFC-3E7229EA4F93} - System32\Tasks\LastPassUpdater => C:\Program Files (x86)\LastPass\Updater\Updater.exe [1311896 2021-02-01] (LogMeIn, Inc. -> ) Task: {2217CCEB-545B-4453-90F5-022FB2F10607} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform) Task: {232F261F-0912-4C66-8D77-5A64D4646754} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-10] (Google LLC -> Google LLC) Task: {27C02305-36DB-4BCA-81E1-7611DB32ECC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation) Task: {48FEC2CC-E892-45B4-9827-8CACD998C055} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842255837-3436847461-3918225103-1001UA => C:\Users\gaele\AppData\Local\Google\Update\GoogleU pdate.exe [156104 2020-04-15] (Google LLC -> Google LLC) Task: {4FD375BF-A56F-4C39-BB02-6FCB9E7D7554} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-10] (Google LLC -> Google LLC) Task: {5DB44407-F1BF-41C8-B3AF-90AB4BAAC954} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2212528 2021-02-09] (Piriform Software Ltd -> Piriform Software) Task: {6A0F5864-404C-4355-B3C3-4AC0FAAD43AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation) Task: {6A915A96-F5DE-4D08-A9CF-FF168A316838} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842255837-3436847461-3918225103-1001Core => C:\Users\gaele\AppData\Local\Google\Update\GoogleU pdate.exe [156104 2020-04-15] (Google LLC -> Google LLC) Task: {6ABD9897-6129-45EB-BC90-107D3E39DDC3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistIns taller.exe [1059336 2021-01-09] (Dell Inc -> Dell Inc.) Task: {7A34AA52-6105-43EF-85A8-F9E0C581CBBF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2021-02-19] (Microsoft Corporation -> Microsoft Corporation) Task: {7D2D2F59-060F-403A-870A-19ED98466BEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3993520 2021-02-12] (Microsoft Corporation -> Microsoft Corporation) Task: {9BB5647F-36DD-487A-9611-885768699D58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd) Task: {A53EC253-657F-44F2-B822-BE6849BB28B3} - System32\Tasks\Opera scheduled Autoupdate 1586963616 => C:\Users\gaele\AppData\Local\Programs\Opera\launch er.exe [1793688 2021-02-09] (Opera Software AS -> Opera Software) Task: {B25CB064-CDB6-4162-866A-3D97B72B8C39} - System32\Tasks\Opera scheduled assistant Autoupdate 1586963619 => C:\Users\gaele\AppData\Local\Programs\Opera\launch er.exe [1793688 2021-02-09] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\gaele\AppData\Local\Programs\Opera\ assistant" $(Arg0) Task: {C46DBE07-CFD4-41DF-B8D0-2AC3368B9084} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3993520 2021-02-12] (Microsoft Corporation -> Microsoft Corporation) Task: {C87F6FE0-FBB0-428F-84FD-D9DFFC063CF1} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2212528 2021-02-09] (Piriform Software Ltd -> Piriform Software) Task: {CF2004DE-56B5-439A-BEEC-A85E33238735} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software) Task: {D5CF7EEE-7717-4533-8308-85369472AE28} - System32\Tasks\McAfee\McAfee OOBE Patch Telemetry => C:\Program Files\Common Files\McAfee\ModuleCore\DayZeroOOBEFix_64.exe Task: {DA422CCE-5080-463C-9DA8-E0BE04D941F2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software) Task: {F28937E0-D1F5-43CD-8E37-464A6E1A6CCD} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2856304 2021-02-08] (Microsoft Corporation -> Microsoft Corporation) Task: {FE6F7A2B-E738-4945-9B48-850427C2ACDE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2021-02-19] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{a7d613dd-68ec-4097-9f3c-c61be58faf6c}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{c76d63f1-4c67-40db-af51-2ccd243db0e6}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{c852c696-7e4e-4fc8-8a69-c1e46d51141f}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{fdbe0fd9-069b-4bed-ba02-d532ed97c19f}: [DhcpNameServer] 192.168.0.1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ======= Edge Notifications: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> hxxps://www.facebook.com Edge DefaultProfile: Default Edge Profile: C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-22] Edge HomePage: Default -> hxxp://www.msn.com/?pc=DCTE Edge Extension: (Google Translate) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb [2020-07-04] Edge Extension: (LastPass: Free Password Manager) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmm ooekmp [2021-02-16] Edge Extension: (Gmail Screenshot by cloudHQ) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\boepdnhlmfleonjnaoaemgcggp poikog [2020-12-25] Edge Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblc afcmpi [2020-07-04] Edge Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoa lclacl [2020-09-21] Edge Extension: (Google Calendar) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmh kjfich [2021-01-15] Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakgh emolmg [2021-02-03] Edge Extension: (Mileage Calculator by wheretocredit.com) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gomddcmabinakjildbgfoabbia kfkkfk [2020-12-25] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjj edodee [2021-02-03] Edge Extension: (Organize Downloads by Date) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ipjljbilkibpncgnagphiamkkd ilbbki [2020-07-04] Edge Extension: (Pinterest Save Button) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfcjijcigimhjjdimpghneggne giphhh [2020-07-04] Edge Extension: (RetailMeNot Deal Finder™️) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jjfblogammkiefalfpafidabbn amoknm [2021-02-17] Edge Extension: (Capital One Shopping: Save in seconds) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikf cefljn [2021-02-18] Edge Extension: (Copy me that!) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lkmcogbnaohagegccoghdcjmgd ibjfig [2020-07-04] Edge Extension: (RSS Subscription Extension (by Google)) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmm mcbfjd [2020-07-26] Edge Extension: (Twinword Finder) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npghlhgagddknpcccbgncondbk dpehof [2020-07-04] Edge Extension: (Click to start / stop recording) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2020-12-02] Edge Extension: (Password Checkup extension) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pncabnpcffmalkkjpajodfhijc lecjno [2020-09-21] FireFox: ======== FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-07-31] (Google Inc -> Google, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3 .dll [2021-01-26] (Piriform Software Ltd -> Piriform Software) FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3 .dll [2021-01-26] (Piriform Software Ltd -> Piriform Software) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default [2021-02-22] CHR Notifications: Default -> hxxps://calendar.google.com CHR HomePage: Default -> hxxp://www.ighome.com/ CHR StartupUrls: Default -> "hxxp://www.ighome.com/?t=429193" CHR NewTab: Default -> Not-active:"chrome-extension://conoiojhfhpoboccndegeemkpgkcnkoe/new-tab.html" CHR DefaultSearchURL: Default -> hxxps://weather.srch0.com/?q={searchTerms}&a=gsb_mka_00_00 CHR DefaultSearchKeyword: Default -> accuweather CHR DefaultSuggestURL: Default -> hxxps://weather.srch0.com/suggest?q={searchTerms}&a=gsb_mka_00_00 CHR Extension: (Google Translate) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb [2020-04-14] CHR Extension: (Slides) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2020-04-14] CHR Extension: (Docs) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2020-04-14] CHR Extension: (Google Drive) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-21] CHR Extension: (YouTube) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2020-04-14] CHR Extension: (Gmail Screenshot by cloudHQ) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\boepdnhlmfleonjnaoaemgcggp poikog [2020-12-06] CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfco pglcmi [2021-02-22] CHR Extension: (EnoŽ from Capital OneŽ) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbcli hgmdje [2021-02-04] CHR Extension: (Accuweather) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\conoiojhfhpoboccndegeemkpg kcnkoe [2020-11-17] CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblc afcmpi [2020-04-14] CHR Extension: (Google Play Music) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgp gfmobi [2020-11-19] CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoa lclacl [2020-09-15] CHR Extension: (Sheets) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2020-04-14] CHR Extension: (Google Docs Offline) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-18] CHR Extension: (The Camelizer) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbam fndblo [2020-11-18] CHR Extension: (Google Calendar) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmh kjfich [2021-01-09] CHR Extension: (SwagButton) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjl fgdemm [2021-02-22] CHR Extension: (Pinterest Save Button) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmk opogic [2020-12-09] CHR Extension: (LastPass: Free Password Manager) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegep lioahd [2021-02-10] CHR Extension: (mysms - SMS from Computer) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnoko lhblgb [2020-04-14] CHR Extension: (Kindle Cloud Reader) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjj eneebd [2020-04-14] CHR Extension: (Google Play Music) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcf okfdhg [2020-04-14] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjj edodee [2021-02-02] CHR Extension: (Organize Downloads by Date) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjljbilkibpncgnagphiamkkd ilbbki [2020-04-14] CHR Extension: (Pacman) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcecjlbneginpknnnfkfijdfha edihll [2020-04-14] CHR Extension: (Track My Package) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjgaepllcmpdbeigmojjipkffa coongo [2021-02-16] CHR Extension: (Grammarly for Chrome) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobk ghlhen [2021-02-15] CHR Extension: (Copy me that!) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgjinjcobiflbbnhenlfkcjpee acklfl [2020-11-08] CHR Extension: (Classic Blue Theme) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\maejegjiekmgjakcgkdkjgjoif hihekp [2021-02-17] CHR Extension: (Flash Player for Web) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcakfkioeanhfiojkchcndahga gcidbd [2020-11-06] CHR Extension: (ZIP Extractor) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgog fhpbcd [2020-04-14] CHR Extension: (Capital One Shopping: Save in seconds) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejc ehkggg [2021-02-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-01-28] CHR Extension: (Password Alert) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhf klnnep [2020-11-08] CHR Extension: (Switch to Classic design on Facebook™) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\oancckmjgaoejmbedngcoiakbl hacbog [2021-01-27] CHR Extension: (Click&Clean App) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidf mibmhp [2020-04-14] CHR Extension: (Gmail) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-22] CHR Extension: (Click to start / stop recording) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2020-11-30] CHR Extension: (Chrome Media Router) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2021-01-26] CHR Profile: C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-02-18] CHR Profile: C:\Users\gaele\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-18] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] |
#19
|
||||
|
||||
This is the 2nd part of FRST:
Opera: ======= OPR Profile: C:\Users\gaele\AppData\Roaming\Opera Software\Opera Stable [2021-02-18] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding} OPR Extension: (LastPass: Free Password Manager) - C:\Users\gaele\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2020-05-23] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software) S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\88.1.8016.153\elevation_servic e.exe [1456376 2021-02-09] (Piriform Software Ltd -> Piriform Software) S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software) R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2021-02-06] (GuinpinSoft inc) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-13] (Microsoft Corporation -> Microsoft Corporation) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [48832 2020-11-19] (Dell Inc -> ) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.7240.285\DSAPI.exe [985584 2021-01-17] (PC-Doctor, Inc. -> PC-Doctor, Inc.) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe [19128 2021-01-29] (Dell Inc -> Dell INC.) R2 Dell WMI Service; C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe [118784 2019-10-08] () [File not signed] R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2021-01-19] (Dell Inc -> ) S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\FileSyncHelper.exe [2194288 2021-02-08] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-22] (Malwarebytes Inc -> Malwarebytes) R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company) [File not signed] S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\OneDriveUpdaterService.e xe [2567552 2021-02-08] (Microsoft Corporation -> Microsoft Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [39432 2021-01-09] (Dell Inc -> Dell Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare) S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X] S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X] S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X] S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-04-08] (Microsoft Corporation) [File not signed] R3 DBUtilDrv2; C:\Windows\System32\drivers\DBUtilDrv2.sys [24952 2021-01-08] (Microsoft Windows Hardware Compatibility Publisher -> ) R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-02-22] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220616 2021-02-22] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-02-22] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-02-22] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-22] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142416 2021-02-22] (Malwarebytes Inc -> Malwarebytes) S3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-22 17:49 - 2021-02-22 17:49 - 002301440 _____ (Farbar) C:\Users\gaele\Desktop\FRST64.exe 2021-02-22 17:49 - 2021-02-22 17:49 - 000037122 _____ C:\Users\gaele\Desktop\FRST.txt 2021-02-22 17:49 - 2021-02-22 17:49 - 000000000 ____D C:\Users\gaele\Desktop\FRST-OlderVersion 2021-02-22 17:26 - 2021-02-22 17:26 - 002301440 _____ (Farbar) C:\Users\gaele\Downloads\FRST64.exe 2021-02-22 16:37 - 2021-02-22 16:37 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2021-02-22 16:36 - 2021-02-22 16:36 - 002084016 _____ (Malwarebytes) C:\Users\gaele\Downloads\MBSetup.exe 2021-02-22 16:36 - 2021-02-22 16:36 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-02-22 16:36 - 2021-02-22 16:36 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-02-22 16:36 - 2021-02-22 16:36 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2021-02-22 16:36 - 2021-02-22 16:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2021-02-22 16:36 - 2021-02-22 16:36 - 000142416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2021-02-22 16:36 - 2021-02-22 16:36 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2021-02-22 16:36 - 2021-02-22 16:36 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-02-22 16:36 - 2021-02-22 16:36 - 000002031 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-02-22 16:36 - 2021-02-22 16:36 - 000000000 ____D C:\Program Files\Malwarebytes 2021-02-22 16:27 - 2021-02-22 16:30 - 000181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE 2021-02-22 16:27 - 2021-02-22 16:27 - 000980315 _____ C:\Users\gaele\Downloads\Tweaking.com-RepairHostsFile.exe 2021-02-22 16:27 - 2021-02-22 16:27 - 000000000 ____D C:\Users\gaele\Downloads\Tweaking.com - Repair Hosts File 2021-02-22 16:27 - 2021-02-22 16:27 - 000000000 ____D C:\Tweaking.com_Windows_Repair_Logs 2021-02-22 16:14 - 2021-02-22 16:14 - 000001230 _____ C:\Users\gaele\Desktop\Malware Scan Report.txt 2021-02-22 14:48 - 2021-02-22 14:53 - 000000000 ____D C:\AdwCleaner 2021-02-22 14:47 - 2021-02-22 14:47 - 008463216 _____ (Malwarebytes) C:\Users\gaele\Downloads\AdwCleaner.exe 2021-02-21 16:40 - 2021-02-22 17:49 - 000000000 ____D C:\FRST 2021-02-21 00:06 - 2021-02-21 00:06 - 000000000 _____ C:\Windows\invcol.tmp 2021-02-18 11:41 - 2021-02-18 11:41 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update 2021-02-18 11:40 - 2021-02-18 11:40 - 030950888 _____ (Piriform Software Ltd) C:\Users\gaele\Downloads\ccsetup577.exe 2021-02-18 10:59 - 2021-02-18 10:59 - 005865713 _____ C:\Users\gaele\Downloads\02-21_February_EN.zip 2021-02-18 10:46 - 2021-02-18 10:46 - 005865713 _____ C:\Users\gaele\Downloads\Doro Cardigan files.zip 2021-02-17 23:51 - 2021-02-17 23:51 - 000010459 _____ C:\Users\gaele\Downloads\Verandas III updated Rules & Regs 2016pdf.pdf 2021-02-17 11:33 - 2021-02-17 11:33 - 003109159 _____ C:\Users\gaele\Downloads\Cute Pouch Tips for sewing with foam - Geta's Quilting Studio.pdf 2021-02-17 11:13 - 2021-02-17 11:13 - 003076065 _____ C:\Users\gaele\Downloads\Buzzs_Toy_Sheep-y9w54t (1).pdf 2021-02-16 18:48 - 2021-02-16 18:48 - 000363549 _____ C:\Users\gaele\Downloads\Bella Frill Dress Size S.pdf 2021-02-15 14:08 - 2021-02-15 14:08 - 000086739 _____ C:\Users\gaele\Downloads\x7203.PES (2).zip 2021-02-15 14:07 - 2021-02-15 14:07 - 000086739 _____ C:\Users\gaele\Downloads\x7203.PES (1).zip 2021-02-15 14:06 - 2021-02-15 14:06 - 000086739 _____ C:\Users\gaele\Downloads\x7203.PES.zip 2021-02-15 14:03 - 2021-02-15 14:03 - 000155261 _____ C:\Users\gaele\Downloads\Face Mask files for Embroidery Machine.zip 2021-02-15 13:54 - 2021-02-15 13:54 - 000692946 _____ C:\Users\gaele\Downloads\Christmas Train.zip 2021-02-15 13:52 - 2021-02-15 13:52 - 000600057 _____ C:\Users\gaele\Downloads\16551303.zip 2021-02-15 13:51 - 2021-02-15 13:51 - 000625389 _____ C:\Users\gaele\Downloads\x15005.PES (3).zip 2021-02-15 13:50 - 2021-02-15 13:50 - 000625389 _____ C:\Users\gaele\Downloads\x15005.PES.zip 2021-02-15 13:50 - 2021-02-15 13:50 - 000625389 _____ C:\Users\gaele\Downloads\x15005.PES (2).zip 2021-02-15 13:50 - 2021-02-15 13:50 - 000625389 _____ C:\Users\gaele\Downloads\x15005.PES (1).zip 2021-02-15 12:15 - 2021-02-15 12:15 - 000000000 ____D C:\Users\gaele\AppData\LocalLow\Temp 2021-02-15 11:03 - 2021-02-15 11:03 - 000004206 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1586963616 2021-02-15 11:03 - 2021-02-15 11:03 - 000001411 _____ C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Opera Browser.lnk 2021-02-15 10:03 - 2021-02-15 10:03 - 000133776 _____ C:\Users\gaele\Desktop\Pinterest Login.html 2021-02-15 10:02 - 2021-02-15 10:03 - 000000000 ____D C:\Users\gaele\Desktop\Pinterest Login_files 2021-02-14 11:26 - 2021-02-20 21:42 - 000000000 ____D C:\Users\gaele\Documents\Projectarian 2021-02-14 11:26 - 2021-02-14 11:26 - 003076065 _____ C:\Users\gaele\Documents\Buzzs_Toy_Sheep-y9w54t.pdf 2021-02-14 11:16 - 2021-02-18 22:21 - 000000000 ____D C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Twilio Inc 2021-02-14 11:16 - 2021-02-18 22:21 - 000000000 ____D C:\Users\gaele\AppData\Local\authy 2021-02-14 09:35 - 2021-02-14 09:35 - 002117675 _____ C:\Users\gaele\Downloads\Bag Making Hardware and Supplies _ _ Andrie Designs.pdf 2021-02-13 17:11 - 2021-02-13 17:11 - 039875000 _____ (Ladislav Vojnic ) C:\Users\gaele\Downloads\SimAQUARIUM-V3.8.B68.exe 2021-02-13 12:02 - 2021-02-13 12:02 - 001011517 _____ C:\Users\gaele\Downloads\OMAFacemask (2).zip 2021-02-13 12:00 - 2021-02-13 12:00 - 001011517 _____ C:\Users\gaele\Downloads\OMAFacemask (1).zip 2021-02-13 11:59 - 2021-02-13 12:00 - 000000022 _____ C:\Users\gaele\Downloads\OMAJuly17Freebie.zip 2021-02-13 11:58 - 2021-02-13 11:58 - 001011517 _____ C:\Users\gaele\Downloads\OMAFacemask.zip 2021-02-13 08:50 - 2021-02-13 08:51 - 002390171 _____ C:\Users\gaele\Documents\01-26-16 LENNOX HOME INSPECTION.pdf 2021-02-13 01:26 - 2021-02-13 01:26 - 000019469 _____ C:\Windows\system32\OEMDefaultAssociations.xml 2021-02-13 01:24 - 2021-02-13 01:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2021-02-13 01:24 - 2021-02-13 01:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2021-02-13 01:24 - 2021-02-13 01:24 - 001271616 _____ C:\Windows\system32\FaceTrackerInternal.dll 2021-02-13 01:24 - 2021-02-13 01:24 - 000662616 _____ C:\Windows\system32\FaceProcessorCore.dll 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth18.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth17.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth16.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth15.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin 2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin 2021-02-13 01:23 - 2021-02-13 01:23 - 000232752 _____ C:\Windows\system32\containerdevicemanagement.dll 2021-02-12 10:16 - 2021-02-12 10:16 - 000000056 _____ C:\Users\gaele\Desktop\CA Do not sell my info.url 2021-02-10 17:53 - 2021-02-20 21:17 - 000000000 ____D C:\Users\gaele\Documents\Crochet 2021-02-10 17:53 - 2021-02-10 17:53 - 003262735 _____ C:\Users\gaele\Downloads\Sundog-the-Tiger-Ears-vheyhq.pdf 2021-02-10 09:37 - 2021-02-10 09:37 - 001780747 _____ C:\Users\gaele\Downloads\Crochet Hearts Bookmark - free pattern _ Knitca.pdf 2021-02-10 09:10 - 2021-02-14 17:29 - 000466920 _____ C:\Windows\system32\FNTCACHE.DAT 2021-02-09 12:10 - 2021-02-09 12:10 - 000000000 ____D C:\Program Files (x86)\DummyDir 2021-02-09 10:04 - 2021-02-09 10:04 - 000511247 _____ C:\Users\gaele\Downloads\CAPITAL ONE DISTRIBUTION NOTICE 2021.pdf 2021-02-08 19:07 - 2021-02-08 19:07 - 000009669 _____ C:\Users\gaele\Desktop\V3 Names.xlsx 2021-02-08 19:06 - 2021-02-08 19:07 - 000009675 _____ C:\Users\gaele\Downloads\V3 Names.xlsx 2021-02-08 12:51 - 2021-02-08 12:51 - 000312056 _____ C:\Users\gaele\Downloads\Blooming-spring-Frame-BumblebeePES-ec92bc.zip 2021-02-08 11:46 - 2021-02-08 11:46 - 000003206 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2021-02-08 11:46 - 2021-02-08 11:46 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-02-08 08:09 - 2021-02-20 21:42 - 000000000 ____D C:\Users\gaele\Documents\Dog Patterns 2021-02-06 14:43 - 2021-02-06 15:09 - 000001066 _____ C:\Users\gaele\Desktop\MakeMKV.lnk 2021-02-06 14:43 - 2021-02-06 14:43 - 000000000 ____D C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\MakeMKV 2021-02-06 14:43 - 2021-02-06 14:43 - 000000000 ____D C:\Users\gaele\.MakeMKV 2021-02-06 14:43 - 2021-02-06 14:43 - 000000000 ____D C:\Program Files\Common Files\cdarbsvc 2021-02-06 14:43 - 2021-02-06 14:43 - 000000000 ____D C:\Program Files (x86)\MakeMKV 2021-02-06 14:41 - 2021-02-06 14:41 - 014403675 _____ (GuinpinSoft inc) C:\Users\gaele\Downloads\Setup_MakeMKV_v1.15.4.exe 2021-02-03 03:08 - 2021-02-03 03:08 - 000003790 _____ C:\Windows\system32\Tasks\LastPassUpdater 2021-02-03 03:08 - 2021-02-03 03:08 - 000001108 _____ C:\ProgramData\Desktop\My LastPass Vault.lnk 2021-02-03 03:08 - 2021-02-03 03:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass 2021-02-03 00:06 - 2021-02-03 00:06 - 000000000 ____D C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D} 2021-02-02 22:07 - 2021-02-02 22:07 - 000064221 _____ C:\Users\gaele\Desktop\December 31 2020 paycheck.pdf 2021-02-02 22:06 - 2021-02-02 22:07 - 000086167 _____ C:\Users\gaele\Desktop\Gae_Lennox_(459859)__01_23_ 2021_(Regular)_-_Complete Paycheck 2.pdf 2021-02-02 22:06 - 2021-02-02 22:06 - 000086109 _____ C:\Users\gaele\Desktop\Gae_Lennox_(459859)__01_09_ 2021_(Regular)_-_Complete paycheck.pdf 2021-02-02 08:39 - 2021-02-02 08:39 - 000195812 _____ C:\Users\gaele\Downloads\Statutes & Constitution _View Statutes _ Online Sunshine.pdf 2021-02-01 15:35 - 2021-02-01 15:35 - 000145461 _____ C:\Users\gaele\Downloads\Letter from Sandcasstle to 701.pdf 2021-02-01 15:35 - 2021-02-01 15:35 - 000000000 ____D C:\Users\gaele\Documents\Smoking in 701 2021-01-28 14:34 - 2021-01-28 14:34 - 000000000 ____D C:\Windows\twain_64 2021-01-27 16:10 - 2021-01-27 16:10 - 008078981 _____ C:\Users\gaele\Downloads\Success-With-Sewing-Lingerie.pdf 2021-01-27 10:30 - 2021-01-27 10:30 - 000100582 _____ C:\Users\gaele\Downloads\JDK 15 Documentation - Home.pdf 2021-01-27 10:29 - 2021-01-27 10:29 - 000069264 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2021-01-27 10:29 - 2021-01-27 10:29 - 000000000 ____D C:\Users\gaele\AppData\LocalLow\Oracle 2021-01-27 10:29 - 2021-01-27 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2021-01-27 10:29 - 2021-01-27 10:29 - 000000000 ____D C:\Program Files\Java 2021-01-27 10:29 - 2021-01-27 10:29 - 000000000 ____D C:\Program Files\Common Files\Oracle 2021-01-27 10:28 - 2021-01-27 10:28 - 167464600 _____ (Oracle Corporation) C:\Users\gaele\Downloads\jdk-15.0.2_windows-x64_bin.exe 2021-01-26 12:12 - 2021-01-26 12:12 - 000000000 ____D C:\Users\gaele\AppData\Roaming\MightyText 2021-01-26 12:00 - 2021-01-27 09:48 - 000000000 ____D C:\Users\gaele\AppData\Local\MightyText 2021-01-26 12:00 - 2021-01-26 12:00 - 000000000 ____D C:\ProgramData\gaele 2021-01-25 16:03 - 2021-01-25 16:03 - 000368150 _____ C:\Users\gaele\Documents\How to sew a dog clothes patterns - Pet Store York Shop - Clothes for a dog, Clothes for a Yorkie - Cheap accessories for dogs.pdf 2021-01-23 09:22 - 2021-01-23 09:22 - 000187197 _____ C:\Users\gaele\Documents\Juki model 1.pdf 2021-01-23 09:22 - 2021-01-23 09:22 - 000145573 _____ C:\Users\gaele\Documents\juki 2010q.pdf 2021-01-23 09:10 - 2021-01-23 09:10 - 003897028 _____ C:\Users\gaele\Documents\How To Sew A Scarf Face Mask.pdf 2021-01-23 08:58 - 2021-01-23 08:58 - 002261225 _____ C:\Users\gaele\Downloads\Ruler GL4Q-Online-Catalog.pdf 2021-01-23 08:29 - 2021-01-23 08:29 - 000025054 _____ C:\Users\gaele\Downloads\2020-Rollover-IRA-182603988-Form-1099-R-&-Instructions.pdf 2021-01-23 08:29 - 2021-01-23 08:29 - 000008427 _____ C:\Users\gaele\Downloads\2020-Rollover-IRA-182603988-Form-5498.pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-22 17:45 - 2020-04-08 03:54 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-02-22 17:34 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-02-22 16:49 - 2020-04-08 04:00 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services 2021-02-22 16:36 - 2020-04-08 04:21 - 000841376 _____ C:\Windows\system32\PerfStringBackup.INI 2021-02-22 16:36 - 2019-03-18 23:52 - 000000000 ___HD C:\Windows\ELAMBKUP 2021-02-22 16:36 - 2019-03-18 23:50 - 000000000 ____D C:\Windows\INF 2021-02-22 16:34 - 2020-05-24 07:29 - 000000000 ____D C:\Users\gaele\AppData\Roaming\Republic Anywhere 2021-02-22 16:34 - 2020-04-14 16:21 - 000000000 ____D C:\Program Files\CCleaner 2021-02-22 16:32 - 2020-04-14 12:55 - 000000000 __SHD C:\Users\gaele\IntelGraphicsProfiles 2021-02-22 16:32 - 2020-04-08 03:54 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-02-22 16:32 - 2020-04-08 03:54 - 000000000 ____D C:\Intel 2021-02-22 16:32 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2021-02-22 16:31 - 2019-03-18 23:37 - 000786432 _____ C:\Windows\system32\config\BBI 2021-02-22 15:59 - 2020-04-15 10:43 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronizatio n-{648796D0-ED1A-486C-A1A0-F2DCA8991F2A} 2021-02-22 11:29 - 2020-05-01 14:18 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk 2021-02-22 11:29 - 2020-05-01 14:18 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser 2021-02-20 21:19 - 2020-12-10 08:19 - 000000000 ____D C:\Users\gaele\Documents\notes 2021-02-20 11:06 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps 2021-02-20 11:06 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\AppReadiness 2021-02-20 09:31 - 2020-04-26 10:11 - 000000000 ____D C:\Users\gaele\Documents\Sewing Patterns 2021-02-19 15:00 - 2020-04-14 13:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-02-19 14:16 - 2020-10-01 08:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-02-18 18:57 - 2020-06-19 16:34 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-02-18 18:57 - 2020-06-19 16:34 - 000002280 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-02-18 11:41 - 2020-04-14 16:21 - 000000867 _____ C:\ProgramData\Desktop\CCleaner.lnk 2021-02-18 11:03 - 2020-04-23 11:41 - 000007891 _____ C:\Windows\BRRBCOM.INI 2021-02-17 12:20 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2021-02-17 12:10 - 2020-05-10 06:49 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-02-17 12:10 - 2020-05-10 06:49 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2021-02-15 14:06 - 2020-04-14 17:37 - 000000000 ____D C:\Users\gaele\Documents\Embroidery Designs 2021-02-14 17:30 - 2020-04-14 12:55 - 000000000 ___RD C:\Users\gaele\3D Objects 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\SystemResources 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\oobe 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\es-MX 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\Dism 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\ShellExperiences 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\PolicyDefinitions 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\bcastdvr 2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\System 2021-02-14 11:32 - 2020-04-21 13:26 - 000000000 ____D C:\Users\gaele\Documents\Neat Data 2021-02-14 11:16 - 2020-04-16 07:45 - 000000000 ____D C:\Users\gaele\AppData\Local\SquirrelTemp 2021-02-14 09:35 - 2020-04-15 11:04 - 000000000 ____D C:\Users\gaele\Documents\Sew Sweetness Sewing Patterns 2021-02-13 01:26 - 2019-03-18 23:37 - 000000000 ____D C:\Windows\CbsTemp 2021-02-12 09:21 - 2020-04-08 03:54 - 000000000 ____D C:\Windows\system32\Drivers\wd 2021-02-10 09:10 - 2021-01-21 11:52 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2021-02-10 06:23 - 2020-04-14 15:59 - 000000000 ____D C:\Windows\system32\MRT 2021-02-10 06:20 - 2020-04-14 15:59 - 130141752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-02-09 12:14 - 2020-04-08 04:28 - 000000000 ____D C:\Windows\Panther 2021-02-09 12:10 - 2020-04-08 03:58 - 000000000 ____D C:\ProgramData\Package Cache 2021-02-08 19:07 - 2020-04-14 12:55 - 000000000 ____D C:\Users\gaele\AppData\Local\Packages 2021-02-08 15:51 - 2020-06-19 16:34 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA 2021-02-08 15:51 - 2020-06-19 16:34 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore 2021-02-08 11:46 - 2020-09-19 04:19 - 000000000 ___RD C:\Users\Visitor\OneDrive 2021-02-08 11:46 - 2020-04-14 12:58 - 000000000 ___RD C:\Users\gaele\OneDrive 2021-02-06 14:43 - 2020-04-14 12:51 - 000000000 ____D C:\Users\gaele 2021-02-05 21:06 - 2020-07-11 09:11 - 000000000 ____D C:\Users\gaele\Documents\purse patterns 2021-02-05 20:30 - 2020-10-01 08:11 - 000916288 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll 2021-02-05 20:30 - 2020-10-01 08:11 - 000437056 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll 2021-02-05 01:02 - 2020-05-10 06:46 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineU A 2021-02-05 01:02 - 2020-05-10 06:46 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineC ore 2021-02-04 23:04 - 2020-04-15 10:42 - 000003682 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842255837-3436847461-3918225103-1001UA 2021-02-04 23:04 - 2020-04-15 10:42 - 000003414 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842255837-3436847461-3918225103-1001Core 2021-02-03 03:08 - 2020-05-23 10:01 - 000000000 ____D C:\Program Files (x86)\LastPass 2021-01-28 14:36 - 2020-04-21 13:20 - 000000000 ____D C:\ProgramData\Documents\Neat Mobile Scanner 2021-01-27 12:49 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\NDF 2021-01-27 12:40 - 2020-04-15 10:15 - 000000000 ___HD C:\Windows\msdownld.tmp 2021-01-26 12:12 - 2020-04-16 07:45 - 000000000 ____D C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\MightyText 2021-01-26 07:23 - 2020-05-01 14:18 - 000003474 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachin eUA 2021-01-26 07:23 - 2020-05-01 14:18 - 000003350 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachin eCore ==================== Files in the root of some directories ======== 2020-11-07 15:57 - 2020-11-07 15:57 - 000000017 _____ () C:\Users\gaele\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt |
#20
|
||||
|
||||
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2021
Ran by gaele (22-02-2021 17:50:09) Running from C:\Users\gaele\Desktop Windows 10 Home Version 1909 18363.1379 (X64) (2020-04-14 19:36:49) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-3842255837-3436847461-3918225103-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3842255837-3436847461-3918225103-503 - Limited - Disabled) gaele (S-1-5-21-3842255837-3436847461-3918225103-1001 - Administrator - Enabled) => C:\Users\gaele Guest (S-1-5-21-3842255837-3436847461-3918225103-501 - Limited - Disabled) Visitor (S-1-5-21-3842255837-3436847461-3918225103-1002 - Limited - Enabled) => C:\Users\Visitor WDAGUtilityAccount (S-1-5-21-3842255837-3436847461-3918225103-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform) CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 88.1.8016.153 - Piriform Software) CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden Dell Digital Delivery Services (HKLM-x32\...\{81C48559-E2EB-4F18-9854-51331B9DB552}) (Version: 4.0.70.0 - Dell Inc.) Dell Mobile Connect Drivers (HKLM\...\{4674F112-9AB7-4701-AEC0-C1FD1FE7CD4E}) (Version: 2.0.8401 - Screenovate Technologies Ltd.) Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.) Dell SupportAssist Remediation (HKLM\...\{EC45CAE6-9000-43EC-B7BA-54D3D654BF21}) (Version: 5.3.2.13868 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{26e99410-cf21-40aa-9a6e-75bdd110d349}) (Version: 5.3.2.13868 - Dell Inc.) Dell Update - SupportAssist Update Plugin (HKLM\...\{3C4F6923-3BE1-4E6C-8DEE-9EEF1E433795}) (Version: 5.2.1.12926 - Dell Inc.) Hidden Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{8d32f870-d6fd-4420-b5cb-c29ac65f628d}) (Version: 5.2.1.12926 - Dell Inc.) Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.1.0 - Dell Inc.) DELLOSD (HKLM-x32\...\{437102ED-22A2-4C3D-BA6B-E5ECAE798DFA}) (Version: 1.0.3.0 - DELL) Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC) Google Photos Backup (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.8141 - Intel Corporation) IntelŽ Software Installer (HKLM-x32\...\{4a50fa17-2911-43ed-a2a1-d3a34411e2bb}) (Version: 21.110.2.1 - Intel Corporation) Hidden Java(TM) SE Development Kit 15.0.2 (64-bit) (HKLM\...\{2041CF7D-1F63-5C58-9F35-C445251E39C9}) (Version: 15.0.2.0 - Oracle Corporation) LastPass (HKLM-x32\...\{E7A548B6-D49C-4A10-8EDF-BC6379E5CA9A}) (Version: 4.64.0.1986 - LogMeIn) MakeMKV v1.15.4 (HKLM-x32\...\MakeMKV) (Version: v1.15.4 - GuinpinSoft inc) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - ) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.13628.20448 - Microsoft Corporation) Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company) Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company) Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company) Neat Core Files (HKLM-x32\...\{99432E4C-1189-4887-9D75-DAA796015FFD}) (Version: 5.1.31.16 - The Neat Company) Hidden Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company) Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company) Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company) Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Obsidian 0.9.20 (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\bd400747-f0c1-5638-a859-982036102edf) (Version: 0.9.20 - Obsidian) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20330 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden Opera Stable 74.0.3911.107 (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Opera 74.0.3911.107) (Version: 74.0.3911.107 - Opera Software) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9018.1 - Realtek Semiconductor Corp.) Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.) Republic Anywhere (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\republicanywhere) (Version: 2.5.12 - Republic Wireless, Inc.) Revo Uninstaller 2.1.7 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.7 - VS Revo Group, Ltd.) Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company) SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks) VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN) Wondershare TunesGo ( Version 9.6.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.6.0 - Wondershare) YI Home (HKLM-x32\...\YI Home) (Version: 1.0.0.0_202003271500 - XiaoYi) Packages: ========= Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0 _x64__htrsf667h5kn2 [2020-04-14] (Dell Inc) Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor _2.2.22.0_x64__2dgmkzkw4h30c [2020-09-15] (Portrait Displays) Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2. 45.0_x64__htrsf667h5kn2 [2020-07-22] (Dell Inc) Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0. 70.0_x64__htrsf667h5kn2 [2021-01-19] (Dell Inc) Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-01-25] (Screenovate Technologies) [Startup Task] Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.8.10.0_x64__htrsf667h5kn2 [2021-01-17] (Dell Inc) Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86_ _htrsf667h5kn2 [2021-02-03] (Dell Inc) Desktop Live Wallpapers -> C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktop Wallpapers_1.2.17.0_neutral__agy8jafheqhng [2020-10-10] (Ambient Software) [Startup Task] Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64 __xbfy0k16fey96 [2020-04-14] (Dropbox Inc.) Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6 mqt6hf9g46tw [2020-04-15] (Fitbit) GMX Mail -> C:\Program Files\WindowsApps\4659BB81.GMXMail_3.33.8.0_x64__9 r8rjdwa12808 [2020-09-06] (1&1 Mail & Media GmbH) IntelŽ Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.3282.0_x64__8j3eq9eme6ctt [2020-12-29] (INTEL CORP) [Startup Task] IntelŽ Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_ 3.3.0.0_x64__8j3eq9eme6ctt [2020-04-14] (INTEL CORP) IntelŽ Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.0.1017.0_x64__8j3eq9eme6ctt [2020-11-25] (INTEL CORP) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa [2020-11-18] (Apple Inc.) [Startup Task] LastPass for Windows Desktop -> C:\Program Files\WindowsApps\LastPass.LastPass_4.5.1.0_x64__s bg7naapqq8fj [2021-02-06] (LastPass) Match 3D - Matching Puzzle Game -> C:\Program Files\WindowsApps\23385HappyFamilyGames.Match3D-MatchingPuzzleGame_1.1.0.0_x64__pbwsxs408fxew [2021-01-04] (Happy Family Games) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad] MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.22661.0_x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.7.25.0_x64__htr sf667h5kn2 [2020-12-11] (Dell Inc) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64_ _mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Mai n_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-09] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-08-26] (Microsoft Corporation) QR Code for Windows 10 -> C:\Program Files\WindowsApps\17036IYIA.QRCodeforWindows10_6.1 .2.0_x64__dggz0n4pnn0ge [2021-01-12] (IYIA) SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.958. 0_x64__rh07ty8m5nkag [2021-01-13] (Rivet Networks LLC) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0 [2021-02-20] (Spotify AB) [Startup Task] Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0 _x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell20 19_2.0.54.0_x64__fh4rh281wavaa [2020-04-08] (Waves Audio) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_7c85c995bf1fb3d8\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.) CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll (Google LLC -> Google LLC) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-22] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-22] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi ==================== Loaded Modules (Whitelisted) ============= 2020-04-23 11:40 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2020-11-19 13:12 - 2020-11-19 13:12 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll 2020-04-23 11:41 - 2005-04-21 23:36 - 000143360 ____R () [File not signed] C:\Windows\system32\BrSNMP64.dll 2020-04-21 13:20 - 2013-02-04 12:00 - 000054784 _____ () [File not signed] C:\Windows\System32\sdtnpm.dll 2005-09-07 13:03 - 2005-09-07 13:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll 2020-04-23 11:41 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2020-04-23 11:41 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll 2020-04-23 11:41 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll 2020-04-23 11:41 - 2012-11-29 18:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2020-04-23 11:41 - 2013-01-30 14:17 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll 2020-04-23 11:41 - 2012-12-21 11:31 - 000078848 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll 2020-04-23 11:41 - 2012-12-21 11:31 - 017666560 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll 2020-04-23 11:41 - 2013-01-18 13:31 - 000074240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll 2020-04-23 11:41 - 2012-10-19 07:02 - 000087040 ____R (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll 2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Inter op.dll 2013-02-23 00:11 - 2013-02-23 00:11 - 000090112 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.Common.dll 2013-02-23 00:12 - 2013-02-23 00:12 - 000029696 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Interop.dll 2013-02-23 00:11 - 2013-02-23 00:11 - 000038400 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Logging.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=DCTE HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> DefaultScope {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed] BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-18 23:49 - 2021-02-22 16:30 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 2020-07-11 20:46 - 2020-07-11 20:46 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;% SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT %\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\Sy stem32\OpenSSH\;C:\Program Files\Common Files\NeatReceipts\Drivers\M12\ HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele\AppData\Local\Microsoft\Windows\The mes\RoamedThemeFiles\DesktopBackground\venice 6.jpg HKU\S-1-5-21-3842255837-3436847461-3918225103-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "WavesSvc" HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "Opera Browser Assistant" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{933E377D-ABC5-468B-93AC-DADE6B2C54BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4007F4FA-2B3E-4A5A-84A4-367775D3F9A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{EFBFF624-85EA-4EB4-B0CB-AE2E7E1EE095}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.) FirewallRules: [UDP Query User{48709466-9B36-434E-AEA0-0DF45B9BFC97}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.) FirewallRules: [{35FF8A67-A859-4F1B-BCA9-2133A1C71A89}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.) FirewallRules: [{40998A15-BA9B-4E37-85C8-B0426E88DB7A}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.) FirewallRules: [{C29E846E-8040-4D80-A2D3-86D5506B3F46}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FEFD4A0D-25F6-41D2-89B9-864A7C3A14D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2AACD10F-9026-4A7C-AB25-197715BB546D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed] FirewallRules: [{F9D2C818-0C21-4893-BF55-A8FCAF167251}] => (Allow) LPort=54925 FirewallRules: [{8F31D18F-892E-4920-8A2F-42B9EFBBFA46}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{3A5DB7A7-7521-48B5-8D7B-D5FB4430C09F}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{EAFF5570-08C7-4A05-B17F-CAECBB4F0D3B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C9431988-EDB0-40C2-9979-5B54897119E6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{7DD7E813-1748-4667-A103-DE84AD2AFD89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{96333CCA-5F54-4992-96B1-1F18585B516C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{57A4C315-A5E4-44B9-88A5-F8DB5C3EC717}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{818528C3-03C8-4847-B22A-71EA3C97FD7A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2A9FCF11-2197-41D0-BBC6-0956451FD72B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B82E6AF9-975E-4593-A9D4-833FC57D2B19}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F6B47270-71B0-4C97-979D-39C6CF1AD07F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3C8173A4-6328-4A59-970B-04CF1E652BE8}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) FirewallRules: [{12B89BA1-FAAC-4661-83D5-CFC1A1D43747}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.) FirewallRules: [{B4FA3753-669E-4ED1-98DF-517B1B9F8A46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{023100BA-02F8-41E1-965F-17C149DF3B8D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{5FD2A7FE-B5CA-4B8E-9F66-3837A078EFF4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{705E3EF7-1C40-486F-B0F3-D1CE672D83B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DF23AED6-4563-4FBF-98C2-6DE1C5163175}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{D85F2B87-A5CF-401F-917D-A617A3A71183}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D478E6D9-0EDF-47AC-B9B2-F2926999B93E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{82ACEA06-C493-4A0A-92CF-5277B7BD6B62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0DA36B8F-B188-411D-9791-73C3822FE8C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9B16D44A-5A35-46FE-9AC5-B25CEBD38FF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8FD2D89F-AED4-42CA-B684-CADC09696277}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D854C8F7-E898-4028-8534-B4747B482413}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A01845C3-8ADB-4369-82DB-247CF6C4C23E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{68D1D445-492C-4A62-B4AD-AE1AFAF0E4E7}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software) ==================== Restore Points ========================= 19-02-2021 07:18:34 Scheduled Checkpoint 20-02-2021 08:12:47 click on a link on a webpage and another page opens 22-02-2021 14:53:26 AdwCleaner_BeforeCleaning_22/02/2021_14:53:26 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (02/22/2021 05:40:07 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {128a4bab-5f6d-4c49-b3e3-c14eab86d2a7} Error: (02/22/2021 05:38:50 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {128a4bab-5f6d-4c49-b3e3-c14eab86d2a7} Error: (02/22/2021 04:27:15 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55} Error: (02/22/2021 04:25:58 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (02/22/2021 02:24:34 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DESKTOP-BMEMOL4) Description: Failed to update 1 user custom wordlist: -2147024864. Spell checking will remain available, but this user wordlist will not be updated. Error: (02/22/2021 04:36:10 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 16048 and the required size was 40032. Error: (02/21/2021 11:24:34 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DESKTOP-BMEMOL4) Description: Failed to update 1 user custom wordlist: -2147024864. Spell checking will remain available, but this user wordlist will not be updated. Error: (02/21/2021 04:24:21 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55} System errors: ============= Error: (02/22/2021 05:02:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4) Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout. Error: (02/22/2021 04:32:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4) Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout. Error: (02/22/2021 04:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The RAPSService service failed to start due to the following error: The system cannot find the file specified. Error: (02/22/2021 04:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SmartByte Network Service x64 service failed to start due to the following error: The system cannot find the file specified. Error: (02/22/2021 04:31:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error: (02/22/2021 04:31:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error: (02/22/2021 04:31:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\IntelIHVRouter08.dll Error: (02/22/2021 02:53:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SmartByte Network Service service failed to start due to the following error: The system cannot find the file specified. Windows Defender: ================ Date: 2020-09-10 22:33:57.576 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-10 22:33:55.713 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-10 22:33:55.553 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-10 22:33:55.519 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-10 22:33:55.471 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-10 22:33:55.381 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-10 22:33:55.380 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-07 18:03:04.380 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-07 18:03:02.416 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-07 18:03:02.152 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Event[10]: Date: 2020-09-07 18:03:02.124 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Event[11]: Date: 2020-09-07 18:03:02.093 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2021-02-20 23:18:34.712 Description: Windows Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-02-19 21:18:34.355 Description: Windows Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-02-16 15:45:10.462 Description: Windows Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-02-15 14:21:58.742 Description: Windows Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-02-14 13:10:55.006 Description: Windows Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan ==================== Memory info =========================== BIOS: Dell Inc. 1.8.0 12/09/2020 Motherboard: Dell Inc. 0FK9H3 Processor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz Percentage of memory in use: 41% Total physical RAM: 16211.9 MB Available physical RAM: 9500.42 MB Total Virtual: 18643.9 MB Available Virtual: 10855.56 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:461.33 GB) (Free:347.37 GB) (Protected) NTFS \\?\Volume{8e2bc93f-dd12-4ff5-b42e-0fc3bade6af7}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.53 GB) NTFS \\?\Volume{d0b37552-bf1b-4b39-ad62-86292094221c}\ (Image) (Fixed) (Total:12.89 GB) (Free:0.16 GB) NTFS \\?\Volume{4988a97e-9505-4118-b14c-3180736c6216}\ (DELLSUPPORT) (Fixed) (Total:1.47 GB) (Free:0.61 GB) NTFS \\?\Volume{7fca93ed-3a6a-4a78-a866-f52509a16548}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ================================================== ======== Disk: 0 (Size: 476.9 GB) (Disk ID: E68B182D) Partition: GPT. ==================== End of Addition.txt ======================= |
#21
|
||||
|
||||
I think the problem is in my Chrome settings. If I were to delete chrome and then put it back on, would I lose any of my files? This might be my only option. I sincerely thank you for your help.
|
#22
|
||||
|
||||
Hi Gae,
Quote:
-------------------------------------------------------------------- Run FRST fixlist
Quote:
Any issue ? ----------------------------------------------------------------------------- Uninstall some programs: NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list. You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
https://www.java.com/tr/download/ -------------------------------------------------------------------------- Chrome reset and reinstall We need to reset Chrome back to defaults to completely clear out what is going on. We can keep the bookmarks by exporting them - Export Bookmarks Then I need you to go Google Sync and sign into your account scroll down untill you see the "Stop and Clear" button and click on button At the prompt click on "Ok" Now we need to uninstall chrome I want you to uninstall Chrome and if asked about user data or settings then remove this also restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome After you have Chrome reinstalled please check things out and let me know how it is doing. Note: I see many add-ons in your Google Chrome browser. In particular, I recommend that you do not use the following plugin. Flash Player for Web -------------------------------------------------------------------------------- ESET Online Scanner -------------------- Note: You can expect this process to take a long time, up to several hours or more.
Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
Last edited by olgun52; February 24th, 2021 at 11:58 AM. |
#23
|
||||
|
||||
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2021
Ran by gaele (24-02-2021 08:45:56) Run:1 Running from C:\Users\gaele\Desktop Loaded Profiles: gaele & Visitor Boot Mode: Normal ============================================== fixlist content: ***************** Start: CloseProcesses: CreateRestorePoint: SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> DefaultScope {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox C:\Windows\system32\drivers\etc\hosts.ics FirewallRules: [{35FF8A67-A859-4F1B-BCA9-2133A1C71A89}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.) FirewallRules: [{40998A15-BA9B-4E37-85C8-B0426E88DB7A}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.) HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\MountPoints2: {1067b956-92b4-11ea-9428-84c5a6b2f281} - "E:\LaunchU3.exe" -a HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION CHR HomePage: Default -> hxxp://www.ighome.com/ CHR StartupUrls: Default -> "hxxp://www.ighome.com/?t=429193" CHR NewTab: Default -> Not-active:"chrome-extension://conoiojhfhpoboccndegeemkpgkcnkoe/new-tab.html" CHR Extension: (Flash Player for Web) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcakfkioeanhfiojkchcndahga gcidbd [2020-11-06] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding} S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X] S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X] S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X] S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X] R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare) S3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\invcol.tmp C:\Users\gaele\Downloads\jdk-15.0.2_windows-x64_bin.exe C:\Users\gaele\AppData\Local\resmon.resmoncfg Folder: C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D} CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R CMD: "C:\Windows\SysWOW64\lodctr.exe" /R CMD: Bitsadmin /Reset /Allusers CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog Hosts: EmptyTemp: Reboot: End ***************** Processes closed successfully. Restore point was successfully created. "HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FD7D2FD-D155-4799-A076-B1F10B3316D9} => removed successfully C:\Windows\system32\drivers\etc\hosts.ics => moved successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{35FF8 A67-A859-4F1B-BCA9-2133A1C71A89}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{40998 A15-BA9B-4E37-85C8-B0426E88DB7A}" => removed successfully HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{1067b956-92b4-11ea-9428-84c5a6b2f281} => removed successfully HKLM\SOFTWARE\Policies\Google => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully "Chrome HomePage" => removed successfully "Chrome StartupUrls" => removed successfully "Chrome NewTab" => removed successfully CHR Extension: (Flash Player for Web) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcakfkioeanhfiojkchcndahga gcidbd [2020-11-06] => Error: No automatic fix found for this entry. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \hdokiejnpimakedhajhdlcegeplioahd => removed successfully OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding} => Error: No automatic fix found for this entry. HKLM\System\CurrentControlSet\Services\RAPSService => removed successfully RAPSService => service removed successfully HKLM\System\CurrentControlSet\Services\RNDBWM => removed successfully RNDBWM => service removed successfully HKLM\System\CurrentControlSet\Services\SmartByte Analytics Service => removed successfully SmartByte Analytics Service => service removed successfully HKLM\System\CurrentControlSet\Services\SmartByte Network Service x64 => removed successfully SmartByte Network Service x64 => service removed successfully HKLM\System\CurrentControlSet\Services\WsAppServic e => removed successfully WsAppService => service removed successfully HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully WsDrvInst => service removed successfully HKLM\System\CurrentControlSet\Services\SmbCoSvc => removed successfully SmbCoSvc => service removed successfully C:\Windows\invcol.tmp => moved successfully C:\Users\gaele\Downloads\jdk-15.0.2_windows-x64_bin.exe => moved successfully C:\Users\gaele\AppData\Local\resmon.resmoncfg => moved successfully ========================= Folder: C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D} ======================== 2021-02-03 00:06 - 2021-01-20 07:04 - 024769536 ____A [DB2DF4C15817826C19B4C6C288D3E91C] () C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D}\DellUpdateApp.msi ====== End of Folder: ====== ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Error: Unable to rebuild performance counter setting from system backup store, error code is 2 ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "C:\Windows\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "C:\Windows\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= Bitsadmin /Reset /Allusers ========= BITSADMIN version 3.0 BITS administration utility. (C) Copyright Microsoft Corp. Unable to cancel {646D5569-6E15-4ECD-B1F7-0525E6BDE797}. 0 out of 1 jobs canceled. ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration No operation can be performed on Local Area Connection* 9 while it has its media disconnected. No operation can be performed on Local Area Connection* 10 while it has its media disconnected. No operation can be performed on Bluetooth Network Connection while it has its media disconnected. No operation can be performed on Wi-Fi while it has its media disconnected. Ethernet adapter Ethernet: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940::1 IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940:2101:c565:e44f:1daf Temporary IPv6 Address. . . . . . : 2601:6c5:204:1940:c176:ac70:1a8:696d Link-local IPv6 Address . . . . . : fe80::2101:c565:e44f:1daf%17 Default Gateway . . . . . . . . . : fe80::e298:61ff:fef9:7040%17 Wireless LAN adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Local Area Connection* 10: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : hsd1.fl.comcast.net. ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration No operation can be performed on Local Area Connection* 9 while it has its media disconnected. No operation can be performed on Local Area Connection* 10 while it has its media disconnected. No operation can be performed on Bluetooth Network Connection while it has its media disconnected. No operation can be performed on Wi-Fi while it has its media disconnected. Ethernet adapter Ethernet: Connection-specific DNS Suffix . : hsd1.fl.comcast.net. IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940::1 IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940:2101:c565:e44f:1daf Temporary IPv6 Address. . . . . . : 2601:6c5:204:1940:c176:ac70:1a8:696d Link-local IPv6 Address . . . . . : fe80::2101:c565:e44f:1daf%17 IPv4 Address. . . . . . . . . . . : 192.168.0.21 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : fe80::e298:61ff:fef9:7040%17 192.168.0.1 Wireless LAN adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Local Area Connection* 10: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : hsd1.fl.comcast.net. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting Compartment Forwarding, OK! Resetting Compartment, OK! Resetting Control Protocol, OK! Resetting Echo Sequence Request, OK! Resetting Global, OK! Resetting Interface, OK! Resetting Anycast Address, OK! Resetting Multicast Address, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting Potential, OK! Resetting Prefix Policy, OK! Resetting Proxy Neighbor, OK! Resetting Route, OK! Resetting Site Prefix, OK! Resetting Subinterface, OK! Resetting Wakeup Pattern, OK! Resetting Resolve Neighbor, OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting Compartment Forwarding, OK! Resetting Compartment, OK! Resetting Control Protocol, OK! Resetting Echo Sequence Request, OK! Resetting Global, OK! Resetting Interface, OK! Resetting Anycast Address, OK! Resetting Multicast Address, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting Potential, OK! Resetting Prefix Policy, OK! Resetting Proxy Neighbor, OK! Resetting Route, OK! Resetting Site Prefix, OK! Resetting Subinterface, OK! Resetting Wakeup Pattern, OK! Resetting Resolve Neighbor, OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state ON ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53638380 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 9978682 B Edge => 120 B Chrome => 886443008 B Firefox => 0 B Opera => 152356 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 217392532 B systemprofile32 => 217392951 B LocalService => 217404329 B NetworkService => 230247041 B gaele => 254478809 B Visitor => 254527849 B RecycleBin => 0 B EmptyTemp: => 2.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 08:46:31 ==== |
#24
|
||||
|
||||
I finished your instructions and uninstalled chrome and reinstalled it and still have the same problem. I will now do the EST Online Scanner and post results.
|
#25
|
||||
|
||||
ESET Online scanner complete. No threats found.
Success! Scan completed. We didn't detect any viruses or other infections. Any other suggestions? Thank you. Gae |
#26
|
||||
|
||||
Quote:
Thank you so much for the logs and your patience. I cannot see any information that might cause the problem you are having with the machine. We have reset also your hosts file to default settings. You can block Vitaly - Shop Online and FlixLuv links at Google chrome. The link below will help you. Please read and try to block. Report the result. For Chrome; Allow or block access to websites https://support.google.com/chrome/a/.../7532419?hl=en Thanks. |
#27
|
||||
|
||||
Thank you for trying. I so appreciate your help and feedback. Still having the same problem. I'm going to submit this to chrome support and see if that helps. I hope you have a fabulous day or night where ever you may be. Thank you again.
|
#28
|
||||
|
||||
Quote:
If you can't find a solution from the Google support team , please type again. We can try different solutions. I have 2 other suggestions. I will be glad if you do. 1-Your operating system updates seem to be missing. I suggest you make your updates. 2-In any case please download delfix to your desktop.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
every click a new window opens | Soudager | Malware Removal | 27 | May 19th, 2018 12:30 AM |
A new window opens with every click | Soudager | Windows 7 | 1 | February 26th, 2016 03:32 AM |
Google opens another webpage | jklauer | Internet / Browsers | 1 | January 25th, 2009 11:33 PM |
link opens pop-up window | DJoe | Web Development & Graphic Design | 7 | October 2nd, 2005 09:27 PM |
Click on MP3 link, file opens in same browser window w/MediaPlayer,but file doesnt DL | wh00t | Windows 98 | 4 | March 6th, 2002 04:55 AM |
All times are GMT +1. The time now is 04:46 PM.