Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #16  
Old February 22nd, 2021, 10:47 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Quote:
Originally Posted by gaesilva View Post
I rebooted my computer and the same problem keeps occurring. Did I miss a step or something?
Thank you,
Gae
Let's check again.

Which browsers the problem is happening.

Please post a fresh FRST logfile for my review. (Frst.txt and Additional.txt)

Run the software as an administrator. Your logs must be complete.
Reply With Quote


  #17  
Old February 22nd, 2021, 11:13 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 74
Posts: 127
It only happens in chrome. I just checked that out. I'll go back and do FRST again.
Reply With Quote
  #18  
Old February 22nd, 2021, 11:55 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 74
Posts: 127
This is the 1st part of FRST. Had to split into 2 sections due to restrictions on much I can put on this message.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2021
Ran by gaele (administrator) on DESKTOP-BMEMOL4 (Dell Inc. Inspiron 5490 AIO) (22-02-2021 17:49:25)
Running from C:\Users\gaele\Desktop
Loaded Profiles: gaele & Visitor
Platform: Windows 10 Home Version 1909 18363.1379 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe
() [File not signed] C:\Program Files (x86)\Dell\DELLOSD\MediaButtons.exe
(Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Ambient Software) C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktop Wallpapers_1.2.17.0_neutral__agy8jafheqhng\LiveWal lpaper\LiveWallpaper.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <40>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.e xe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64 .exe
(GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal .inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms .inf_amd64_c0fd909ca6e7d672\LMS.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\DriverStore\FileRepository\igc c_dch.inf_amd64_5b19dfe7970a7139\OneApp.IGCC.WinSe rvice.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_cb5b3ac4d6a4f65a\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui _dch.inf_amd64_cb5b3ac4d6a4f65a\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_6f434727639750b3\IntelCpHDCPSvc.ex e
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iig d_dch.inf_amd64_6f434727639750b3\IntelCpHeciSvc.ex e
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ias torac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.100 1.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.52 1.2012.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.52 1.2012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.7240.285\DSAPI.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHand ler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHand ler64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(The Neat Company) [File not signed] C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Two Pilots) [File not signed] C:\Windows\VPDAgent_x64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_f9e3e5f664173b9e\WavesSysSvc64. exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1141544 2020-09-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_f9e3e5f664173b9e\WavesSvc64.exe [1774688 2020-09-03] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConn ectWelcome.exe [345848 2019-06-20] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [47432 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [31048 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1941352 2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [Google Update] => C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\GoogleUpdateCore.exe [216392 2021-02-04] (Google LLC -> Google LLC)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [com.squirrel.MightyText.MightyText] => C:\Users\gaele\AppData\Local\MightyText\Update.exe [1845096 2020-01-09] (Openphone Inc. -> GitHub)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [Opera Browser Assistant] => C:\Users\gaele\AppData\Local\Programs\Opera\assist ant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Run: [GoogleChromeAutoLaunch_346B33A8A6A436AE5B8CF58AA44 48B06] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\MountPoints2: {1067b956-92b4-11ea-9428-84c5a6b2f281} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-3842255837-3436847461-3918225103-1002\...\Run: [033C58EC75C39EFAEF85CCD0D5647A974F26D65B._service_ run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-3842255837-3436847461-3918225103-1002\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1941352 2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\sdtnm: C:\Windows\system32\sdtnpm.dll [54784 2013-02-04] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [Neat ADF Scanner 2008] -> reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [Send To Neat] -> reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\88.1.8016.153\Installer\chrmst p.exe [2021-02-22] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Inst aller\chrmstp.exe [2021-02-17] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update UWP App.lnk [2021-02-03]
ShortcutTarget: Update UWP App.lnk -> C:\Program Files (x86)\LastPass\lpwinmetro\AppxUpgradeUwp.exe (LogMeIn, Inc. -> )
Startup: C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Republic Anywhere.lnk [2020-05-24]
ShortcutTarget: Republic Anywhere.lnk -> C:\Users\gaele\AppData\Local\republicanywhere\Repu blic Anywhere.exe (Republic Wireless) [File not signed]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0285E833-D864-456E-8EFC-3E7229EA4F93} - System32\Tasks\LastPassUpdater => C:\Program Files (x86)\LastPass\Updater\Updater.exe [1311896 2021-02-01] (LogMeIn, Inc. -> )
Task: {2217CCEB-545B-4453-90F5-022FB2F10607} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {232F261F-0912-4C66-8D77-5A64D4646754} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-10] (Google LLC -> Google LLC)
Task: {27C02305-36DB-4BCA-81E1-7611DB32ECC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {48FEC2CC-E892-45B4-9827-8CACD998C055} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842255837-3436847461-3918225103-1001UA => C:\Users\gaele\AppData\Local\Google\Update\GoogleU pdate.exe [156104 2020-04-15] (Google LLC -> Google LLC)
Task: {4FD375BF-A56F-4C39-BB02-6FCB9E7D7554} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-10] (Google LLC -> Google LLC)
Task: {5DB44407-F1BF-41C8-B3AF-90AB4BAAC954} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2212528 2021-02-09] (Piriform Software Ltd -> Piriform Software)
Task: {6A0F5864-404C-4355-B3C3-4AC0FAAD43AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A915A96-F5DE-4D08-A9CF-FF168A316838} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842255837-3436847461-3918225103-1001Core => C:\Users\gaele\AppData\Local\Google\Update\GoogleU pdate.exe [156104 2020-04-15] (Google LLC -> Google LLC)
Task: {6ABD9897-6129-45EB-BC90-107D3E39DDC3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistIns taller.exe [1059336 2021-01-09] (Dell Inc -> Dell Inc.)
Task: {7A34AA52-6105-43EF-85A8-F9E0C581CBBF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2021-02-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7D2D2F59-060F-403A-870A-19ED98466BEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3993520 2021-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BB5647F-36DD-487A-9611-885768699D58} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A53EC253-657F-44F2-B822-BE6849BB28B3} - System32\Tasks\Opera scheduled Autoupdate 1586963616 => C:\Users\gaele\AppData\Local\Programs\Opera\launch er.exe [1793688 2021-02-09] (Opera Software AS -> Opera Software)
Task: {B25CB064-CDB6-4162-866A-3D97B72B8C39} - System32\Tasks\Opera scheduled assistant Autoupdate 1586963619 => C:\Users\gaele\AppData\Local\Programs\Opera\launch er.exe [1793688 2021-02-09] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\gaele\AppData\Local\Programs\Opera\ assistant" $(Arg0)
Task: {C46DBE07-CFD4-41DF-B8D0-2AC3368B9084} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3993520 2021-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {C87F6FE0-FBB0-428F-84FD-D9DFFC063CF1} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2212528 2021-02-09] (Piriform Software Ltd -> Piriform Software)
Task: {CF2004DE-56B5-439A-BEEC-A85E33238735} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
Task: {D5CF7EEE-7717-4533-8308-85369472AE28} - System32\Tasks\McAfee\McAfee OOBE Patch Telemetry => C:\Program Files\Common Files\McAfee\ModuleCore\DayZeroOOBEFix_64.exe
Task: {DA422CCE-5080-463C-9DA8-E0BE04D941F2} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
Task: {F28937E0-D1F5-43CD-8E37-464A6E1A6CCD} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2856304 2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE6F7A2B-E738-4945-9B48-850427C2ACDE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115016 2021-02-19] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a7d613dd-68ec-4097-9f3c-c61be58faf6c}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{c76d63f1-4c67-40db-af51-2ccd243db0e6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c852c696-7e4e-4fc8-8a69-c1e46d51141f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{fdbe0fd9-069b-4bed-ba02-d532ed97c19f}: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Notifications: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> hxxps://www.facebook.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-22]
Edge HomePage: Default -> hxxp://www.msn.com/?pc=DCTE
Edge Extension: (Google Translate) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb [2020-07-04]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmm ooekmp [2021-02-16]
Edge Extension: (Gmail Screenshot by cloudHQ) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\boepdnhlmfleonjnaoaemgcggp poikog [2020-12-25]
Edge Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblc afcmpi [2020-07-04]
Edge Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoa lclacl [2020-09-21]
Edge Extension: (Google Calendar) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmh kjfich [2021-01-15]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakgh emolmg [2021-02-03]
Edge Extension: (Mileage Calculator by wheretocredit.com) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gomddcmabinakjildbgfoabbia kfkkfk [2020-12-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjj edodee [2021-02-03]
Edge Extension: (Organize Downloads by Date) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ipjljbilkibpncgnagphiamkkd ilbbki [2020-07-04]
Edge Extension: (Pinterest Save Button) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfcjijcigimhjjdimpghneggne giphhh [2020-07-04]
Edge Extension: (RetailMeNot Deal Finder™️) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jjfblogammkiefalfpafidabbn amoknm [2021-02-17]
Edge Extension: (Capital One Shopping: Save in seconds) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikf cefljn [2021-02-18]
Edge Extension: (Copy me that!) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lkmcogbnaohagegccoghdcjmgd ibjfig [2020-07-04]
Edge Extension: (RSS Subscription Extension (by Google)) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmm mcbfjd [2020-07-26]
Edge Extension: (Twinword Finder) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npghlhgagddknpcccbgncondbk dpehof [2020-07-04]
Edge Extension: (Click to start / stop recording) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2020-12-02]
Edge Extension: (Password Checkup extension) - C:\Users\gaele\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pncabnpcffmalkkjpajodfhijc lecjno [2020-09-21]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-07-31] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3 .dll [2021-01-26] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3 .dll [2021-01-26] (Piriform Software Ltd -> Piriform Software)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default [2021-02-22]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxp://www.ighome.com/
CHR StartupUrls: Default -> "hxxp://www.ighome.com/?t=429193"
CHR NewTab: Default -> Not-active:"chrome-extension://conoiojhfhpoboccndegeemkpgkcnkoe/new-tab.html"
CHR DefaultSearchURL: Default -> hxxps://weather.srch0.com/?q={searchTerms}&a=gsb_mka_00_00
CHR DefaultSearchKeyword: Default -> accuweather
CHR DefaultSuggestURL: Default -> hxxps://weather.srch0.com/suggest?q={searchTerms}&a=gsb_mka_00_00
CHR Extension: (Google Translate) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb [2020-04-14]
CHR Extension: (Slides) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2020-04-14]
CHR Extension: (Docs) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2020-04-14]
CHR Extension: (Google Drive) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2020-04-14]
CHR Extension: (Gmail Screenshot by cloudHQ) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\boepdnhlmfleonjnaoaemgcggp poikog [2020-12-06]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfco pglcmi [2021-02-22]
CHR Extension: (EnoŽ from Capital OneŽ) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbcli hgmdje [2021-02-04]
CHR Extension: (Accuweather) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\conoiojhfhpoboccndegeemkpg kcnkoe [2020-11-17]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblc afcmpi [2020-04-14]
CHR Extension: (Google Play Music) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgp gfmobi [2020-11-19]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoa lclacl [2020-09-15]
CHR Extension: (Sheets) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2020-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-18]
CHR Extension: (The Camelizer) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbam fndblo [2020-11-18]
CHR Extension: (Google Calendar) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmh kjfich [2021-01-09]
CHR Extension: (SwagButton) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjl fgdemm [2021-02-22]
CHR Extension: (Pinterest Save Button) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmk opogic [2020-12-09]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegep lioahd [2021-02-10]
CHR Extension: (mysms - SMS from Computer) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnoko lhblgb [2020-04-14]
CHR Extension: (Kindle Cloud Reader) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjj eneebd [2020-04-14]
CHR Extension: (Google Play Music) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcf okfdhg [2020-04-14]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjj edodee [2021-02-02]
CHR Extension: (Organize Downloads by Date) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjljbilkibpncgnagphiamkkd ilbbki [2020-04-14]
CHR Extension: (Pacman) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcecjlbneginpknnnfkfijdfha edihll [2020-04-14]
CHR Extension: (Track My Package) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjgaepllcmpdbeigmojjipkffa coongo [2021-02-16]
CHR Extension: (Grammarly for Chrome) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobk ghlhen [2021-02-15]
CHR Extension: (Copy me that!) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgjinjcobiflbbnhenlfkcjpee acklfl [2020-11-08]
CHR Extension: (Classic Blue Theme) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\maejegjiekmgjakcgkdkjgjoif hihekp [2021-02-17]
CHR Extension: (Flash Player for Web) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcakfkioeanhfiojkchcndahga gcidbd [2020-11-06]
CHR Extension: (ZIP Extractor) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgog fhpbcd [2020-04-14]
CHR Extension: (Capital One Shopping: Save in seconds) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejc ehkggg [2021-02-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2021-01-28]
CHR Extension: (Password Alert) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\noondiphcddnnabmjcihcjfbhf klnnep [2020-11-08]
CHR Extension: (Switch to Classic design on Facebook™) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\oancckmjgaoejmbedngcoiakbl hacbog [2021-01-27]
CHR Extension: (Click&Clean App) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidf mibmhp [2020-04-14]
CHR Extension: (Gmail) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-22]
CHR Extension: (Click to start / stop recording) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpi celgko [2020-11-30]
CHR Extension: (Chrome Media Router) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2021-01-26]
CHR Profile: C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-02-18]
CHR Profile: C:\Users\gaele\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-18]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
Reply With Quote
  #19  
Old February 22nd, 2021, 11:56 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 74
Posts: 127
This is the 2nd part of FRST:
Opera:
=======
OPR Profile: C:\Users\gaele\AppData\Roaming\Opera Software\Opera Stable [2021-02-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding}
OPR Extension: (LastPass: Free Password Manager) - C:\Users\gaele\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2020-05-23]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\88.1.8016.153\elevation_servic e.exe [1456376 2021-02-09] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2021-02-06] (GuinpinSoft inc) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [48832 2020-11-19] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6 .0.7240.285\DSAPI.exe [985584 2021-01-17] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRe medationService.exe [19128 2021-01-29] (Dell Inc -> Dell INC.)
R2 Dell WMI Service; C:\Program Files (x86)\Dell\DELLOSD\DellOSDService.exe [118784 2019-10-08] () [File not signed]
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2021-01-19] (Dell Inc -> )
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\FileSyncHelper.exe [2194288 2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-22] (Malwarebytes Inc -> Malwarebytes)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company) [File not signed]
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\OneDriveUpdaterService.e xe [2567552 2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAge nt.exe [39432 2021-01-09] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X]
S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X]
S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X]
S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-04-08] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\Windows\System32\drivers\DBUtilDrv2.sys [24952 2021-01-08] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-02-22] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220616 2021-02-22] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-02-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-02-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142416 2021-02-22] (Malwarebytes Inc -> Malwarebytes)
S3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 17:49 - 2021-02-22 17:49 - 002301440 _____ (Farbar) C:\Users\gaele\Desktop\FRST64.exe
2021-02-22 17:49 - 2021-02-22 17:49 - 000037122 _____ C:\Users\gaele\Desktop\FRST.txt
2021-02-22 17:49 - 2021-02-22 17:49 - 000000000 ____D C:\Users\gaele\Desktop\FRST-OlderVersion
2021-02-22 17:26 - 2021-02-22 17:26 - 002301440 _____ (Farbar) C:\Users\gaele\Downloads\FRST64.exe
2021-02-22 16:37 - 2021-02-22 16:37 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-02-22 16:36 - 2021-02-22 16:36 - 002084016 _____ (Malwarebytes) C:\Users\gaele\Downloads\MBSetup.exe
2021-02-22 16:36 - 2021-02-22 16:36 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-02-22 16:36 - 2021-02-22 16:36 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-02-22 16:36 - 2021-02-22 16:36 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-02-22 16:36 - 2021-02-22 16:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-02-22 16:36 - 2021-02-22 16:36 - 000142416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-02-22 16:36 - 2021-02-22 16:36 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-02-22 16:36 - 2021-02-22 16:36 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-22 16:36 - 2021-02-22 16:36 - 000002031 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-22 16:36 - 2021-02-22 16:36 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-22 16:27 - 2021-02-22 16:30 - 000181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2021-02-22 16:27 - 2021-02-22 16:27 - 000980315 _____ C:\Users\gaele\Downloads\Tweaking.com-RepairHostsFile.exe
2021-02-22 16:27 - 2021-02-22 16:27 - 000000000 ____D C:\Users\gaele\Downloads\Tweaking.com - Repair Hosts File
2021-02-22 16:27 - 2021-02-22 16:27 - 000000000 ____D C:\Tweaking.com_Windows_Repair_Logs
2021-02-22 16:14 - 2021-02-22 16:14 - 000001230 _____ C:\Users\gaele\Desktop\Malware Scan Report.txt
2021-02-22 14:48 - 2021-02-22 14:53 - 000000000 ____D C:\AdwCleaner
2021-02-22 14:47 - 2021-02-22 14:47 - 008463216 _____ (Malwarebytes) C:\Users\gaele\Downloads\AdwCleaner.exe
2021-02-21 16:40 - 2021-02-22 17:49 - 000000000 ____D C:\FRST
2021-02-21 00:06 - 2021-02-21 00:06 - 000000000 _____ C:\Windows\invcol.tmp
2021-02-18 11:41 - 2021-02-18 11:41 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-02-18 11:40 - 2021-02-18 11:40 - 030950888 _____ (Piriform Software Ltd) C:\Users\gaele\Downloads\ccsetup577.exe
2021-02-18 10:59 - 2021-02-18 10:59 - 005865713 _____ C:\Users\gaele\Downloads\02-21_February_EN.zip
2021-02-18 10:46 - 2021-02-18 10:46 - 005865713 _____ C:\Users\gaele\Downloads\Doro Cardigan files.zip
2021-02-17 23:51 - 2021-02-17 23:51 - 000010459 _____ C:\Users\gaele\Downloads\Verandas III updated Rules & Regs 2016pdf.pdf
2021-02-17 11:33 - 2021-02-17 11:33 - 003109159 _____ C:\Users\gaele\Downloads\Cute Pouch Tips for sewing with foam - Geta's Quilting Studio.pdf
2021-02-17 11:13 - 2021-02-17 11:13 - 003076065 _____ C:\Users\gaele\Downloads\Buzzs_Toy_Sheep-y9w54t (1).pdf
2021-02-16 18:48 - 2021-02-16 18:48 - 000363549 _____ C:\Users\gaele\Downloads\Bella Frill Dress Size S.pdf
2021-02-15 14:08 - 2021-02-15 14:08 - 000086739 _____ C:\Users\gaele\Downloads\x7203.PES (2).zip
2021-02-15 14:07 - 2021-02-15 14:07 - 000086739 _____ C:\Users\gaele\Downloads\x7203.PES (1).zip
2021-02-15 14:06 - 2021-02-15 14:06 - 000086739 _____ C:\Users\gaele\Downloads\x7203.PES.zip
2021-02-15 14:03 - 2021-02-15 14:03 - 000155261 _____ C:\Users\gaele\Downloads\Face Mask files for Embroidery Machine.zip
2021-02-15 13:54 - 2021-02-15 13:54 - 000692946 _____ C:\Users\gaele\Downloads\Christmas Train.zip
2021-02-15 13:52 - 2021-02-15 13:52 - 000600057 _____ C:\Users\gaele\Downloads\16551303.zip
2021-02-15 13:51 - 2021-02-15 13:51 - 000625389 _____ C:\Users\gaele\Downloads\x15005.PES (3).zip
2021-02-15 13:50 - 2021-02-15 13:50 - 000625389 _____ C:\Users\gaele\Downloads\x15005.PES.zip
2021-02-15 13:50 - 2021-02-15 13:50 - 000625389 _____ C:\Users\gaele\Downloads\x15005.PES (2).zip
2021-02-15 13:50 - 2021-02-15 13:50 - 000625389 _____ C:\Users\gaele\Downloads\x15005.PES (1).zip
2021-02-15 12:15 - 2021-02-15 12:15 - 000000000 ____D C:\Users\gaele\AppData\LocalLow\Temp
2021-02-15 11:03 - 2021-02-15 11:03 - 000004206 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1586963616
2021-02-15 11:03 - 2021-02-15 11:03 - 000001411 _____ C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Opera Browser.lnk
2021-02-15 10:03 - 2021-02-15 10:03 - 000133776 _____ C:\Users\gaele\Desktop\Pinterest Login.html
2021-02-15 10:02 - 2021-02-15 10:03 - 000000000 ____D C:\Users\gaele\Desktop\Pinterest Login_files
2021-02-14 11:26 - 2021-02-20 21:42 - 000000000 ____D C:\Users\gaele\Documents\Projectarian
2021-02-14 11:26 - 2021-02-14 11:26 - 003076065 _____ C:\Users\gaele\Documents\Buzzs_Toy_Sheep-y9w54t.pdf
2021-02-14 11:16 - 2021-02-18 22:21 - 000000000 ____D C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Twilio Inc
2021-02-14 11:16 - 2021-02-18 22:21 - 000000000 ____D C:\Users\gaele\AppData\Local\authy
2021-02-14 09:35 - 2021-02-14 09:35 - 002117675 _____ C:\Users\gaele\Downloads\Bag Making Hardware and Supplies _ _ Andrie Designs.pdf
2021-02-13 17:11 - 2021-02-13 17:11 - 039875000 _____ (Ladislav Vojnic ) C:\Users\gaele\Downloads\SimAQUARIUM-V3.8.B68.exe
2021-02-13 12:02 - 2021-02-13 12:02 - 001011517 _____ C:\Users\gaele\Downloads\OMAFacemask (2).zip
2021-02-13 12:00 - 2021-02-13 12:00 - 001011517 _____ C:\Users\gaele\Downloads\OMAFacemask (1).zip
2021-02-13 11:59 - 2021-02-13 12:00 - 000000022 _____ C:\Users\gaele\Downloads\OMAJuly17Freebie.zip
2021-02-13 11:58 - 2021-02-13 11:58 - 001011517 _____ C:\Users\gaele\Downloads\OMAFacemask.zip
2021-02-13 08:50 - 2021-02-13 08:51 - 002390171 _____ C:\Users\gaele\Documents\01-26-16 LENNOX HOME INSPECTION.pdf
2021-02-13 01:26 - 2021-02-13 01:26 - 000019469 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2021-02-13 01:24 - 2021-02-13 01:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-02-13 01:24 - 2021-02-13 01:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-02-13 01:24 - 2021-02-13 01:24 - 001271616 _____ C:\Windows\system32\FaceTrackerInternal.dll
2021-02-13 01:24 - 2021-02-13 01:24 - 000662616 _____ C:\Windows\system32\FaceProcessorCore.dll
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth18.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth17.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth16.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth15.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2021-02-13 01:24 - 2021-02-13 01:24 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2021-02-13 01:23 - 2021-02-13 01:23 - 000232752 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-02-12 10:16 - 2021-02-12 10:16 - 000000056 _____ C:\Users\gaele\Desktop\CA Do not sell my info.url
2021-02-10 17:53 - 2021-02-20 21:17 - 000000000 ____D C:\Users\gaele\Documents\Crochet
2021-02-10 17:53 - 2021-02-10 17:53 - 003262735 _____ C:\Users\gaele\Downloads\Sundog-the-Tiger-Ears-vheyhq.pdf
2021-02-10 09:37 - 2021-02-10 09:37 - 001780747 _____ C:\Users\gaele\Downloads\Crochet Hearts Bookmark - free pattern _ Knitca.pdf
2021-02-10 09:10 - 2021-02-14 17:29 - 000466920 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-09 12:10 - 2021-02-09 12:10 - 000000000 ____D C:\Program Files (x86)\DummyDir
2021-02-09 10:04 - 2021-02-09 10:04 - 000511247 _____ C:\Users\gaele\Downloads\CAPITAL ONE DISTRIBUTION NOTICE 2021.pdf
2021-02-08 19:07 - 2021-02-08 19:07 - 000009669 _____ C:\Users\gaele\Desktop\V3 Names.xlsx
2021-02-08 19:06 - 2021-02-08 19:07 - 000009675 _____ C:\Users\gaele\Downloads\V3 Names.xlsx
2021-02-08 12:51 - 2021-02-08 12:51 - 000312056 _____ C:\Users\gaele\Downloads\Blooming-spring-Frame-BumblebeePES-ec92bc.zip
2021-02-08 11:46 - 2021-02-08 11:46 - 000003206 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-02-08 11:46 - 2021-02-08 11:46 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-08 08:09 - 2021-02-20 21:42 - 000000000 ____D C:\Users\gaele\Documents\Dog Patterns
2021-02-06 14:43 - 2021-02-06 15:09 - 000001066 _____ C:\Users\gaele\Desktop\MakeMKV.lnk
2021-02-06 14:43 - 2021-02-06 14:43 - 000000000 ____D C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\MakeMKV
2021-02-06 14:43 - 2021-02-06 14:43 - 000000000 ____D C:\Users\gaele\.MakeMKV
2021-02-06 14:43 - 2021-02-06 14:43 - 000000000 ____D C:\Program Files\Common Files\cdarbsvc
2021-02-06 14:43 - 2021-02-06 14:43 - 000000000 ____D C:\Program Files (x86)\MakeMKV
2021-02-06 14:41 - 2021-02-06 14:41 - 014403675 _____ (GuinpinSoft inc) C:\Users\gaele\Downloads\Setup_MakeMKV_v1.15.4.exe
2021-02-03 03:08 - 2021-02-03 03:08 - 000003790 _____ C:\Windows\system32\Tasks\LastPassUpdater
2021-02-03 03:08 - 2021-02-03 03:08 - 000001108 _____ C:\ProgramData\Desktop\My LastPass Vault.lnk
2021-02-03 03:08 - 2021-02-03 03:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2021-02-03 00:06 - 2021-02-03 00:06 - 000000000 ____D C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D}
2021-02-02 22:07 - 2021-02-02 22:07 - 000064221 _____ C:\Users\gaele\Desktop\December 31 2020 paycheck.pdf
2021-02-02 22:06 - 2021-02-02 22:07 - 000086167 _____ C:\Users\gaele\Desktop\Gae_Lennox_(459859)__01_23_ 2021_(Regular)_-_Complete Paycheck 2.pdf
2021-02-02 22:06 - 2021-02-02 22:06 - 000086109 _____ C:\Users\gaele\Desktop\Gae_Lennox_(459859)__01_09_ 2021_(Regular)_-_Complete paycheck.pdf
2021-02-02 08:39 - 2021-02-02 08:39 - 000195812 _____ C:\Users\gaele\Downloads\Statutes & Constitution _View Statutes _ Online Sunshine.pdf
2021-02-01 15:35 - 2021-02-01 15:35 - 000145461 _____ C:\Users\gaele\Downloads\Letter from Sandcasstle to 701.pdf
2021-02-01 15:35 - 2021-02-01 15:35 - 000000000 ____D C:\Users\gaele\Documents\Smoking in 701
2021-01-28 14:34 - 2021-01-28 14:34 - 000000000 ____D C:\Windows\twain_64
2021-01-27 16:10 - 2021-01-27 16:10 - 008078981 _____ C:\Users\gaele\Downloads\Success-With-Sewing-Lingerie.pdf
2021-01-27 10:30 - 2021-01-27 10:30 - 000100582 _____ C:\Users\gaele\Downloads\JDK 15 Documentation - Home.pdf
2021-01-27 10:29 - 2021-01-27 10:29 - 000069264 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2021-01-27 10:29 - 2021-01-27 10:29 - 000000000 ____D C:\Users\gaele\AppData\LocalLow\Oracle
2021-01-27 10:29 - 2021-01-27 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-01-27 10:29 - 2021-01-27 10:29 - 000000000 ____D C:\Program Files\Java
2021-01-27 10:29 - 2021-01-27 10:29 - 000000000 ____D C:\Program Files\Common Files\Oracle
2021-01-27 10:28 - 2021-01-27 10:28 - 167464600 _____ (Oracle Corporation) C:\Users\gaele\Downloads\jdk-15.0.2_windows-x64_bin.exe
2021-01-26 12:12 - 2021-01-26 12:12 - 000000000 ____D C:\Users\gaele\AppData\Roaming\MightyText
2021-01-26 12:00 - 2021-01-27 09:48 - 000000000 ____D C:\Users\gaele\AppData\Local\MightyText
2021-01-26 12:00 - 2021-01-26 12:00 - 000000000 ____D C:\ProgramData\gaele
2021-01-25 16:03 - 2021-01-25 16:03 - 000368150 _____ C:\Users\gaele\Documents\How to sew a dog clothes patterns - Pet Store York Shop - Clothes for a dog, Clothes for a Yorkie - Cheap accessories for dogs.pdf
2021-01-23 09:22 - 2021-01-23 09:22 - 000187197 _____ C:\Users\gaele\Documents\Juki model 1.pdf
2021-01-23 09:22 - 2021-01-23 09:22 - 000145573 _____ C:\Users\gaele\Documents\juki 2010q.pdf
2021-01-23 09:10 - 2021-01-23 09:10 - 003897028 _____ C:\Users\gaele\Documents\How To Sew A Scarf Face Mask.pdf
2021-01-23 08:58 - 2021-01-23 08:58 - 002261225 _____ C:\Users\gaele\Downloads\Ruler GL4Q-Online-Catalog.pdf
2021-01-23 08:29 - 2021-01-23 08:29 - 000025054 _____ C:\Users\gaele\Downloads\2020-Rollover-IRA-182603988-Form-1099-R-&-Instructions.pdf
2021-01-23 08:29 - 2021-01-23 08:29 - 000008427 _____ C:\Users\gaele\Downloads\2020-Rollover-IRA-182603988-Form-5498.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 17:45 - 2020-04-08 03:54 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-22 17:34 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-22 16:49 - 2020-04-08 04:00 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2021-02-22 16:36 - 2020-04-08 04:21 - 000841376 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-22 16:36 - 2019-03-18 23:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-02-22 16:36 - 2019-03-18 23:50 - 000000000 ____D C:\Windows\INF
2021-02-22 16:34 - 2020-05-24 07:29 - 000000000 ____D C:\Users\gaele\AppData\Roaming\Republic Anywhere
2021-02-22 16:34 - 2020-04-14 16:21 - 000000000 ____D C:\Program Files\CCleaner
2021-02-22 16:32 - 2020-04-14 12:55 - 000000000 __SHD C:\Users\gaele\IntelGraphicsProfiles
2021-02-22 16:32 - 2020-04-08 03:54 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-22 16:32 - 2020-04-08 03:54 - 000000000 ____D C:\Intel
2021-02-22 16:32 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-02-22 16:31 - 2019-03-18 23:37 - 000786432 _____ C:\Windows\system32\config\BBI
2021-02-22 15:59 - 2020-04-15 10:43 - 000004168 _____ C:\Windows\system32\Tasks\User_Feed_Synchronizatio n-{648796D0-ED1A-486C-A1A0-F2DCA8991F2A}
2021-02-22 11:29 - 2020-05-01 14:18 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2021-02-22 11:29 - 2020-05-01 14:18 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2021-02-20 21:19 - 2020-12-10 08:19 - 000000000 ____D C:\Users\gaele\Documents\notes
2021-02-20 11:06 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-20 11:06 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\AppReadiness
2021-02-20 09:31 - 2020-04-26 10:11 - 000000000 ____D C:\Users\gaele\Documents\Sewing Patterns
2021-02-19 15:00 - 2020-04-14 13:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-02-19 14:16 - 2020-10-01 08:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-18 18:57 - 2020-06-19 16:34 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-18 18:57 - 2020-06-19 16:34 - 000002280 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-18 11:41 - 2020-04-14 16:21 - 000000867 _____ C:\ProgramData\Desktop\CCleaner.lnk
2021-02-18 11:03 - 2020-04-23 11:41 - 000007891 _____ C:\Windows\BRRBCOM.INI
2021-02-17 12:20 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-02-17 12:10 - 2020-05-10 06:49 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-17 12:10 - 2020-05-10 06:49 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-15 14:06 - 2020-04-14 17:37 - 000000000 ____D C:\Users\gaele\Documents\Embroidery Designs
2021-02-14 17:30 - 2020-04-14 12:55 - 000000000 ___RD C:\Users\gaele\3D Objects
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\SystemResources
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\oobe
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\es-MX
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\Dism
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\ShellExperiences
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\bcastdvr
2021-02-14 17:28 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-14 11:32 - 2020-04-21 13:26 - 000000000 ____D C:\Users\gaele\Documents\Neat Data
2021-02-14 11:16 - 2020-04-16 07:45 - 000000000 ____D C:\Users\gaele\AppData\Local\SquirrelTemp
2021-02-14 09:35 - 2020-04-15 11:04 - 000000000 ____D C:\Users\gaele\Documents\Sew Sweetness Sewing Patterns
2021-02-13 01:26 - 2019-03-18 23:37 - 000000000 ____D C:\Windows\CbsTemp
2021-02-12 09:21 - 2020-04-08 03:54 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-02-10 09:10 - 2021-01-21 11:52 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-02-10 06:23 - 2020-04-14 15:59 - 000000000 ____D C:\Windows\system32\MRT
2021-02-10 06:20 - 2020-04-14 15:59 - 130141752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-02-09 12:14 - 2020-04-08 04:28 - 000000000 ____D C:\Windows\Panther
2021-02-09 12:10 - 2020-04-08 03:58 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-08 19:07 - 2020-04-14 12:55 - 000000000 ____D C:\Users\gaele\AppData\Local\Packages
2021-02-08 15:51 - 2020-06-19 16:34 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2021-02-08 15:51 - 2020-06-19 16:34 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore
2021-02-08 11:46 - 2020-09-19 04:19 - 000000000 ___RD C:\Users\Visitor\OneDrive
2021-02-08 11:46 - 2020-04-14 12:58 - 000000000 ___RD C:\Users\gaele\OneDrive
2021-02-06 14:43 - 2020-04-14 12:51 - 000000000 ____D C:\Users\gaele
2021-02-05 21:06 - 2020-07-11 09:11 - 000000000 ____D C:\Users\gaele\Documents\purse patterns
2021-02-05 20:30 - 2020-10-01 08:11 - 000916288 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-02-05 20:30 - 2020-10-01 08:11 - 000437056 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
2021-02-05 01:02 - 2020-05-10 06:46 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineU A
2021-02-05 01:02 - 2020-05-10 06:46 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineC ore
2021-02-04 23:04 - 2020-04-15 10:42 - 000003682 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842255837-3436847461-3918225103-1001UA
2021-02-04 23:04 - 2020-04-15 10:42 - 000003414 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3842255837-3436847461-3918225103-1001Core
2021-02-03 03:08 - 2020-05-23 10:01 - 000000000 ____D C:\Program Files (x86)\LastPass
2021-01-28 14:36 - 2020-04-21 13:20 - 000000000 ____D C:\ProgramData\Documents\Neat Mobile Scanner
2021-01-27 12:49 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\NDF
2021-01-27 12:40 - 2020-04-15 10:15 - 000000000 ___HD C:\Windows\msdownld.tmp
2021-01-26 12:12 - 2020-04-16 07:45 - 000000000 ____D C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\MightyText
2021-01-26 07:23 - 2020-05-01 14:18 - 000003474 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachin eUA
2021-01-26 07:23 - 2020-05-01 14:18 - 000003350 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachin eCore

==================== Files in the root of some directories ========

2020-11-07 15:57 - 2020-11-07 15:57 - 000000017 _____ () C:\Users\gaele\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt
Reply With Quote
  #20  
Old February 22nd, 2021, 11:58 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 74
Posts: 127
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2021
Ran by gaele (22-02-2021 17:50:09)
Running from C:\Users\gaele\Desktop
Windows 10 Home Version 1909 18363.1379 (X64) (2020-04-14 19:36:49)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-3842255837-3436847461-3918225103-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3842255837-3436847461-3918225103-503 - Limited - Disabled)
gaele (S-1-5-21-3842255837-3436847461-3918225103-1001 - Administrator - Enabled) => C:\Users\gaele
Guest (S-1-5-21-3842255837-3436847461-3918225103-501 - Limited - Disabled)
Visitor (S-1-5-21-3842255837-3436847461-3918225103-1002 - Limited - Enabled) => C:\Users\Visitor
WDAGUtilityAccount (S-1-5-21-3842255837-3436847461-3918225103-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 88.1.8016.153 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{81C48559-E2EB-4F18-9854-51331B9DB552}) (Version: 4.0.70.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{4674F112-9AB7-4701-AEC0-C1FD1FE7CD4E}) (Version: 2.0.8401 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{EC45CAE6-9000-43EC-B7BA-54D3D654BF21}) (Version: 5.3.2.13868 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{26e99410-cf21-40aa-9a6e-75bdd110d349}) (Version: 5.3.2.13868 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{3C4F6923-3BE1-4E6C-8DEE-9EEF1E433795}) (Version: 5.2.1.12926 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{8d32f870-d6fd-4420-b5cb-c29ac65f628d}) (Version: 5.2.1.12926 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.1.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{437102ED-22A2-4C3D-BA6B-E5ECAE798DFA}) (Version: 1.0.3.0 - DELL)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Google Photos Backup (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Google Photos Backup) (Version: 1.1.4.11 - Google, Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.8141 - Intel Corporation)
IntelŽ Software Installer (HKLM-x32\...\{4a50fa17-2911-43ed-a2a1-d3a34411e2bb}) (Version: 21.110.2.1 - Intel Corporation) Hidden
Java(TM) SE Development Kit 15.0.2 (64-bit) (HKLM\...\{2041CF7D-1F63-5C58-9F35-C445251E39C9}) (Version: 15.0.2.0 - Oracle Corporation)
LastPass (HKLM-x32\...\{E7A548B6-D49C-4A10-8EDF-BC6379E5CA9A}) (Version: 4.64.0.1986 - LogMeIn)
MakeMKV v1.15.4 (HKLM-x32\...\MakeMKV) (Version: v1.15.4 - GuinpinSoft inc)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.13628.20448 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (HKLM-x32\...\{99432E4C-1189-4887-9D75-DAA796015FFD}) (Version: 5.1.31.16 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Obsidian 0.9.20 (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\bd400747-f0c1-5638-a859-982036102edf) (Version: 0.9.20 - Obsidian)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20330 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Opera Stable 74.0.3911.107 (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\Opera 74.0.3911.107) (Version: 74.0.3911.107 - Opera Software)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9018.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.)
Republic Anywhere (HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\republicanywhere) (Version: 2.5.12 - Republic Wireless, Inc.)
Revo Uninstaller 2.1.7 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.7 - VS Revo Group, Ltd.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
SmartByte Drivers and Services (HKLM\...\{9668B1BB-D0FE-4C0C-800C-B1555E069A62}) (Version: 3.1.940 - Rivet Networks)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Wondershare TunesGo ( Version 9.6.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.6.0 - Wondershare)
YI Home (HKLM-x32\...\YI Home) (Version: 1.0.0.0_202003271500 - XiaoYi)

Packages:
=========
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0 _x64__htrsf667h5kn2 [2020-04-14] (Dell Inc)
Dell CinemaColor -> C:\Program Files\WindowsApps\PortraitDisplays.DellCinemaColor _2.2.22.0_x64__2dgmkzkw4h30c [2020-09-15] (Portrait Displays)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2. 45.0_x64__htrsf667h5kn2 [2020-07-22] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0. 70.0_x64__htrsf667h5kn2 [2021-01-19] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0 [2021-01-25] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.8.10.0_x64__htrsf667h5kn2 [2021-01-17] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86_ _htrsf667h5kn2 [2021-02-03] (Dell Inc)
Desktop Live Wallpapers -> C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktop Wallpapers_1.2.17.0_neutral__agy8jafheqhng [2020-10-10] (Ambient Software) [Startup Task]
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64 __xbfy0k16fey96 [2020-04-14] (Dropbox Inc.)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6 mqt6hf9g46tw [2020-04-15] (Fitbit)
GMX Mail -> C:\Program Files\WindowsApps\4659BB81.GMXMail_3.33.8.0_x64__9 r8rjdwa12808 [2020-09-06] (1&amp;1 Mail &amp; Media GmbH)
IntelŽ Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.3282.0_x64__8j3eq9eme6ctt [2020-12-29] (INTEL CORP) [Startup Task]
IntelŽ Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_ 3.3.0.0_x64__8j3eq9eme6ctt [2020-04-14] (INTEL CORP)
IntelŽ Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.0.1017.0_x64__8j3eq9eme6ctt [2020-11-25] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa [2020-11-18] (Apple Inc.) [Startup Task]
LastPass for Windows Desktop -> C:\Program Files\WindowsApps\LastPass.LastPass_4.5.1.0_x64__s bg7naapqq8fj [2021-02-06] (LastPass)
Match 3D - Matching Puzzle Game -> C:\Program Files\WindowsApps\23385HappyFamilyGames.Match3D-MatchingPuzzleGame_1.1.0.0_x64__pbwsxs408fxew [2021-01-04] (Happy Family Games)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.22661.0_x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.7.25.0_x64__htr sf667h5kn2 [2020-12-11] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64_ _mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Mai n_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-09] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-08-26] (Microsoft Corporation)
QR Code for Windows 10 -> C:\Program Files\WindowsApps\17036IYIA.QRCodeforWindows10_6.1 .2.0_x64__dggz0n4pnn0ge [2021-01-12] (IYIA)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_3.1.958. 0_x64__rh07ty8m5nkag [2021-01-13] (Rivet Networks LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0 [2021-02-20] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0 _x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell20 19_2.0.54.0_x64__fh4rh281wavaa [2020-04-08] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{0BAD39CB-DD3E-4F21-9156-649B0156C28E}\localserver32 -> C:\Windows\System32\DriverStore\FileRepository\wav esapo8de.inf_amd64_7c85c995bf1fb3d8\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.)
CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\gaele\AppData\Local\Google\Update\1.3.36. 72\psuser_64.dll (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-22] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.002.0104.0005\amd64\FileSyncShell64.dl l [2021-02-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-22] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\gaele\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) =============

2020-04-23 11:40 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-11-19 13:12 - 2020-11-19 13:12 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2020-04-23 11:41 - 2005-04-21 23:36 - 000143360 ____R () [File not signed] C:\Windows\system32\BrSNMP64.dll
2020-04-21 13:20 - 2013-02-04 12:00 - 000054784 _____ () [File not signed] C:\Windows\System32\sdtnpm.dll
2005-09-07 13:03 - 2005-09-07 13:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2020-04-23 11:41 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2020-04-23 11:41 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2020-04-23 11:41 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2020-04-23 11:41 - 2012-11-29 18:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2020-04-23 11:41 - 2013-01-30 14:17 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2020-04-23 11:41 - 2012-12-21 11:31 - 000078848 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2020-04-23 11:41 - 2012-12-21 11:31 - 017666560 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2020-04-23 11:41 - 2013-01-18 13:31 - 000074240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2020-04-23 11:41 - 2012-10-19 07:02 - 000087040 ____R (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Inter op.dll
2013-02-23 00:11 - 2013-02-23 00:11 - 000090112 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.Common.dll
2013-02-23 00:12 - 2013-02-23 00:12 - 000029696 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Interop.dll
2013-02-23 00:11 - 2013-02-23 00:11 - 000038400 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Logging.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> DefaultScope {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2021-02-01] (LogMeIn, Inc. -> LastPass)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2021-02-22 16:30 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

2020-07-11 20:46 - 2020-07-11 20:46 - 000000375 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;% SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT %\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\Sy stem32\OpenSSH\;C:\Program Files\Common Files\NeatReceipts\Drivers\M12\
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele\AppData\Local\Microsoft\Windows\The mes\RoamedThemeFiles\DesktopBackground\venice 6.jpg
HKU\S-1-5-21-3842255837-3436847461-3918225103-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{933E377D-ABC5-468B-93AC-DADE6B2C54BF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4007F4FA-2B3E-4A5A-84A4-367775D3F9A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EFBFF624-85EA-4EB4-B0CB-AE2E7E1EE095}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [UDP Query User{48709466-9B36-434E-AEA0-0DF45B9BFC97}C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe] => (Allow) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{35FF8A67-A859-4F1B-BCA9-2133A1C71A89}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{40998A15-BA9B-4E37-85C8-B0426E88DB7A}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{C29E846E-8040-4D80-A2D3-86D5506B3F46}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FEFD4A0D-25F6-41D2-89B9-864A7C3A14D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AACD10F-9026-4A7C-AB25-197715BB546D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{F9D2C818-0C21-4893-BF55-A8FCAF167251}] => (Allow) LPort=54925
FirewallRules: [{8F31D18F-892E-4920-8A2F-42B9EFBBFA46}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3A5DB7A7-7521-48B5-8D7B-D5FB4430C09F}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EAFF5570-08C7-4A05-B17F-CAECBB4F0D3B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C9431988-EDB0-40C2-9979-5B54897119E6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7DD7E813-1748-4667-A103-DE84AD2AFD89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96333CCA-5F54-4992-96B1-1F18585B516C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57A4C315-A5E4-44B9-88A5-F8DB5C3EC717}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{818528C3-03C8-4847-B22A-71EA3C97FD7A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2A9FCF11-2197-41D0-BBC6-0956451FD72B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B82E6AF9-975E-4593-A9D4-833FC57D2B19}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0 _x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProces s.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6B47270-71B0-4C97-979D-39C6CF1AD07F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3C8173A4-6328-4A59-970B-04CF1E652BE8}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{12B89BA1-FAAC-4661-83D5-CFC1A1D43747}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobi leConnect_3.2.9771.0_x64__0vhbc3ng4wbp0\app\DellMo bileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{B4FA3753-669E-4ED1-98DF-517B1B9F8A46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{023100BA-02F8-41E1-965F-17C149DF3B8D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5FD2A7FE-B5CA-4B8E-9F66-3837A078EFF4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{705E3EF7-1C40-486F-B0F3-D1CE672D83B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DF23AED6-4563-4FBF-98C2-6DE1C5163175}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D85F2B87-A5CF-401F-917D-A617A3A71183}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D478E6D9-0EDF-47AC-B9B2-F2926999B93E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{82ACEA06-C493-4A0A-92CF-5277B7BD6B62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0DA36B8F-B188-411D-9791-73C3822FE8C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9B16D44A-5A35-46FE-9AC5-B25CEBD38FF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8FD2D89F-AED4-42CA-B684-CADC09696277}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D854C8F7-E898-4028-8534-B4747B482413}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A01845C3-8ADB-4369-82DB-247CF6C4C23E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.153.608 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{68D1D445-492C-4A62-B4AD-AE1AFAF0E4E7}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)

==================== Restore Points =========================

19-02-2021 07:18:34 Scheduled Checkpoint
20-02-2021 08:12:47 click on a link on a webpage and another page opens
22-02-2021 14:53:26 AdwCleaner_BeforeCleaning_22/02/2021_14:53:26

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/22/2021 05:40:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {128a4bab-5f6d-4c49-b3e3-c14eab86d2a7}

Error: (02/22/2021 05:38:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {128a4bab-5f6d-4c49-b3e3-c14eab86d2a7}

Error: (02/22/2021 04:27:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}

Error: (02/22/2021 04:25:58 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (02/22/2021 02:24:34 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DESKTOP-BMEMOL4)
Description: Failed to update 1 user custom wordlist: -2147024864. Spell checking will remain available, but this user wordlist will not be updated.

Error: (02/22/2021 04:36:10 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 16048 and the required size was 40032.

Error: (02/21/2021 11:24:34 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DESKTOP-BMEMOL4)
Description: Failed to update 1 user custom wordlist: -2147024864. Spell checking will remain available, but this user wordlist will not be updated.

Error: (02/21/2021 04:24:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {52094832-517d-47e3-afca-2d6e3c95bc55}


System errors:
=============
Error: (02/22/2021 05:02:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/22/2021 04:32:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-BMEMOL4)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!A pp.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (02/22/2021 04:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RAPSService service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/22/2021 04:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SmartByte Network Service x64 service failed to start due to the following error:
The system cannot find the file specified.

Error: (02/22/2021 04:31:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (02/22/2021 04:31:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (02/22/2021 04:31:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (02/22/2021 02:53:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SmartByte Network Service service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
================
Date: 2020-09-10 22:33:57.576
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-10 22:33:55.713
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-10 22:33:55.553
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-10 22:33:55.519
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-10 22:33:55.471
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-10 22:33:55.381
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-10 22:33:55.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-07 18:03:04.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-07 18:03:02.416
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-07 18:03:02.152
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Event[10]:

Date: 2020-09-07 18:03:02.124
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Event[11]:

Date: 2020-09-07 18:03:02.093
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-20 23:18:34.712
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-19 21:18:34.355
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-16 15:45:10.462
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-15 14:21:58.742
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-14 13:10:55.006
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: Dell Inc. 1.8.0 12/09/2020
Motherboard: Dell Inc. 0FK9H3
Processor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
Percentage of memory in use: 41%
Total physical RAM: 16211.9 MB
Available physical RAM: 9500.42 MB
Total Virtual: 18643.9 MB
Available Virtual: 10855.56 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.33 GB) (Free:347.37 GB) (Protected) NTFS

\\?\Volume{8e2bc93f-dd12-4ff5-b42e-0fc3bade6af7}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.53 GB) NTFS
\\?\Volume{d0b37552-bf1b-4b39-ad62-86292094221c}\ (Image) (Fixed) (Total:12.89 GB) (Free:0.16 GB) NTFS
\\?\Volume{4988a97e-9505-4118-b14c-3180736c6216}\ (DELLSUPPORT) (Fixed) (Total:1.47 GB) (Free:0.61 GB) NTFS
\\?\Volume{7fca93ed-3a6a-4a78-a866-f52509a16548}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 476.9 GB) (Disk ID: E68B182D)

Partition: GPT.

==================== End of Addition.txt =======================
Reply With Quote
  #21  
Old February 23rd, 2021, 12:00 AM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 74
Posts: 127
I think the problem is in my Chrome settings. If I were to delete chrome and then put it back on, would I lose any of my files? This might be my only option. I sincerely thank you for your help.
Reply With Quote
  #22  
Old February 23rd, 2021, 11:14 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Hi Gae,

Quote:
Originally Posted by gaesilva View Post
I think the problem is in my Chrome settings. If I were to delete chrome and then put it back on, would I lose any of my files? This might be my only option. I sincerely thank you for your help.
You're welcome. Good evening.

--------------------------------------------------------------------

Run FRST fixlist
  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'Quote') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
Quote:
Start:
CloseProcesses:
CreateRestorePoint:

SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> DefaultScope {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
C:\Windows\system32\drivers\etc\hosts.ics
FirewallRules: [{35FF8A67-A859-4F1B-BCA9-2133A1C71A89}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{40998A15-BA9B-4E37-85C8-B0426E88DB7A}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\MountPoints2: {1067b956-92b4-11ea-9428-84c5a6b2f281} - "E:\LaunchU3.exe" -a
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR HomePage: Default -> hxxp://www.ighome.com/
CHR StartupUrls: Default -> "hxxp://www.ighome.com/?t=429193"
CHR NewTab: Default -> Not-active:"chrome-extension://conoiojhfhpoboccndegeemkpgkcnkoe/new-tab.html"
CHR Extension: (Flash Player for Web) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcakfkioeanhfiojkchcndahga gcidbd [2020-11-06]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding}
S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X]
S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X]
S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X]
S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X]
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
C:\Windows\invcol.tmp
C:\Users\gaele\Downloads\jdk-15.0.2_windows-x64_bin.exe
C:\Users\gaele\AppData\Local\resmon.resmoncfg

Folder: C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D}

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R

CMD: Bitsadmin /Reset /Allusers
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
Hosts:
EmptyTemp:
Reboot:
End
NOTICE: This script is written specifically for this computer!!!
  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press theFix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.


Any issue ?



-----------------------------------------------------------------------------
Uninstall some programs:

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove
    • SmartByte Drivers and Services (Rivet Networks LLC)
      Java(TM) SE Development Kit 15.0.2
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
Note: If you want to use Java software, you can download it from the link below.

https://www.java.com/tr/download/

--------------------------------------------------------------------------

Chrome reset and reinstall


We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.


Note: I see many add-ons in your Google Chrome browser. In particular, I recommend that you do not use the following plugin.

Flash Player for Web
--------------------------------------------------------------------------------

ESET Online Scanner

--------------------

Note: You can expect this process to take a long time, up to several hours or more.
  • Download ESET Online Scanner and save it to your Desktop
  • Right click on esetonlinescanner_enu.exe and select Run as administrator
  • Click Get started
  • Review and accept the Terms of use
  • Click Get started
  • Choose what information you would like to share or not
  • Click Continue
  • Click Full scan
  • Select Enable ESET to detect and quarantine potentially unwanted applications
  • Click Start scan
  • Once completed click Save scan log and save it to your Desktop as ESETScan.txt
  • Click Continue then finally click Close
  • Copy and paste the ESETScan.txt file contents in your reply
================================================== =

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.


  • Fixlog
  • ESET report.

Last edited by olgun52; February 24th, 2021 at 11:58 AM.
Reply With Quote
  #23  
Old February 24th, 2021, 02:54 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 74
Posts: 127
Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2021
Ran by gaele (24-02-2021 08:45:56) Run:1
Running from C:\Users\gaele\Desktop
Loaded Profiles: gaele & Visitor
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start:
CloseProcesses:
CreateRestorePoint:

SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> DefaultScope {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3842255837-3436847461-3918225103-1001 -> {2FD7D2FD-D155-4799-A076-B1F10B3316D9} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
C:\Windows\system32\drivers\etc\hosts.ics
FirewallRules: [{35FF8A67-A859-4F1B-BCA9-2133A1C71A89}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
FirewallRules: [{40998A15-BA9B-4E37-85C8-B0426E88DB7A}] => (Block) C:\program files (x86)\yihomepcclientintl\yihomepcclientintl.exe (Shanghai Xiaoyi Technology Co., Ltd. -> Shanghai Xiaoyi Technology Co., Ltd.)
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\...\MountPoints2: {1067b956-92b4-11ea-9428-84c5a6b2f281} - "E:\LaunchU3.exe" -a
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
CHR HomePage: Default -> hxxp://www.ighome.com/
CHR StartupUrls: Default -> "hxxp://www.ighome.com/?t=429193"
CHR NewTab: Default -> Not-active:"chrome-extension://conoiojhfhpoboccndegeemkpgkcnkoe/new-tab.html"
CHR Extension: (Flash Player for Web) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcakfkioeanhfiojkchcndahga gcidbd [2020-11-06]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding}
S2 RAPSService; "C:\Program Files\Rivet Networks\SmartByte\RAPSService.exe" [X]
S3 RNDBWM; "C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe" [X]
S2 SmartByte Analytics Service; "C:\Program Files\Rivet Networks\SmartByte\SmartByteAnalyticsService.exe" [X]
S2 SmartByte Network Service x64; "C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe" [X]
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare TunesGo (Win) - iOS & Android Devices\DriverInstall.exe [102624 2017-09-08] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 SmbCoSvc; C:\Windows\system32\DRIVERS\SmbCo10X64.sys [164424 2020-08-14] (Rivet Networks LLC -> Rivet Networks, LLC.)
C:\Windows\invcol.tmp
C:\Users\gaele\Downloads\jdk-15.0.2_windows-x64_bin.exe
C:\Users\gaele\AppData\Local\resmon.resmoncfg

Folder: C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D}

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R

CMD: Bitsadmin /Reset /Allusers
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FD7D2FD-D155-4799-A076-B1F10B3316D9} => removed successfully
C:\Windows\system32\drivers\etc\hosts.ics => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{35FF8 A67-A859-4F1B-BCA9-2133A1C71A89}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\{40998 A15-BA9B-4E37-85C8-B0426E88DB7A}" => removed successfully
HKU\S-1-5-21-3842255837-3436847461-3918225103-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{1067b956-92b4-11ea-9428-84c5a6b2f281} => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome NewTab" => removed successfully
CHR Extension: (Flash Player for Web) - C:\Users\gaele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcakfkioeanhfiojkchcndahga gcidbd [2020-11-06] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \hdokiejnpimakedhajhdlcegeplioahd => removed successfully
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncod ing}&oe={outputEncoding} => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\RAPSService => removed successfully
RAPSService => service removed successfully
HKLM\System\CurrentControlSet\Services\RNDBWM => removed successfully
RNDBWM => service removed successfully
HKLM\System\CurrentControlSet\Services\SmartByte Analytics Service => removed successfully
SmartByte Analytics Service => service removed successfully
HKLM\System\CurrentControlSet\Services\SmartByte Network Service x64 => removed successfully
SmartByte Network Service x64 => service removed successfully
HKLM\System\CurrentControlSet\Services\WsAppServic e => removed successfully
WsAppService => service removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully
HKLM\System\CurrentControlSet\Services\SmbCoSvc => removed successfully
SmbCoSvc => service removed successfully
C:\Windows\invcol.tmp => moved successfully
C:\Users\gaele\Downloads\jdk-15.0.2_windows-x64_bin.exe => moved successfully
C:\Users\gaele\AppData\Local\resmon.resmoncfg => moved successfully

========================= Folder: C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D} ========================

2021-02-03 00:06 - 2021-01-20 07:04 - 024769536 ____A [DB2DF4C15817826C19B4C6C288D3E91C] () C:\Windows\{6D0E596C-59BC-4529-917C-0B86AFC2823D}\DellUpdateApp.msi

====== End of Folder: ======


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "C:\Windows\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Unable to cancel {646D5569-6E15-4ECD-B1F7-0525E6BDE797}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 9 while it has its media disconnected.
No operation can be performed on Local Area Connection* 10 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940::1
IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940:2101:c565:e44f:1daf
Temporary IPv6 Address. . . . . . : 2601:6c5:204:1940:c176:ac70:1a8:696d
Link-local IPv6 Address . . . . . : fe80::2101:c565:e44f:1daf%17
Default Gateway . . . . . . . . . : fe80::e298:61ff:fef9:7040%17

Wireless LAN adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 9 while it has its media disconnected.
No operation can be performed on Local Area Connection* 10 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940::1
IPv6 Address. . . . . . . . . . . : 2601:6c5:204:1940:2101:c565:e44f:1daf
Temporary IPv6 Address. . . . . . : 2601:6c5:204:1940:c176:ac70:1a8:696d
Link-local IPv6 Address . . . . . : fe80::2101:c565:e44f:1daf%17
IPv4 Address. . . . . . . . . . . : 192.168.0.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::e298:61ff:fef9:7040%17
192.168.0.1

Wireless LAN adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53638380 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 9978682 B
Edge => 120 B
Chrome => 886443008 B
Firefox => 0 B
Opera => 152356 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 217392532 B
systemprofile32 => 217392951 B
LocalService => 217404329 B
NetworkService => 230247041 B
gaele => 254478809 B
Visitor => 254527849 B

RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:46:31 ====
Reply With Quote
  #24  
Old February 24th, 2021, 03:28 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 74
Posts: 127
I finished your instructions and uninstalled chrome and reinstalled it and still have the same problem. I will now do the EST Online Scanner and post results.
Reply With Quote
  #25  
Old February 24th, 2021, 04:07 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 74
Posts: 127
ESET Online scanner complete. No threats found.
Success! Scan completed. We didn't detect any viruses or other infections.

Any other suggestions?
Thank you.
Gae
Reply With Quote
  #26  
Old February 24th, 2021, 06:56 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Quote:
This recently started, when I click on a link within a webpage, a tab opens but it is for something that is completely different.
For example, I'm on my Amazon page and I click on "my orders", I get a new tab for Vitaly - Shop Online. I try again and I get a new tab for FlixLuv.
---------------------------------
I think the problem is in my Chrome settings.

Thank you so much for the logs and your patience. I cannot see any information that might cause the problem you are having with the machine. We have reset also your hosts file to default settings.


You can block Vitaly - Shop Online and FlixLuv links at Google chrome. The link below will help you. Please read and try to block. Report the result.

For Chrome;
Allow or block access to websites
https://support.google.com/chrome/a/.../7532419?hl=en

Thanks.
Reply With Quote
  #27  
Old February 24th, 2021, 07:04 PM
gaesilva's Avatar
gaesilva gaesilva is offline
Senior Member
 
Join Date: Oct 2004
O/S: Windows 10 Home
Location: Naples, FL
Age: 74
Posts: 127
Thank you for trying. I so appreciate your help and feedback. Still having the same problem. I'm going to submit this to chrome support and see if that helps. I hope you have a fabulous day or night where ever you may be. Thank you again.
Reply With Quote
  #28  
Old February 24th, 2021, 08:23 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,064
Quote:
Originally Posted by gaesilva View Post
Thank you for trying. I so appreciate your help and feedback. Still having the same problem. I'm going to submit this to chrome support and see if that helps. I hope you have a fabulous day or night where ever you may be. Thank you again.
You're welcome. thank you so much.

If you can't find a solution from the Google support team , please type again. We can try different solutions.

I have 2 other suggestions. I will be glad if you do.

1-Your operating system updates seem to be missing. I suggest you make your updates.

2-In any case please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process.
Have a nice day.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 05:40 PM.