I think I may have malware on my computer - Page 2

gaesilva · #16 August 14th, 2023, 02:03 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2023
Ran by gaele (14-08-2023 08:30:45)
Running from C:\Users\gaele.000\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3324 (X64) (2023-06-18 04:01:21)
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3036132105-1439115854-3050649200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3036132105-1439115854-3050649200-503 - Limited - Disabled)
gaele (S-1-5-21-3036132105-1439115854-3050649200-1000 - Administrator - Enabled) => C:\Users\gaele.000
Guest (S-1-5-21-3036132105-1439115854-3050649200-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3036132105-1439115854-3050649200-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform)
cnn (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\90da1836a8ef40533bf48bf9527efc67) (Version: 1.0 - Google\Chrome)
Dell Digital Delivery (HKLM-x32\...\{7B2D0B6F-F02D-4363-ACDF-00DE6247ACBC}) (Version: 3.5.2015.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{0ACC4393-7CDB-4512-800B-0404A9DF75E6}) (Version: 5.5.6.18729 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3238f3fe-4c2d-4438-8bfd-e6bb87adb36e}) (Version: 5.5.6.18729 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{B5318AB2-185E-408A-8ABE-0EDA416E92DB}) (Version: 4.9.0 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{74DF895B-001F-456C-BEA4-9254A3FCC5E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Google News (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\a0f47c7035a67f4ca3363535fdf90fb6) (Version: 1.0 - Google\Chrome)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel(R) Icls (HKLM\...\{8761CF94-4FD5-47A0-9F7F-5F9B23371AB4}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2218.2.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{72F03A9B-21C6-4599-95FC-FFB4D9B7F50C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{B9C358AF-2012-4BD3-A476-CAFB5761B5BC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME WMI Provider (HKLM\...\{96EC8F94-3894-4F08-8FEF-227E9F790FFC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.16626.20134 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\OneDriveSetup.exe) (Version: 23.153.0724.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\d962ca0c921f22d9) (Version: 17.1.268.13 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 116.0.2 (x64 en-US)) (Version: 116.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (HKLM-x32\...\{99432E4C-1189-4887-9D75-DAA796015FFD}) (Version: 5.1.31.16 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.22270 - Microsoft Corporation) Hidden
Opera Stable 101.0.4843.33 (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\Opera 101.0.4843.33) (Version: 101.0.4843.33 - Opera Software)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9400.1 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.17763.20082 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
SupportAssist Recovery Assistant (HKLM\...\{0A51D0FA-351E-48E2-98E3-EE1B2B7F5409}) (Version: 5.5.6.18729 - Dell Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wondershare PDFelement ( Version 9.5.10 ) (HKLM\...\{BC2AC233-DEF1-4D05-B6B8-6B46AA69E885}_is1) (Version: 9.5.10 - Wondershare)
Wondershare TunesGo ( Version 9.6.0 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\ZoomUMX) (Version: 5.15.2 (18096) - Zoom Video Communications, Inc.)

Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1. 61781.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1 005.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_ 3.14.4.0_x64__htrsf667h5kn2 [2023-07-31] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.9.14.0_x86_ _htrsf667h5kn2 [2023-07-31] (Dell Inc)
Find Duplicate Files -> C:\Program Files\WindowsApps\28686TrentTaylor.FindDuplicateFi les_0.0.0.0_x64__jcszgpz62jaz4 [2023-07-31] (Trent Taylor) [MS Ad]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1. 100.5180.0_x64__8j3eq9eme6ctt [2023-08-12] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorag eManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-07-31] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.53 1.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1. 0.50901.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.2 3.19.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.54.0_x64__ sbe4t8mqwq93a [2023-07-31] (NG PDF Lab) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2023-07-31] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.17.8040.0_x64__8wekyb3d8bbwe [2023-08-09] (Microsoft Studios) [MS Ad]
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell20 19_2.0.54.0_x64__fh4rh281wavaa [2023-07-31] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers1: [PDFelement.ContextMenu] -> {ea6c980d-7823-3752-88ac-d43b3a873d20} => C:\Program Files\Common Files\Wondershare\PDFelement9\Shell Extensions\PEShellContextMenu4.exe [2023-06-09] (Wondershare Technology Group Co.,Ltd -> Wondershare)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\ias torpinningcomponent.inf_amd64_357b728ba88fb99a\Opt aneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-18] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\gaele.000\AppData\Roaming\Microsoft\Inter net Explorer\Quick Launch\User Pinned\TaskBar\you tube music - Search.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=camhhmceiekkpjglehlcmcmaeabmidjn --app-url=hxxps://www.bing.com/search?q=you+tube+music&form=ANSPH1&refig=21b77070 ae5945899c53559d32ef0583&pc=U531 --app-launch-source=4

==================== Loaded Modules (Whitelisted) =============

2023-06-18 11:34 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2023-06-18 11:34 - 2005-04-22 00:36 - 000143360 ____R () [File not signed] C:\Windows\system32\BrSNMP64.dll
2023-06-18 09:35 - 2013-02-04 13:00 - 000054784 _____ () [File not signed] C:\Windows\System32\sdtnpm.dll
2023-06-18 11:34 - 2012-07-13 13:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2023-06-18 11:34 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2023-06-18 11:34 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2023-06-18 11:34 - 2012-11-29 19:04 - 002040832 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2023-06-18 11:30 - 2013-01-30 15:17 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2023-06-18 11:30 - 2012-12-21 12:31 - 000078848 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2023-06-18 11:30 - 2012-12-21 12:31 - 017666560 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2023-06-18 11:30 - 2013-01-18 14:31 - 000074240 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2023-06-18 11:34 - 2012-10-19 08:02 - 000087040 ____R (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2023-06-26 06:19 - 2023-06-26 06:19 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000090112 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.Common.dll
2013-02-23 04:12 - 2013-02-23 04:12 - 000029696 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Interop.dll
2013-02-23 04:11 - 2013-02-23 04:11 - 000038400 _____ (The Neat Company) [File not signed] [File is in use] C:\Program Files (x86)\Neat\exec\NeatCompany.NeatWorks.Logging.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\gaele.000\Downloads\iTunes64Setup.exe:MBA M.Zone.Identifier [231]
AlternateDataStreams: C:\Users\gaele.000\Downloads\tunesgo_setup_full271 0.exe:MBAM.Zone.Identifier [100]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\gaele.000\AppData\Local\Microsoft\Windows \Themes\RoamedThemeFiles\DesktopBackground\venice 6.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Host => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKU\S-1-5-21-3036132105-1439115854-3050649200-1000\...\StartupApproved\StartupFolder: => "OneLaunch.lnk"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2AF92735-E52F-4235-9913-E08836D3FF56}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{55FDDF1A-F12D-4878-82DE-4AB319A7F034}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A454FC25-CE19-4694-897B-1801072D6BA9}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{4389B8DD-720B-4E23-811B-798229D12A58}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{D886C8C5-B744-407D-87CC-584E96F5B010}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{1E3D2CB2-01F2-490F-A1B5-6CB666AABE1C}] => (Allow) D:\AUTORUN.EXE => No File
FirewallRules: [{8809C457-E45C-4D6A-B383-BF8D38400247}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{FDBA6ECB-F610-48B1-9BFA-90BACB968066}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{8438EDCD-56B8-4F9A-8EAE-0E2BA1375187}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{E5A5ED5A-2740-4BF3-B955-A8C739BB9659}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{AAD2956C-1729-472F-9448-00ED8E39941C}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{EA6B6508-1D7C-46B0-B095-42448D084FE7}C:\users\gaele.000\appdata\local\prog rams\opera\opera.exe] => (Block) C:\users\gaele.000\appdata\local\programs\opera\op era.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{25280E73-70BA-47BC-BA79-782371C3803F}] => (Allow) C:\Users\gaele.000\AppData\Roaming\Zoom\bin\Zoom.e xe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{13D17F2B-328C-4B26-990A-83F04653823D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C82BEFDC-D688-4604-8AD1-5573C355D81E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{91D0B12C-65CC-4E0B-8524-831A722CE131}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A96DA85B-0FC1-40FE-8702-72D3661DDA8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6D2299D1-A56B-479D-91DE-05629309F22D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2F34186-5AFB-4C2A-87A1-DBAAD106C052}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B20CD597-E92A-42E9-B7F1-EB8C6A4209A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{11222815-A0C1-4ECF-81D8-C5DBF3D792BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8CA33CEE-E480-4A86-AD6B-1072592E4957}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C7B883F6-37E3-405A-97E2-47994D3D359E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FD149D9B-6E79-40C7-9243-AF384C86253F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EC98D8E-C2B9-4A9B-88BA-EB9D0A061564}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{81F6D74F-DF02-466B-BCFB-00A2FFCF445E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0 _x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{88090BBA-D9D5-40B7-A795-467AA500FB59}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901 .203\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

27-07-2023 04:11:02 Scheduled Checkpoint
31-07-2023 13:54:59 Restore Operation
08-08-2023 03:14:29 Scheduled Checkpoint
08-08-2023 18:17:36 Windows Modules Installer
08-08-2023 18:18:01 Windows Modules Installer
08-08-2023 18:18:23 Windows Modules Installer
10-08-2023 15:52:48 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/10/2023 05:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-KJSDKU5.local already in use; will try DESKTOP-KJSDKU5-2.local instead

Error: (08/10/2023 05:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-KJSDKU5.local. Addr 169.254.47.23

Error: (08/10/2023 05:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.47.23:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67

Error: (08/10/2023 05:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA FE80:0000:0000:0000:2EA0:EEAD:6792:2B0F

Error: (08/10/2023 05:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.47.23:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67

Error: (08/10/2023 05:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:0000:0000:0000:0001

Error: (08/10/2023 05:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.47.23:5353 16 DESKTOP-KJSDKU5.local. AAAA 2601:06C5:0204:1940:9C15:AD6E:A32B:7F67

Error: (08/10/2023 05:47:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 DESKTOP-KJSDKU5.local. Addr 169.254.47.23

System errors:
=============
Error: (08/03/2023 08:07:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (08/02/2023 04:08:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {348f0158-26b9-484f-86ee-822da5ef551e}, had event 74

Error: (07/31/2023 02:42:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (07/31/2023 12:38:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/29/2023 12:27:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/27/2023 01:33:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/25/2023 04:04:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/23/2023 06:07:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Windows Defender:
================
Date: 2023-08-13 19:46:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-12 19:46:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-11 19:46:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-08 21:04:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-08-07 19:14:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-07-31 14:07:38
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0

Date: 2023-06-25 15:32:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.1857.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2023-06-25 15:32:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.391.2598.0
Previous security intelligence Version: 1.391.1857.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23050.3
Previous Engine Version: 1.1.23050.3
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2023-06-25 15:32:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.391.2598.0
Previous security intelligence Version: 1.391.1857.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.23050.3
Previous Engine Version: 1.1.23050.3
Error code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2023-08-14 08:21:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2023-08-14 08:05:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.20.0 03/08/2023
Motherboard: Dell Inc. 0FK9H3
Processor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
Percentage of memory in use: 57%
Total physical RAM: 16215.92 MB
Available physical RAM: 6840.65 MB
Total Virtual: 18647.92 MB
Available Virtual: 8258.38 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.1 GB) (Free:260.37 GB) (Model: KBG40ZNS512G NVMe KIOXIA 512GB) (Protected) NTFS

\\?\Volume{c7235e5c-943b-4583-8a2a-bf8050d16ac4}\ (WINRETOOLS) (Fixed) (Total:1.2 GB) (Free:0.2 GB) NTFS
\\?\Volume{d0b37552-bf1b-4b39-ad62-86292094221c}\ (Image) (Fixed) (Total:12.89 GB) (Free:5.98 GB) NTFS
\\?\Volume{4988a97e-9505-4118-b14c-3180736c6216}\ (DELLSUPPORT) (Fixed) (Total:1.47 GB) (Free:0.51 GB) NTFS
\\?\Volume{7fca93ed-3a6a-4a78-a866-f52509a16548}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 476.9 GB) (Disk ID: E68B182D)

Partition: GPT.

==================== End of Addition.txt =======================

**Jintan** · #17 August 16th, 2023, 05:20 PM

Not seeing any Google Chrome in that last one and no malware Chrome in the one before it. So you feel something is causing Chrome problems and I'm saying it's not malware. So I spot CCleaner. I recall getting into a disagreement with Piriform. Who creates CCleaner. And CCleaner targets Google ads, like those in Chrome.

gaesilva · #18 August 16th, 2023, 05:23 PM

Thank you. I did delete Chrome as you suggested and I use cc Cleaner. I'm going to download Chrome now and see if it works. I will let you know. Thank again for your help.

gaesilva · #19 August 16th, 2023, 06:02 PM

I downloaded Chrome and this is what came up:

Enhanced ad privacy in Chrome
We’re launching new privacy features that give you more choice over the ads you see.
Chrome notes topics of interest based on your recent browsing history. Also, sites you visit can determine what you like. Later, sites can ask for this information to show you personalized ads. You can choose which topics and sites are used to show you ads.

To measure the performance of an ad, limited types of data are shared between sites, such as the time of day an ad was shown to you.
More about ads in Chrome
You can make changes in Chrome settings

Then there are 2 boxes. One is in Blue and says Got It……the other box says setting. If I click on settings
This appears:

Ad topics
Based on your browsing history. This setting is on.
Site-suggested ads
Based on your activity on a site. This setting is on.
Ad measurement
Sites and advertisers can understand how ads perform. This setting is on.

The only way to get any further is to click on Got It. Just so you know, this enhanced privacy window opens every time I try to open Chrome. It never goes away.

Also, when I open Chrome I get a quick pop up and it disappears so fast it’s hard to copy it.
It says: Profile error occurred.
Your preferences cannot be read.
Some features may be unavailable and changes to preferences won’t be saved.
Send feedback to help us fix this issue.
Then there is a box to click and send but the message disappears and I can’t click that box.

Now I have Chrome installed, however, I can’t use it. It will not load any pages.
Do you think perhaps i need to post this in browser assistance? Thanks

**Jintan** · #20 August 16th, 2023, 06:43 PM

Sure, why not

gaesilva · #21 August 16th, 2023, 08:14 PM

Thank you for your kindness and your time. I'm glad your feeling better. Have a wonderful day.

**Jintan** · #22 August 17th, 2023, 05:04 PM

Today isn't going too roughly, now that I stop and check. My thinking in the previous conversation. CCleaner is the cause of the problem so CCleaner is the problem.