Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

Not Sure If Infected, But.................

Started by McInRantz , Mar 21 2024 02:47 PM

  • This topic is locked This topic is locked
22 replies to this topic

#1 McInRantz

McInRantz

  • Avatar image
  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 21 March 2024 - 02:47 PM

Hi all. Newby here. This is my first post other than my introduction post. I've perused this forum for years, but have never joined until now. It's nice to be aboard.

 

Anyway, for the past several months, I've been getting some strange behavior from my browser in the form of unwanted tabs opening on their own. I'm running Windows 10 and use Firefox exclusively. I run the ESR version of Firefox and it's fully updated.

 

What happens is especially noticeable on eBay. It doesn't happen all the time and it seems like it happens when I'm not looking. When it does happen, it happens after I click on a link for an item that I want to check out further. Sometimes I may leave the tab with this item open so that I might compare it with another that I check out later. Anyway, after checking out the item, I may go back to my search in the other tab and continue perusing the search results. Sometime later I may look up at the tabs on my browser and there will be 3, 4, or 5 new tabs open with related items I'm looking at, but not ones I ever clicked on. They're opening up by themselves, like there was a "delayed" opening of embedded links from one I purposely opened previously.

 

I've ran multiple online virus scanners, Malwarebytes, SuperAntiSpyware, tdsskiller..................none of them have found anything. I'm not sure what's causing this behavior, but I'd sure like it to stop.

 

I have Firefox set to open links in a new tab, which is what I prefer.

 

I just don't like multiple new tabs opening on their own when I click a single link. It has happened on some other sites, not many, and I can't even remember what they are at the moment. I think Amazon, maybe? But, none of the other sites have been like eBay. It happens every time I go there and there's no way I can tell when it's going to happen, or what link is going to result in multiple tabs opening.

 

When I've searched for this behavior, I've seen talk about where it could be a virus, or spyware related. I think a toolbar of some sort has been implicated, too. I don't have any toolbars, though.

 

If anyone can help me with this, I'd be much appreciative. Thanks everyone.


BC AdBot (Login to Remove)

 

#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 22 March 2024 - 08:59 AM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. Glad to have you signed up.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for 64 bit systems and note where the file is saved (Desktop, Downloads, etc.) <<< Important
  • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
  • Right click on the icon and select Run as administrator
  • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 McInRantz

McInRantz
  • Topic Starter

  • Avatar image
  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 23 March 2024 - 07:03 PM

Hi Oh My! Thank you for helping me. As requested, here is the information you requested, FRST.txt and Addition.txt, copied to separate windows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.03.2024 01
Ran by user (administrator) on DESKTOP-FJTG07E (Dell Inc. Precision M6600) (23-03-2024 19:43:08)
Running from C:\Users\user\Desktop\FRST64.exe
Loaded Profiles: user
Platform: Microsoft Windows 10 Home Version 1909 18363.418 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(C:\Program Files\DellTPad\Apoint.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(C:\Program Files\DellTPad\HidMonitorSvc.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <3>
(explorer.exe ->) (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(services.exe ->) (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2015-07-10] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2106936 2016-08-02] (NVIDIA Corporation -> )
HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [265216 2023-08-16] (Open-Shell) [File not signed]
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-12] (Nullsoft Inc. -> Nullsoft, Inc.)
HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\Run: [Microsoft Edge Update] => C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\1.3.185.21\MicrosoftEdgeUpdateCore.exe [267720 2024-03-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\Run: [MicrosoftEdgeAutoLaunch_8714F0D917266FE3AFB7F8BB98EEBC18] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060712 2024-03-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2023-07-22] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [152576 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {D46C3533-E2D6-4FA9-A7FF-399029E79C51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F69E7D0E-14D5-4BBF-940F-C68FCB8A2290} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {80AC35C5-1C7D-4CB8-B0DC-85E780483C54} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {49D2AA8C-CD66-4432-A7A6-12891CFFB17B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBFC4EF8-792F-45AE-A104-CD438EE70502} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3754347620-2631093848-4264505032-1001Core{68618E4C-8E78-4BA3-A8BA-4B3F735CEDEC} => C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206240 2023-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6755982-B10F-4B6B-970E-0ACFDE695CB7} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3754347620-2631093848-4264505032-1001UA{CCEBDF6A-B91A-4B9C-82CA-A12734A1F8A0} => C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206240 2023-06-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D5BABC16-C606-49D0-8A26-AB9E5E4BC0D7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2024-03-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {338E013B-34A0-422D-B452-B5F9D7762003} - System32\Tasks\Opera scheduled Autoupdate 1690048819 => C:\Users\user\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5709728 2024-03-14] (Opera Norway AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{89181d40-f07a-4436-adcb-52ec11f11c42}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{89181d40-f07a-4436-adcb-52ec11f11c42}: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{89181d40-f07a-4436-adcb-52ec11f11c42}\B416A65656470235D61627473507F6470224031443: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-14]
Edge Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-08]
Edge Extension: (Edge relevant text changes) - C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-02]

FireFox:
========
FF DefaultProfile: rmkq1uon.default-1693412122460
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uhhdz6gr.default-esr [2024-03-23]
FF DownloadDir: C:\Users\user\Desktop
FF Homepage: Mozilla\Firefox\Profiles\uhhdz6gr.default-esr -> hxxps://www.duckduckgo.com
FF Notifications: Mozilla\Firefox\Profiles\uhhdz6gr.default-esr -> hxxps://www.youtube.com
FF Extension: (SoundCloud MP3 Downloader) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uhhdz6gr.default-esr\Extensions\jid1-hnmMaq1milpehc6uI@jetpack.xpi [2023-11-13]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uhhdz6gr.default-esr\Extensions\uBlock0@raymondhill.net.xpi [2024-02-21]
FF Extension: (Allow Right-Click) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uhhdz6gr.default-esr\Extensions\{278b0ae0-da9d-4cc6-be81-5aa7f3202672}.xpi [2024-02-15]
FF Extension: (Remove Google Redirection) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uhhdz6gr.default-esr\Extensions\{3035f12c-7db1-4c20-a2bd-3b80ef60cb86}.xpi [2024-01-26]
FF Extension: (Disable JavaScript) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uhhdz6gr.default-esr\Extensions\{41f9e51d-35e4-4b29-af66-422ff81c8b41}.xpi [2024-03-21]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\rmkq1uon.default-1693412122460 [2023-10-18]
FF Homepage: Mozilla\Firefox\Profiles\rmkq1uon.default-1693412122460 -> www.duckduckgo.com
FF Extension: (AdBlocker Ultimate) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\rmkq1uon.default-1693412122460\Extensions\adblockultimate@adblockultimate.net.xpi [2023-08-31]
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tclexq9b.default-release-1697662445141 [2023-10-18]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-01] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-01] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin HKU\S-1-5-21-3754347620-2631093848-4264505032-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [2023-07-22] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-3754347620-2631093848-4264505032-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\user\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [2023-07-22] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]

Opera:
=======
OPR DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-10] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-01-19] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8882936 2024-03-21] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-03-21] (Malwarebytes Inc. -> Malwarebytes)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [4010432 2016-08-02] (NVIDIA Corporation -> NVIDIA Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CtClsFlt; C:\Windows\system32\DRIVERS\CtClsFlt.sys [172704 2009-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 DBUtilDrv2; C:\Windows\System32\drivers\DBUtilDrv2.sys [24968 2024-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DellInstrumentation; C:\Windows\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20928 2024-03-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [603416 2024-03-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-23 19:43 - 2024-03-23 19:46 - 000015892 _____ C:\Users\user\Desktop\FRST.txt
2024-03-23 19:42 - 2024-03-23 19:44 - 000000000 ____D C:\FRST
2024-03-23 19:41 - 2024-03-23 19:41 - 002391552 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2024-03-23 17:29 - 2024-03-23 17:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-03-21 16:36 - 2024-03-21 16:36 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-03-21 16:36 - 2024-03-21 16:36 - 000001043 _____ C:\Users\Public\Desktop\Thunderbird.lnk
2024-03-21 16:36 - 2024-03-21 16:36 - 000000000 ____D C:\Users\user\AppData\Roaming\Thunderbird
2024-03-21 16:36 - 2024-03-21 16:36 - 000000000 ____D C:\Users\user\AppData\Local\Thunderbird
2024-03-21 16:36 - 2024-03-21 16:36 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2024-03-21 16:34 - 2024-03-21 16:34 - 060118496 _____ (Mozilla) C:\Users\user\Desktop\Thunderbird Setup 115.9.0.exe
2024-03-21 14:50 - 2024-03-21 15:03 - 000288436 _____ C:\TDSSKiller.3.1.0.28_21.03.2024_14.50.52_log.txt
2024-03-21 14:50 - 2024-03-21 14:50 - 004962800 _____ C:\Users\user\Desktop\tdsskiller.zip
2024-03-21 14:50 - 2024-03-21 14:50 - 000000000 ____D C:\Users\user\Desktop\tdsskiller
2024-03-21 14:30 - 2024-03-21 14:47 - 000000000 ____D C:\Users\user\AppData\Local\Malwarebytes
2024-03-21 14:29 - 2024-03-21 14:29 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-03-21 14:29 - 2024-03-21 14:29 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-03-21 14:26 - 2024-03-21 14:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-03-21 14:26 - 2024-03-21 14:26 - 000000000 ____D C:\Program Files\Malwarebytes
2024-03-21 14:25 - 2024-03-21 14:25 - 002585496 _____ (Malwarebytes) C:\Users\user\Desktop\MBSetup(1).exe
2024-03-07 11:40 - 2024-03-07 11:41 - 000000000 ____D C:\Users\user\Desktop\Tonneau Cover
2024-02-26 15:26 - 2024-02-26 15:33 - 000000000 ___HD C:\$WINDOWS.~BT
2024-02-26 15:06 - 2024-02-26 15:06 - 000000000 ___HD C:\$WinREAgent
2024-02-22 16:14 - 2024-02-22 16:14 - 000406933 _____ C:\Users\user\Desktop\sample_contract.pdf
2024-02-22 16:13 - 2024-02-22 16:13 - 001926384 _____ C:\Users\user\Desktop\2017 F150 Window Sticker.pdf
2024-02-22 16:12 - 2024-02-22 16:12 - 001926384 _____ C:\Users\user\Desktop\window-1.pdf
2024-02-22 11:18 - 2024-02-22 11:18 - 000285705 _____ C:\Users\user\Desktop\Concord Service Agreement.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-23 19:37 - 2023-04-05 23:20 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-03-23 19:20 - 2020-09-15 19:52 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-03-23 17:31 - 2023-10-18 16:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-03-23 17:31 - 2023-10-18 16:52 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-03-23 17:30 - 2020-12-15 14:06 - 000000000 ____D C:\Users\user\AppData\Local\OpenShell
2024-03-23 17:29 - 2023-06-19 13:30 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{E7785D13-C634-4FF7-B279-73ED61CBADA6}
2024-03-23 01:42 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-22 23:23 - 2023-04-06 11:49 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3754347620-2631093848-4264505032-1001
2024-03-22 23:23 - 2020-09-15 20:08 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3754347620-2631093848-4264505032-1001
2024-03-22 23:23 - 2020-09-15 20:05 - 000002380 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-22 23:22 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-22 23:22 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\AppReadiness
2024-03-21 14:30 - 2019-03-19 00:50 - 000000000 ____D C:\Windows\INF
2024-03-21 14:28 - 2019-03-19 00:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-03-21 13:23 - 2023-04-06 12:19 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-21 13:23 - 2023-04-06 12:19 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-03-19 22:54 - 2023-07-22 14:00 - 000004262 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1690048819
2024-03-19 22:54 - 2023-07-22 14:00 - 000001387 _____ C:\Users\user\Desktop\Opera Browser.lnk
2024-03-19 22:54 - 2023-07-22 14:00 - 000001387 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2024-03-17 00:48 - 2023-09-14 16:17 - 000000437 _____ C:\Users\user\Desktop\eBay.txt
2024-03-13 15:34 - 2020-09-15 20:04 - 000795988 _____ C:\Windows\system32\PerfStringBackup.INI
2024-03-12 23:58 - 2020-12-15 14:15 - 000000000 ____D C:\ProgramData\NVIDIA
2024-03-12 23:58 - 2020-09-15 19:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-03-12 23:57 - 2023-04-06 13:32 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-12 23:57 - 2019-03-19 00:37 - 000524288 _____ C:\Windows\system32\config\BBI
2024-03-12 23:11 - 2020-09-15 19:53 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-03-08 00:05 - 2023-07-11 23:15 - 000000000 ____D C:\Users\user\Desktop\Craigslist
2024-03-06 18:22 - 2023-04-06 12:18 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-06 18:22 - 2023-04-06 12:18 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-05 22:40 - 2023-06-15 23:01 - 000003874 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3754347620-2631093848-4264505032-1001UA{CCEBDF6A-B91A-4B9C-82CA-A12734A1F8A0}
2024-03-05 22:40 - 2023-06-15 23:01 - 000003808 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3754347620-2631093848-4264505032-1001Core{68618E4C-8E78-4BA3-A8BA-4B3F735CEDEC}
2024-03-01 23:39 - 2022-08-12 19:37 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2024-02-26 15:30 - 2020-09-15 20:52 - 000000000 ____D C:\Windows\Panther
2024-02-26 00:28 - 2024-01-20 14:14 - 000000000 ____D C:\Users\user\Desktop\Trucks
2024-02-22 00:02 - 2024-02-11 15:15 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps

==================== Files in the root of some directories ========

2023-07-23 00:22 - 2023-07-23 00:22 - 000308494 _____ () C:\Users\user\AppData\Local\ars.cache
2023-07-23 00:25 - 2023-07-23 00:25 - 000903305 _____ () C:\Users\user\AppData\Local\census.cache
2023-07-23 00:05 - 2023-07-23 00:05 - 000000036 _____ () C:\Users\user\AppData\Local\housecall.guid.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.03.2024 01
Ran by user (23-03-2024 19:49:56)
Running from C:\Users\user\Desktop
Microsoft Windows 10 Home Version 1909 18363.418 (X64) (2020-09-16 00:01:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3754347620-2631093848-4264505032-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3754347620-2631093848-4264505032-503 - Limited - Disabled)
Guest (S-1-5-21-3754347620-2631093848-4264505032-501 - Limited - Disabled)
user (S-1-5-21-3754347620-2631093848-4264505032-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-3754347620-2631093848-4264505032-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Dell SupportAssist (HKLM\...\{6D3561B7-19AA-438B-9C83-CD2CED199472}) (Version: 3.14.0.91 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{FFFED431-EF80-4C39-A66E-E11BC7413D33}) (Version: 5.5.5.16206 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{cff56899-3afb-4fe1-aeec-a0474836d1cd}) (Version: 5.5.5.16206 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
IrfanView 4.62 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.62 - Irfan Skiljan)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes version 5.1.1.106 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.1.106 - Malwarebytes)
Microsoft .NET Host - 6.0.14 (x64) (HKLM\...\{40D4EC44-91F8-4EEE-869E-F4B3E90E6688}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM-x32\...\{a75f0c38-355e-478f-b573-1dbc42915c5c}) (Version: 6.0.14.32123 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\Microsoft EdgeWebView) (Version: 122.0.2365.92 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\OneDriveSetup.exe) (Version: 24.045.0303.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{B5664346-4402-4834-81BE-9687BF653BA2}) (Version: 3.26.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 115.9.1 ESR (x64 en-US)) (Version: 115.9.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.9.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 115.9.0 (x64 en-US)) (Version: 115.9.0 - Mozilla)
NVIDIA 3D Vision Driver 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 369.09 - NVIDIA Corporation)
NVIDIA Graphics Driver 369.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 369.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA nView 148.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.03 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA WMI 2.27.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.27.3 - NVIDIA Corporation)
OpenOffice 4.1.14 (HKLM-x32\...\{FADD87FD-83C7-40B4-9180-EA9371C1A348}) (Version: 4.114.9811 - Apache Software Foundation)
Open-Shell (HKLM\...\{FA86549E-94DD-4475-8EDC-504B6882E1F7}) (Version: 4.4.191 - The Open-Shell Team)
Opera Stable 102.0.4880.78 (HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\Opera 102.0.4880.78) (Version: 102.0.4880.78 - Opera Software)
Opera Stable 108.0.5067.29 (HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\Opera 108.0.5067.29) (Version: 108.0.5067.29 - Opera Software)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 7 Games for Windows 11, 10 and 8 (HKLM\...\Win7Games) (Version: 3.1 - hxxp://winaero.com)

Packages:
=========

Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.14.4.0_x64__htrsf667h5kn2 [2023-10-18] (Dell Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-10-18] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-08] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3754347620-2631093848-4264505032-1001_Classes\CLSID\{5a9f20dc-1140-425e-8293-79b138cd8175}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => No File
CustomCLSID: HKU\S-1-5-21-3754347620-2631093848-4264505032-1001_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\1.3.185.21\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3754347620-2631093848-4264505032-1001_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3754347620-2631093848-4264505032-1001_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3754347620-2631093848-4264505032-1001_Classes\CLSID\{72726D01-426C-4B35-8266-B4496CAA889E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\1.3.183.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3754347620-2631093848-4264505032-1001_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\1.3.185.21\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3754347620-2631093848-4264505032-1001_Classes\CLSID\{CAE1760A-CB07-481B-8F9A-BC65510AF5D5}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\1.3.185.21\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3754347620-2631093848-4264505032-1001_Classes\CLSID\{E3D57E77-FE71-4D06-BD34-D48820074909}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3754347620-2631093848-4264505032-1001_Classes\CLSID\{E76F97B1-1AE9-497C-9FA4-F57BBABAD54A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\EdgeUpdate\1.3.185.17\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2023-08-16] (Open-Shell) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2023-08-16] (Open-Shell) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [IrfanViewShellExt] -> {C835F12F-DD15-4294-B245-954A877D778A} => C:\Program Files (x86)\IrfanView\Shell Extension\IrfanViewShellExt64.dll [2023-08-19] (Irfan Skiljan) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2016-08-02] (NVIDIA Corporation -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2023-08-16] (Open-Shell) [File not signed]
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\Users\user\Downloads\OldNewExplorer-1.1.9\OldNewExplorer64.dll [2020-12-15] (www.startisback.com) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2008-07-03 19:38 - 2008-07-03 19:38 - 000002048 _____ () [File not signed] C:\Program Files\Microsoft Games\FreeCell\slc.dll
2023-10-23 22:50 - 2023-06-20 04:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2023-08-19 17:47 - 2023-08-19 17:47 - 000167424 _____ (Irfan Skiljan) [File not signed] C:\Program Files (x86)\IrfanView\Shell Extension\IrfanViewShellExt64.dll
2023-08-30 11:38 - 2016-08-01 08:15 - 000860448 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2023-08-16 13:46 - 2023-08-16 13:46 - 000987648 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\ClassicExplorer64.dll
2023-08-16 13:46 - 2023-08-16 13:46 - 002867200 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
2023-08-16 13:47 - 2023-08-16 13:47 - 000436736 _____ (Open-Shell) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2019-09-24 03:51 - 2020-12-15 14:03 - 000261632 _____ (www.startisback.com) [File not signed] C:\Users\user\Downloads\OldNewExplorer-1.1.9\OldNewExplorer64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\user\Downloads\OldNewExplorer-1.1.9\OldNewExplorer64.dll [2020-12-15] (www.startisback.com) [File not signed]
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2023-08-16] (Open-Shell) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2023-08-16] (Open-Shell) [File not signed]
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\user\Downloads\OldNewExplorer-1.1.9\OldNewExplorer32.dll [2020-12-15] (www.startisback.com) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2023-08-16] (Open-Shell) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2023-08-16] (Open-Shell) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2023-08-16] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2023-08-16] (Open-Shell) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Desktop\8NQf5EQ.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Apoint"
HKLM\...\StartupApproved\Run: => "nwiz"
HKLM\...\StartupApproved\Run32: => "Dell Webcam Central"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8714F0D917266FE3AFB7F8BB98EEBC18"
HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\StartupApproved\Run: => "Epic Privacy Browser Installer"
HKU\S-1-5-21-3754347620-2631093848-4264505032-1001\...\StartupApproved\Run: => "Opera Stable"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1D85C184-9802-4DC3-9AB6-93EE7CFABCA3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F3480D91-0CE0-4C8F-A23C-2B62F9744B9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [TCP Query User{DF4FCA26-24D1-45B4-91C1-061F5A07E30F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [UDP Query User{82AC05D3-7976-4FF9-A61B-9F0A2DEF364C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [{B43E58C3-7CA1-449B-880F-CA99E1CF6D25}] => (Allow) C:\Users\user\AppData\Local\Epic Privacy Browser\Application\epic.exe => No File
FirewallRules: [{1A2B33C1-721F-4C04-B8F4-2E6FC0F66717}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\102.0.4880.56\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{A5AF8FBA-6994-4A2B-86E9-A4036776CC0D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{6D8ACEED-57FD-48BF-9856-128484C6B09E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{7B67658B-6716-42DB-9EF8-5A4968645C10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5B3A8E8A-870D-4A84-8194-016A9F6E5D25}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FDD4092C-7297-4DA6-B011-860677A3C9AF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8B2330D6-C7B8-475A-A3A0-420D2AE20475}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B2756728-F125-40D9-A33E-3CA99FFFA39B}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\107.0.5045.71\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{BCC451BE-A7D2-49D9-88E1-C6E5C62CFE3E}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{229DC5D4-0018-4078-9846-3DF206BE3691}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

03-03-2024 13:02:32 Scheduled Checkpoint
12-03-2024 23:56:55 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
20-03-2024 23:46:14 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Broadcom USH w/swipe sensor
Description: Broadcom USH w/swipe sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/23/2024 03:39:41 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (03/23/2024 03:39:41 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (03/23/2024 03:39:41 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/22/2024 11:29:26 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 25656 and the required size was 26048.

Error: (03/21/2024 02:50:15 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (03/19/2024 11:03:19 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 26600 and the required size was 27704.

Error: (03/19/2024 06:06:52 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (03/19/2024 06:06:52 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007


System errors:
=============
Error: (03/12/2024 11:47:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DDVDataCollector service.

Error: (03/12/2024 11:47:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (02/05/2024 08:37:28 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (01/23/2024 11:41:28 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (12/23/2023 12:05:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/23/2023 12:05:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys

Error: (12/23/2023 12:05:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/23/2023 12:05:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\user\AppData\Local\Temp\ehdrv.sys


Windows Defender:
================
Date: 2024-03-23 16:08:08.289
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-23 01:09:21.537
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-20 23:58:52.695
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-19 20:05:28.461
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-18 18:53:52.341
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-12-11 22:32:14.424
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.294.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-10-18 16:07:47.069
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0

Date: 2023-09-29 00:14:19.101
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1609.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-09-27 23:32:15.395
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1609.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-07-22 13:30:39.919
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Security intelligence Version: 0.0.0.0;0.0.0.0
Engine Version: 0.0.0.0

==================== Memory info ===========================

BIOS: Dell Inc. A15 09/27/2013
Motherboard: Dell Inc. 04YY4M
Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 8149.05 MB
Available physical RAM: 4310.53 MB
Total Virtual: 9429.05 MB
Available Virtual: 3851.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.32 GB) (Free:181.26 GB) (Model: WDC WD2500BEKT-75PVMT0) NTFS

\\?\Volume{3e974f70-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 3E974F70)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 23 March 2024 - 09:57 PM

Greetings.

If you have not done so already, launch Edge to see if the same symptoms appear.

I would like to test Firefox. Please do this.

===================================================

Running Firefox in Browser Safe Mode
  • Launch Firefox normally
  • Click on the 3 horizontal bars in the upper right hand corner of the browser window
  • Click Help, then Troubleshoot Mode
  • Click Restart
  • Select Open
  • Close the page
  • Check the browser performance and report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Edge tested?
  • Firefox performance

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 26 March 2024 - 08:41 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#6 McInRantz

McInRantz
  • Topic Starter

  • Avatar image
  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 26 March 2024 - 02:17 PM

Hello. I do still seek help. I had to work late and didn't have the opportunity to respond until now. It may take a day or so for me to test out Edge to see if it is happening with the Edge browser. I will run Firefox in safe mode and reply with those results, also. It is still happening. It happened to me just today on eBay again - 2 new tabs opened without me clicking on those links. Thanks


#7 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 26 March 2024 - 04:33 PM

Thanks for touching base. I just needed to check to see if you were still here so I can manage my topics.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#8 McInRantz

McInRantz
  • Topic Starter

  • Avatar image
  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 26 March 2024 - 08:42 PM

Well, I did as you asked Gary. I restarted Firefox in safe mode and perused eBay for the past couple hours, clicking on various links, clicking on links for ads within listing I was viewing. As of now, I haven't noticed any tabs open that I did not click on. As far as surfing with Edge, I did the same thing, perusing listings on eBay, clicking links, etc. Again, as of now, I had no links that I did not click on open up in new tabs. I did reaffirm to myself why I hate Edge so much lol.


#9 McInRantz

McInRantz
  • Topic Starter

  • Avatar image
  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 26 March 2024 - 08:45 PM

Thanks for touching base. I just needed to check to see if you were still here so I can manage my topics.

I understand.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 26 March 2024 - 09:44 PM

Edge served its purpose. :thumbsup2:

Here is our next troubleshooting step.

===================================================

Manually Troubleshooting Firefox Extensions

-------------------
  • Launch Firefox normally
  • In the address bar type about:addons then hit Enter
  • Disable half of the Extensions, restart Firefox, then check for symptoms
  • If the symptoms remain, disable an additional Extension, restart Firefox, then check for symptoms. Repeat as necessary
  • If the symptoms disappear after disabling half of the Extensions, Enable an Extension, restart Firefox and check for symptoms. Repeat as necessary
  • Report the Addons causing issues in your reply
===================================================

Things I would like to see in your next reply.
  • Results

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#11 McInRantz

McInRantz
  • Topic Starter

  • Avatar image
  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 28 March 2024 - 10:59 PM

I'll be doing that now and report back on findings. Thank you.


#12 McInRantz

McInRantz
  • Topic Starter

  • Avatar image
  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 01 April 2024 - 01:36 AM

Well, it seems to have come down to UBlock Origin, at least as far as I can tell. I searched for various items on eBay, the same things I had been searching for, and clicking one ones that I was interested in. I didn't get any new tabs opening on their own, at least not in the searching I did while UBlock was disabled. Or, I just got lucky and didn't click on any of those "loaded" links. The thing, though, is that I had UBlock always disabled on eBay, or shutdown anyway. It wasn't supposed to be running on eBay, although it was still "technically" enabled. But, I disabled it completely when I got to it using your instructions to disable half my extensions at a time, and, IDK, it seems ok for now at least. I had the same thing happen on Amazon, too. I think I mentioned that before, although I didn't check Amazon with it completely disabled. I'm glad it wasn't a virus or spyware. I guess all is good. I'll look into getting something different to replace UBlock. Thanks for all your help.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 01 April 2024 - 09:24 AM

It is not uncommon for the troubleshooting steps (disable and enable) to resolve the issue without any further intervention. I can't explain why, but it does happen. Let's monitor things for another day and see how we do.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#14 McInRantz

McInRantz
  • Topic Starter

  • Avatar image
  • Members
  • 10 posts
  • OFFLINE
    •  
  • Local time:12:30 AM

Posted 02 April 2024 - 05:08 PM

Well, I believe I jumped to a conclusion. I thought the problem was taken care of, but was mistaken. Today, again when perusing eBay listings, with NO extensions whatsoever (I uninstalled all of them), the same thing happened again sometime after I clicked on a link to view a listing. I'm not sure when, but sometime after clicking on a link, another link opened, with a completely different, but related (same type of item) listing from an entirely different seller. I honestly think that there's some new shenanigans going on whereby secondary links are being buried into primary links, and then being opened on some type of delay. I don't know what else to think. Isn't there some setting in about:config I can alter to stop this behavior? Or, maybe it's something entirely different causing this?


Edited by McInRantz, 02 April 2024 - 05:08 PM.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware


  • Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 02 April 2024 - 08:06 PM

Let's do this.

===================================================

Refreshing Firefox

--------------------
  • Please review this information to understand what refreshing Firefox will do
  • Make a note of Extensions and themes if you want to reinstall those
  • Hold down the Shift Key and start Firefox
  • In the pop up screen select Refresh Firefox
  • Click Refresh Firefox
  • Confirm the Refresh
  • Firefox will close
  • Click Finish on the information window and Firefox will restart
  • Check the browser performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Results?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69
Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·