Hello, Jim.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

 

Thanks! Here are the files:

 

Thanks, Jim.

I'll review your logs tomorrow, with a fresh mind. Here it is 9 p.m. right now.

In the meantime...

Please, adhere to the guidelines below, and have them in your mind during the cleaning procedure.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

OK. Thanks. Before I typed the original post, I did run a complete scan using WINDOWS Defender and found no issues. (At least that what it reported). After the SCAN for you, I tried some other websites (my baking one) and when exiting them, I received similar displays.
This website and another that I've used seem to be the only two that will work correctly or get me back to my home screen. If you wish, I can do another of your scans and then not even turn this PC on until I hear from you.

Thanks -- Jim

 

Hi, Jim.

No need for other logs. You can use carefully the computer during the procedure, but you can't download or uninstall programs without being instructed.

It seems that you are infected with adware. Let's clean.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-802402209-2635543801-2349616122-1001_Classes\CLSID\{732110BF-ABEE-4A6A-B3C7-2E96099D3630}\InprocServer32 -> C:\Program Files (x86)\Mozilla Firefox\notificationserver.dll => No File
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0E0EyE0FtD0D0Dzz0E0FtN0D0Tzu0StCyDtAtBtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0C0D0DtD0A0B0EtGyD0AyDyEtG0DtDyDtBtGtA0ByB0BtGtB0A0EyBtA0E0CtAtAyEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAtAtB0D0AtC0AtG0AyCyDyCtGyE0CyE0FtGzzzyzzyCtGzy0DyDtD0B0CyEtDyDzy0CtA2QtN0A0LzuyE%26cr%3D1740137830%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-802402209-2635543801-2349616122-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_09&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0E0EyE0FtD0D0Dzz0E0FtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyDtAyCzz0ByE0BtGtAtA0D0CtGtByD0D0FtGtB0CyBzytGtD0FyD0AtC0DtBtDtAzz0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAtAtB0D0AtC0AtG0AyCyDyCtGyE0CyE0FtGzzzyzzyCtGzy0DyDtD0B0CyEtDyDzy0CtA2QtN0A0LzuyE%26cr%3D1459004475%26a%3Dwncy_instlmtrx_16_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_09&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0E0EyE0FtD0D0Dzz0E0FtN0D0Tzu0StCyDtByDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyDtAyCzz0ByE0BtGtAtA0D0CtGtByD0D0FtGtB0CyBzytGtD0FyD0AtC0DtBtDtAzz0CyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAtAtB0D0AtC0AtG0AyCyDyCtGyE0CyE0FtGzzzyzzyCtGzy0DyDtD0B0CyEtDyDzy0CtA2QtN0A0LzuyE%26cr%3D1459004475%26a%3Dwncy_instlmtrx_16_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0E0EyE0FtD0D0Dzz0E0FtN0D0Tzu0StCyDtAtBtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0C0D0DtD0A0B0EtGyD0AyDyEtG0DtDyDtBtGtA0ByB0BtGtB0A0EyBtA0E0CtAtAyEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAtAtB0D0AtC0AtG0AyCyDyCtGyE0CyE0FtGzzzyzzyCtGzy0DyDtD0B0CyEtDyDzy0CtA2QtN0A0LzuyE%26cr%3D1740137830%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-802402209-2635543801-2349616122-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0E0EyE0FtD0D0Dzz0E0FtN0D0Tzu0StCyDtAtBtN1L2XzutAtFtCzytFtBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyC0C0D0DtD0A0B0EtGyD0AyDyEtG0DtDyDtBtGtA0ByB0BtGtB0A0EyBtA0E0CtAtAyEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAtAtB0D0AtC0AtG0AyCyDyCtGyE0CyE0FtGzzzyzzyCtGzy0DyDtD0B0CyEtDyDzy0CtA2QtN0A0LzuyE%26cr%3D1740137830%26a%3Dwncy_instlmtrx_16_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-802402209-2635543801-2349616122-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-802402209-2635543801-2349616122-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
Toolbar: HKU\S-1-5-21-802402209-2635543801-2349616122-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
HKU\S-1-5-21-802402209-2635543801-2349616122-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-802402209-2635543801-2349616122-1001\...\StartupApproved\Run: => "Advanced SystemCare 10"
FirewallRules: [{DA2EC7F4-6E58-4E6E-952D-2CE125C58593}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{3D3346B9-5EBD-4B7A-8763-7898F44B7457}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe => No File
FirewallRules: [{CB826F23-1D9A-4CDD-9336-BABB19967DCB}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe => No File
FirewallRules: [{159222B7-1187-4187-A001-2106B06D9BFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe => No File
FirewallRules: [{043D6571-D983-4A58-9780-E3E515CBDB3E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe => No File
FirewallRules: [{9F4F0B11-8630-453C-A4EB-675F31CA13C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe => No File
FirewallRules: [{47A8CB99-3C11-4046-8148-A85063971441}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe => No File
FirewallRules: [{C2D5DF07-AAF5-4D79-995F-6B613F02CAE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe => No File
FirewallRules: [{6CF4B3BE-6DA8-4F98-BF30-3BC61F50A73C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe => No File
FirewallRules: [{BD2E80FA-5A44-4E0A-8A84-C79E12D78600}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe => No File
FirewallRules: [{4C6C8EE8-74D7-4050-A0AB-37BA0D2C3FF2}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe => No File
FirewallRules: [{D55EA8C3-12D0-4C27-B37F-67500F24F3E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe => No File
FirewallRules: [{58FC0D28-4988-45D6-82E6-6E111BAAA7FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe => No File
FirewallRules: [{0FE73829-144A-4DDD-9C1B-BB066629371D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe => No File
FirewallRules: [{A546E1D5-4DCA-4E2D-8F9B-535D05E49997}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe => No File
FirewallRules: [{542AE7BD-38B9-45B2-9514-FA575CEC5572}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0B8A\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F26B7AD0-8DBD-4601-AAC4-1900236996C5}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0B8A\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{A5CF96EC-FDE3-48F5-A2C8-5B11EAE59147}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1212\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3613983C-8A6E-4A58-8957-ED2278861962}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1212\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{5D470F6A-C7A1-4419-AC14-130B39D110FC}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3924\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{664AC69A-6AB6-459D-B8E6-CAEDBD5FF671}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3924\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1E30C4D9-C184-4C2F-8F7D-E672E6B31F2B}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3B87\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{E7C1E958-1691-41BD-BBB3-162C516A967F}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3B87\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C9316730-C949-440B-82AA-5FB4B8321C4F}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3CB0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{B5D34C54-332E-4F24-B0DD-9CB62FDD2F59}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3CB0\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{989A3716-DE46-470B-B02B-0AE19FB80739}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS62F7\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{AA003DCD-DAD8-4281-BFA1-53B39F702E9F}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS62F7\HPDiagnosticCoreUI.exe => No File
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {10EBCB0A-BEF6-4E7E-95ED-0089A6148507} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {23FBD4C3-17E1-4316-B046-9820E8B36D25} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3DEA9A5C-1B3E-44CE-8FAE-008F21AF3FA3} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {41BA8E97-D073-42F8-B4B5-B1AE641EC556} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4A1D63E7-AE10-418B-AD6D-2ADC9B4B6276} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {50038B32-DC4E-41BD-A2B3-551090939951} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5CCEABF7-025C-478A-B3BC-4D80E0FCEF90} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {790D6424-76E8-4846-998D-485D337548BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7C7607D8-1962-4B3D-83FA-F7996344476D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {8672E1BC-8BC7-4862-8962-30E2DF1750D6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93A71855-865B-43B0-835E-C3AB685D20F4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AF265090-068D-4B26-B971-368A8711671A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D69F4B72-4331-49E3-AF5E-B0019F532315} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D9970220-043D-430F-9B30-B03EBCD23612} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EF100438-0C82-403C-BE54-923E9E211725} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AC9B2711-FDD9-4F4D-95EE-EDC3B623DF7C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe  Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoActivateWindowsSearch (No File)
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe  /DoConfigureInternetTimeService (No File)
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe  /DoRecoveryTasks $(Arg0) (No File)
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe  /DRMInit (No File)
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe  /InstallPlayReady $(Arg0) (No File)
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate  $(Arg0) (No File)
Task: {328B65B8-720E-45DC-9CC4-8E8231ED54E9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate  -crl -hms -pscn 15 (No File)
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -MediaCenterRecoveryTask (No File)
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -ObjectStoreRecoveryTask (No File)
Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe  /OCURActivate (No File)
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /OCURDiscovery $(Arg0) (No File)
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe  /PBDADiscovery (No File)
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:7 /PBDADiscovery (No File)
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe  /wait:90 /PBDADiscovery (No File)
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe  -pscn 0 (No File)
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -PvrRecoveryTask (No File)
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe  -PvrSchedule (No File)
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec  /RestartRecording (No File)
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe  /DoRegisterSearch $(Arg0) (No File)
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe  /DoReindexSearchRoot (No File)
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe  -SqlLiteRecoveryTask (No File)
Task: {5EF95183-DFD7-4B93-A73E-546DF58C47D0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec  /StartRecording (No File)
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe  /DoUpdateRecordPath $(Arg0) (No File)
Task: {D2D3BA4D-B1C0-4009-BE9D-B7D482E4C673} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {E8593985-A19B-4AD7-B60D-D1F5609E9DD2} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {35058198-90A3-4B6D-8717-AB5546E015A5} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {6A60187F-9BC5-4171-97F0-41C9B0B903A5} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {26163008-02BC-4135-8A25-B5C224534A92} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe  /analyze (No File)
Task: {0137A69E-9D56-4D24-9E26-3D5AC3B957D8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe  /submit (No File)
Task: {2DCD2703-E208-43EA-A38F-7F6B80040DFC} - System32\Tasks\Norton WSC Integration => "C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe"  /taskschd (No File)
Task: {26F7CA04-87AF-48B6-967C-35CD74F576CC} - System32\Tasks\Uninstaller_SkipUac_HP => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [7225368 2021-08-24] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\IObit Uninstaller\\/UninstallExplorer
U3 idsvc; no ImagePath
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

2. Run Malwarebytes (scan only)

• Download Malwarebytes and save it to your Desktop.
• Once downloaded, close all programs and Windows on your computer.
• Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
• Follow the instructions to install the program.
• When finished, double click the program's icon created on your Desktop.
• Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
• Click the Protection tab and enable the 4 options under Real-time protection.
• Return to the Dashboard and choose Scan.
• When finished, you will see the Threat Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
  
  If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

3. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click the Scan Now button.
• Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
• If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
• Click the Log Files tab.
• Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
• A Notepad file will open containing the results of the removal.
• Please post the contents of the file in your next reply.

Note: Click Skip Basic Repair if you are asked to.


In your next reply, please post:

1. The fixlog.txt
2. The Malwarebytes report
3. The AdwCleaner[S0*].txt

 

DR M:
So very sorry. Someone in my household downloaded and installed the DuckDuckGo web browser without letting me know. I have since run another scan and created 2 new .txt files. They are attached. I have put a Do Not Use sign on the bad PC so this won't happen again.

Again, my apologies. I truly appreciate your help.

P.S. I still have the old .txt files that I moved to a different folder should you want me to use those.

 

Hi, Jim.

Please go on and follow my instructions in my previous post and post the requested logs/reports. We will check fresh FRST log later.

 

Hope this everything.
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/8/2024
Scan Time: 5:43 PM
Log File: 3f0f2cbc-f60a-11ee-869f-80c16eee4f0d.json

-Software Information-
Version: 5.1.2.109
Components Version: 1.0.1207
Update Package Version: 1.0.83209
License: Trial

-System Information-
OS: Windows 10 (Build 19045.4170)
CPU: x64
File System: NTFS
User: Charlie\HP

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 289146
Threats Detected: 11
Threats Quarantined: 0
Time Elapsed: 11 min, 30 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.WinYahoo, HKU\S-1-5-21-802402209-2635543801-2349616122-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, 3062, 254682, 1.0.83209, , ame, , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 3062, 254682, 1.0.83209, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-802402209-2635543801-2349616122-1001\SOFTWARE\PRODUCTSETUP, No Action By User, 57, 481004, 1.0.83209, , ame, , ,

Registry Value: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-802402209-2635543801-2349616122-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURLFALLBACK, No Action By User, 3062, 254682, 1.0.83209, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-802402209-2635543801-2349616122-1001\SOFTWARE\PRODUCTSETUP|TB, No Action By User, 57, 481004, 1.0.83209, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
PUP.Optional.AdvancedSystemCare, C:\PROGRAMDATA\IOBIT\ASCDOWNLOADER\IU6\ADVANCED SYSTEMCARE.EXE, No Action By User, 4995, 396386, 1.0.83209, , ame, , 57F644ECE070AF4122530A4A3F2FA113, 5EE42BD9306FEF719876DAA7BCE3FF1EAA68AA9A78C350317C819DA55A6766F0
PUP.Optional.BundleInstaller, C:\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE, No Action By User, 78, 1149709, 1.0.83209, , ame, , 4A06B3AB17B3A62AAD8094154CDD0886, A05555CA82AD8131E4BDAE873A441B6125C0B092AF15582BD9B32EA9072B448D
PUP.Optional.BundleInstaller, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\IObit Uninstaller.lnk, No Action By User, 78, 1149709, 1.0.83209, , ame, , F5A9181DD6034933BE2C3B8FE2526404, E87FFC1AB09D20018A3422CBD760624E7FA0264E1595F9B17B56678944E53ACF
PUP.Optional.BundleInstaller, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk, No Action By User, 78, 1149709, 1.0.83209, , ame, , 76F96EAD476BF3039E3D64127A3172FA, 641396D970C9478BFA09A9D9080D4861990A6C14CDF01A3FA5763E9BB6F76E66
PUP.Optional.WinYahoo, C:\USERS\HP\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Profile 1\Web Data, No Action By User, 3062, 454790, 1.0.83209, , ame, , 9774B4DAADAF3F4DD93000AE81DA4C1A, C7188E57BD987D5F00EBCC534E596FF877C9A9556A4D61C90E50D1E0D6DEC9E3
PUP.Optional.ASK, C:\USERS\HP\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Profile 1\Web Data, No Action By User, 1401, 454824, 1.0.83209, , ame, , 9774B4DAADAF3F4DD93000AE81DA4C1A, C7188E57BD987D5F00EBCC534E596FF877C9A9556A4D61C90E50D1E0D6DEC9E3

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Hello.

Many things were detected and we need to clean.

1. Malwarebytes (Clean mode)

I have asked you before:

Click the Protection tab and enable the 4 options under Real-time protection.

I see in your logs that you didn't enable the Rootkits detection. Pease do that. After that, run Malwarebytes as you did before, but this time, when the threats are found:

• Make sure that all threats are selected, and click on Quarantine/Remove selected.
• You may need to restart the computer.
• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

2. AdwCleaner (Clean mode)

This tool detected the following:

The findings in Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:

• Double click AdwCleaner.exe on your Desktop, to run it as you did before.
• Click Scan Now.
• Once the scan completes, AdwCleaner shows you what it found on your computer. Check the boxes next to any items you want to quarantine and disable, then click Next.
• Now, AdwCleaner will show you any preinstalled software it found on your device. Again, check the boxes next to any items you want to quarantine and disable. If nothing found, you won't see this message. If you don't want to remove any preinstalled software, click Cancel and continue.
• Click Continue, then click Restart now, and you’re done.
• Once your computer has restarted:
  • Click the Log Files tab.
  • Click Skip Basic Repair to finish the cleaning process
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

In your next reply please post:

1. The AdwCleaner[C0*].txt
2. The Malwarebytes report
3. Feedback: How is the computer running now? Any improvement with the initial issue?

 

Hopefully I did it right this time.
FYI. When I installed Malwarebytes and AdwCleaner, there was an update to both programs. The displays were a little different from what I was expecting from your instructions.

My PC seems to be working fine now. Hopefully it will be stable going forward.
Thank you again for your help. I was about to pull out what little hair I have left.

If you need anything else from me, let me know.
--Jim



Malwarebytes report:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/9/2024
Scan Time: 3:43 PM
Log File: 9c773670-f6c2-11ee-b037-80c16eee4f0d.json

-Software Information-
Version: 5.1.2.109
Components Version: 1.0.1207
Update Package Version: 1.0.83251
License: Trial

-System Information-
OS: Windows 10 (Build 19045.4170)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 289258
Threats Detected: 11
Threats Quarantined: 11
Time Elapsed: STRING-NOT-ADDED

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.WinYahoo, HKU\S-1-5-21-802402209-2635543801-2349616122-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, 3062, 254682, 1.0.83251, , ame, , ,
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, 3062, 254682, 1.0.83251, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-802402209-2635543801-2349616122-1001\SOFTWARE\PRODUCTSETUP, Quarantined, 57, 481004, 1.0.83251, , ame, , ,

Registry Value: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-802402209-2635543801-2349616122-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURLFALLBACK, Quarantined, 3062, 254682, 1.0.83251, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-802402209-2635543801-2349616122-1001\SOFTWARE\PRODUCTSETUP|TB, Quarantined, 57, 481004, 1.0.83251, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
PUP.Optional.AdvancedSystemCare, C:\PROGRAMDATA\IOBIT\ASCDOWNLOADER\IU6\ADVANCED SYSTEMCARE.EXE, Quarantined, 4995, 396386, 1.0.83251, , ame, , 57F644ECE070AF4122530A4A3F2FA113, 5EE42BD9306FEF719876DAA7BCE3FF1EAA68AA9A78C350317C819DA55A6766F0
PUP.Optional.BundleInstaller, C:\PROGRAM FILES (X86)\IOBIT\IOBIT UNINSTALLER\IOBITUNINSTALER.EXE, Quarantined, 78, 1149709, 1.0.83251, , ame, , 4A06B3AB17B3A62AAD8094154CDD0886, A05555CA82AD8131E4BDAE873A441B6125C0B092AF15582BD9B32EA9072B448D
PUP.Optional.BundleInstaller, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\IObit Uninstaller.lnk, Quarantined, 78, 1149709, 1.0.83251, , ame, , F5A9181DD6034933BE2C3B8FE2526404, E87FFC1AB09D20018A3422CBD760624E7FA0264E1595F9B17B56678944E53ACF
PUP.Optional.BundleInstaller, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk, Quarantined, 78, 1149709, 1.0.83251, , ame, , 76F96EAD476BF3039E3D64127A3172FA, 641396D970C9478BFA09A9D9080D4861990A6C14CDF01A3FA5763E9BB6F76E66
PUP.Optional.WinYahoo, C:\USERS\HP\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Profile 1\Web Data, Replaced, 3062, 454790, 1.0.83251, , ame, , D1E893707287F66EE4D707A8C19E55D7, 3F88C53CC072E6A86889C995B0F5F00622525257B468335D6F77BBAED873E58C
PUP.Optional.ASK, C:\USERS\HP\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Profile 1\Web Data, Replaced, 1401, 454824, 1.0.83251, , ame, , D1E893707287F66EE4D707A8C19E55D7, 3F88C53CC072E6A86889C995B0F5F00622525257B468335D6F77BBAED873E58C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Thank you, Jim.

Let's check fresh FRST logs now (Addition and FRST), please.

FYI. When I installed Malwarebytes and AdwCleaner, there was an update to both programs. The displays were a little different from what I was expecting from your instructions.

Yes, sorry about that. The important thing is you ran the scan and cleaned the detected items.

 

Here are fresh logs.

 

The fix now will do some maintenance:

FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Task: {FA2841CF-F128-48B4-8572-CCB6830221E8} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe  do-task "E7CF176E110C211B" (No File)
2024-04-08 17:17 - 2020-08-22 20:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Internet Security
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

In your next reply please post:

1. The fixlog.txt
2. Feedback: How is the computer running? Any remaining issue/question/concern?

 

Wow! That ran for about an hour.
Everything seems to be running fine. Is it all right to uninstall Malwarebytes, adwcleaner and mbsetup? I won't do it unless you say OK. How about also removing FRST64 when we're done?
Thanks!

 

Yes, it took so long because I added a command to check the system. As you can see in the log, corrupt files have been found and got fixed.

So, if no other issue/question/concern...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.

The above tool will remove everything except Malwarebytes. My recommendation is to keep it and use it occasionally for an on-demand scan, from time to time. It works well with Windows Defender, and both can keep you safe. Your decision, of course.

 

Here it is.

OK. I'll keep Malwarebytes.

 

Excellent!

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

• Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
• Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
• Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows 10 antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.

I'm glad I was able to help you.

 

Thanks a million!!!
The Malwarebytes I'll run once in a while. Is Windows Defender enough or do I need a anything else besides malwarebytes? I think my problem may have been created by a couple of .PDF files downloaded from an e-mail sent by my mother-in-law's tax accountant. Just a guess.

 

Is Windows Defender enough or do I need a anything else besides malwarebytes?

Yes. See above, number 9.

Whatever it was, please be more careful from now on.

Take care, Jim!