No Links For Tools On Gif Pages

Lalaina · Feb 25, 2026

Hi there! I'm trying to do the Read & Run me First but the gifs are not giving me any links. I have only managed to get Malwarebytea so far. Can someone give me the other links please.

Oh My! · Feb 25, 2026

Sorry for the frustration. We are addressing the issue.

For now just run the Farbar Recover Scan Tool instructions under Step #2. Attach those reports as well as the Malwarebytes report and we will get started.

Lalaina · Feb 26, 2026

Very sorry but as I gwt older, I seem to get confused easier. The download for Farbar gave me an alert "FRST64.exe isn't commonly downloaded. Make sure you trust FRST64.exe before you open it. The file it put in my dowload folder is named unconfirmed 212165.crdownload. Is this it? As said, I can ignore the alert but since it isn't an executable file, what do I open it with? I don't have an option to run as administrator. Will it work if I just throw it in my Run box?

Oh My! · Feb 26, 2026

This stuff is confusing for me as well!

The unconfirmed file is only a partial download and won't work. Try downloading it again and this time ignore the alert. The file is safe.

Lalaina · Feb 26, 2026

I've tried 4 times. I keep getting the same thing but with different numbers. The download page says "A network error caused the media download to fail part-way"

I also can't find a Malwarebytes Report button so can't get a report. It did find some stuff so I told it to fix it. It was a small program called Earthview 360. I thought it would delete it but it didn't. Copilot helped me delete Earthview, It was an extension. So I tried to download Farbar again. This time I got sent to Windows Downloads and got it there!

I tried going back to the Malwarebytes page to see if there were any instructions but now am getting 404 Not Found for that download. Pls let me know how to get the report.

Oh My! · Feb 26, 2026

We won't worry about the Malwarebytes report. If you can, copy and paste the FRST64.exe file onto the desktop and run a scan. Attach the reports to your reply.

Lalaina · Feb 28, 2026

Here are the reports from the scan:

Oh My! · Feb 28, 2026

Thank you for the attached files. What are you noticing that resulted in you posting a topic?

Is Avast installed on your computer because it is your preferred antivirus or because you downloaded it to try to resolve your issue?

I have located at least one issue with Edge.

Please do this.

===================================================

Farbar Recovery Scan Tool - Run Fix Using Attached File

--------------------

Download the attached file and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important

Right click on FRST and select Run as administrator

Click Fix and once completed your computer will reboot

The tool will create a log on the desktop called Fixlog.txt

Attach the report to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Symptoms?

Avast preferred antivirus?

Attached Fixlog

Update on computer performance

Lalaina · Feb 28, 2026

I was putting in an order on Amazon a couple days ago and whenever I clicked on something (anything, anywhere) 2 pages would come up on a new tab ( computer is set to open nrw tab). The firt page was full sized but not what I clicked on. The second page on top of the first was partial screen sized and usually had an Amazon ad page.I had to close both pages and re-enter my search term for the item I wwanted and try again, over and over until I finally got the item page I wanted. It didn't matter if I left or right-clicked to open in new tab, still got 2 wrong pages. Most times my original tab would also close when I closed these tabs. Hope that makes sense, I couldn't figure out where the original tab went. My tabs labeling went blank so I couldn't read them unless I hovered over each one. After that, I couldn't click anywhere on the internet without gwtting double pages of not asked for sites. No dangerous sites, just annoying. Ads, Ask an Expert (Mechanical, Technical, Medical, Lawyer) other junk.

Avast FREE version is my preferred. I've had it for years through many computers. This is the first time I've had a problem. My computer has stopped doin this since I deleted that Earthview extension excpt yesterday it did send me to a weird page each time I clicked Skip Ad on a small bing video. I had to close the video because it stopped working, but many of their ads don't work on their videos.

I no longer have Farbar. I must have deleted it with all the unconfirmed copies I had. Do you want me to download it again and rescan?

Oh My! · Mar 1, 2026

Greetings.

Edge Notifications: Default -> hxxps://popsflip.co.za
Click to expand...

I believe this entry is what is causing your difficulties but we will see after you complete the below.

We don't need to run a new scan but we now want to run a Fix.

Yes, please download FRST64 and if it is in the Downloads folder copy and paste the program to your desktop. Please do this.

Download FRST64 and copy and paste the file onto the desktop

Download the attached file and copy and paste the file onto the desktop

Right click on FRST64 and select Run as administrator

Making sure both FRST64 and Fixlist.txt are both still on the desktop click Fix (not Scan)

Your computer will automatically reboot after processing the Fixlist.txt

Following reboot attach the Fixlog.txt report on the desktop in your reply

Lalaina · Mar 1, 2026

I hope I did this right. I grabbed the first Fizlist.txt above as I didn't see the one below that. I hope they were the same. After the reboot it brought up FRST64 again, asking if I wanted to make changes to my computer. I didn't know what to do with this, so I clicked Cancel. Anyway, here's the Fixlog I got.

Btw, Copilot is going to help me fix my blank tabs. Apparently, it's a common UI pattern in Edge when deleting an extension like Earthview. Edge kind of gets stuck on hiding things trying to keep us out of trouble.

Oh My! · Mar 1, 2026

The process worked perfectly.

Is Edge working properly now?

We have one more repair to make to your operating system. Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Close any open programs or windows because your computer will automatically reboot after FRST64 is run

Right click on the FRST64 icon and select Run as administrator

Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied

There is no need to paste the information anywhere, FRST64 will do it for you
Code:
Start::
CloseProcesses:
cmd: DISM /Online /Cleanup-Image /RestoreHealth
End::
Click Fix

When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Edge working properly now?

Fixlog

Lalaina · Mar 1, 2026

uk, so I guess I'm clueless. I wasn't given time. I didn't close any progams. Edge was open with this forum page up (for the instructions). My downloads folder was open. I minimized them so I could check my desktop. FRST64 was there. I have no Run as administrator option on my menu so I double clicked to open it. I had not yet copied anything but immediately a fixlog opened and quickly closed and FRST64 on my desktop disappeared, The fixlog was put in my downloads folder along with another unconfirmed partial file of Farbar and for what it's worth, here it is. I did not click fix and my computer did not reboot when done.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2026
Ran by Admin (01-03-2026 11:00:28) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Edge Notifications: Default -> hxxps://popsflip.co.za
Task: {3052677C-C235-42DE-997E-7575A8A1D797} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
FirewallRules: [{7BEF0233-2485-4EB2-AE1F-5CEDCE6CA810}] => (Allow) E:\Steam\steamapps\common\Dinosaur Fossil Hunter Prologue\launcher\playway-launcher.exe => No File
FirewallRules: [{7994B778-87D2-435B-B388-7BA8948F8E42}] => (Allow) E:\Steam\steamapps\common\Dinosaur Fossil Hunter Prologue\launcher\playway-launcher.exe => No File
FirewallRules: [UDP Query User{B9069FD5-413C-41D9-9DA8-09BC9E749C89}C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe] => (Block) C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe => No File
FirewallRules: [TCP Query User{9B70FF31-6410-4488-8A52-5EB6CC6CDB8C}C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe] => (Block) C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe => No File
FirewallRules: [{D59D9981-7CCA-424B-956E-68F6244D1D39}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{889512CE-A4DA-47AC-91FE-F22B263672CF}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{6CD91FCE-8165-4629-AEB3-72F3EBCD8E2E}C:\users\admin\appdata\local\wemod\app-10.8.1\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.8.1\wemod.exe => No File
FirewallRules: [UDP Query User{580EC867-9F9F-4520-80C3-2B05BA6CE6A6}C:\users\admin\appdata\local\wemod\app-10.8.1\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.8.1\wemod.exe => No File
FirewallRules: [TCP Query User{E1B1C8CF-F299-412F-BB31-538D30E83C96}C:\users\admin\appdata\local\wemod\app-10.9.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.9.0\wemod.exe => No File
FirewallRules: [UDP Query User{42313EAB-77DA-4315-B138-1996BE1F554F}C:\users\admin\appdata\local\wemod\app-10.9.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.9.0\wemod.exe => No File
FirewallRules: [TCP Query User{D1CAF5B3-53AA-4579-8B78-AEEC3E0DE783}C:\users\admin\appdata\local\wemod\app-10.10.3\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.10.3\wemod.exe => No File
FirewallRules: [UDP Query User{4A80A682-F3D5-4C45-B5A3-734D09EAE61C}C:\users\admin\appdata\local\wemod\app-10.10.3\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.10.3\wemod.exe => No File
FirewallRules: [TCP Query User{2BD58905-89C1-4723-B030-5BFD69FA0F69}C:\users\admin\appdata\local\wemod\app-10.10.4\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.10.4\wemod.exe => No File
FirewallRules: [UDP Query User{657917A7-985F-4D52-A7ED-85F97E7B9CD8}C:\users\admin\appdata\local\wemod\app-10.10.4\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.10.4\wemod.exe => No File
FirewallRules: [TCP Query User{3379C07A-BEBF-4A34-8E9B-172D23C27A59}C:\users\admin\appdata\local\wemod\app-10.10.5\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.10.5\wemod.exe => No File
FirewallRules: [UDP Query User{1B1903D8-DBAE-4C13-9265-C1A3D47EBE73}C:\users\admin\appdata\local\wemod\app-10.10.5\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.10.5\wemod.exe => No File
FirewallRules: [TCP Query User{9783A462-4963-4227-9DBE-755D4C1E163C}C:\users\admin\appdata\local\wemod\app-10.11.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.11.0\wemod.exe => No File
FirewallRules: [UDP Query User{412B999A-F5F7-4357-961C-3D2E0CAC52E8}C:\users\admin\appdata\local\wemod\app-10.11.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.11.0\wemod.exe => No File
FirewallRules: [TCP Query User{66B93F45-544F-4775-9B7B-BD848FE1E487}C:\users\admin\appdata\local\wemod\app-10.12.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.12.0\wemod.exe => No File
FirewallRules: [UDP Query User{E41C7BAD-160B-429E-922D-A9B7E8E70088}C:\users\admin\appdata\local\wemod\app-10.12.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.12.0\wemod.exe => No File
FirewallRules: [TCP Query User{371581BE-94CD-42B9-BF4C-1808ABC2F438}C:\users\admin\appdata\local\wemod\app-10.14.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.14.0\wemod.exe => No File
FirewallRules: [UDP Query User{1EA481DE-D802-423F-B320-1DF61EE2B811}C:\users\admin\appdata\local\wemod\app-10.14.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.14.0\wemod.exe => No File
FirewallRules: [TCP Query User{B1B473A1-58CB-42D2-8C11-197E9D518E8A}C:\users\admin\appdata\local\wemod\app-10.15.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.15.0\wemod.exe => No File
FirewallRules: [UDP Query User{F76EF66D-FCDE-4FAC-9E52-0752162A3F27}C:\users\admin\appdata\local\wemod\app-10.15.0\wemod.exe] => (Allow) C:\users\admin\appdata\local\wemod\app-10.15.0\wemod.exe => No File
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
U3 avast! Firewall; no ImagePath
AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [476]
AlternateDataStreams: C:\ProgramData\TEMP:2658F5EB [235]
AlternateDataStreams: C:\ProgramData\TEMP:26D061B8 [231]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:3CC2D8AB [248]
AlternateDataStreams: C:\ProgramData\TEMP:4C496DBA [248]
AlternateDataStreams: C:\ProgramData\TEMP:6C74C778 [239]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [170]
AlternateDataStreams: C:\ProgramData\TEMP:79EAEF54 [249]
AlternateDataStreams: C:\ProgramData\TEMP:841E05D6 [230]
AlternateDataStreams: C:\ProgramData\TEMP:900EBAFA [239]
AlternateDataStreams: C:\ProgramData\TEMP:99E02F7F [243]
AlternateDataStreams: C:\ProgramData\TEMP03C606E [506]
AlternateDataStreams: C:\ProgramData\TEMP6EEC2F8 [230]
AlternateDataStreams: C:\ProgramData\TEMPBE046F5 [227]
AlternateDataStreams: C:\ProgramData\TEMP:E2E09709 [252]
AlternateDataStreams: C:\ProgramData\TEMP:F512B2D9 [256]
2026-02-26 01:37 - 2026-02-26 01:37 - 002445312 _____ (Farbar) C:\Users\Admin\Desktop\Unconfirmed 722239.crdownload
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4745616 2026-02-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4745616 2026-02-25] (Microsoft Corporation -> Microsoft Corporation)
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
*****************

Restore point was successfully created.
Processes closed successfully.
"Edge Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3052677C-C235-42DE-997E-7575A8A1D797}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3052677C-C235-42DE-997E-7575A8A1D797}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\P508PowerAgent_sdk => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\P508PowerAgent_sdk" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BEF0233-2485-4EB2-AE1F-5CEDCE6CA810}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7994B778-87D2-435B-B388-7BA8948F8E42}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B9069FD5-413C-41D9-9DA8-09BC9E749C89}C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9B70FF31-6410-4488-8A52-5EB6CC6CDB8C}C:\program files\electronic arts\ea desktop\ea desktop\qtwebengineprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D59D9981-7CCA-424B-956E-68F6244D1D39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{889512CE-A4DA-47AC-91FE-F22B263672CF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6CD91FCE-8165-4629-AEB3-72F3EBCD8E2E}C:\users\admin\appdata\local\wemod\app-10.8.1\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{580EC867-9F9F-4520-80C3-2B05BA6CE6A6}C:\users\admin\appdata\local\wemod\app-10.8.1\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E1B1C8CF-F299-412F-BB31-538D30E83C96}C:\users\admin\appdata\local\wemod\app-10.9.0\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{42313EAB-77DA-4315-B138-1996BE1F554F}C:\users\admin\appdata\local\wemod\app-10.9.0\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D1CAF5B3-53AA-4579-8B78-AEEC3E0DE783}C:\users\admin\appdata\local\wemod\app-10.10.3\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4A80A682-F3D5-4C45-B5A3-734D09EAE61C}C:\users\admin\appdata\local\wemod\app-10.10.3\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2BD58905-89C1-4723-B030-5BFD69FA0F69}C:\users\admin\appdata\local\wemod\app-10.10.4\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{657917A7-985F-4D52-A7ED-85F97E7B9CD8}C:\users\admin\appdata\local\wemod\app-10.10.4\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3379C07A-BEBF-4A34-8E9B-172D23C27A59}C:\users\admin\appdata\local\wemod\app-10.10.5\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1B1903D8-DBAE-4C13-9265-C1A3D47EBE73}C:\users\admin\appdata\local\wemod\app-10.10.5\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9783A462-4963-4227-9DBE-755D4C1E163C}C:\users\admin\appdata\local\wemod\app-10.11.0\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{412B999A-F5F7-4357-961C-3D2E0CAC52E8}C:\users\admin\appdata\local\wemod\app-10.11.0\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{66B93F45-544F-4775-9B7B-BD848FE1E487}C:\users\admin\appdata\local\wemod\app-10.12.0\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E41C7BAD-160B-429E-922D-A9B7E8E70088}C:\users\admin\appdata\local\wemod\app-10.12.0\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{371581BE-94CD-42B9-BF4C-1808ABC2F438}C:\users\admin\appdata\local\wemod\app-10.14.0\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1EA481DE-D802-423F-B320-1DF61EE2B811}C:\users\admin\appdata\local\wemod\app-10.14.0\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B1B473A1-58CB-42D2-8C11-197E9D518E8A}C:\users\admin\appdata\local\wemod\app-10.15.0\wemod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F76EF66D-FCDE-4FAC-9E52-0752162A3F27}C:\users\admin\appdata\local\wemod\app-10.15.0\wemod.exe" => removed successfully
HKLM\System\CurrentControlSet\Services\aswBcc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\Avast Business Console Client Antivirus Service => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avast! Firewall => could not remove, key could be protected
C:\ProgramData\TEMP => ":1A14B3AF" ADS removed successfully
C:\ProgramData\TEMP => ":2658F5EB" ADS removed successfully
C:\ProgramData\TEMP => ":26D061B8" ADS removed successfully
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully
C:\ProgramData\TEMP => ":3CC2D8AB" ADS removed successfully
C:\ProgramData\TEMP => ":4C496DBA" ADS removed successfully
C:\ProgramData\TEMP => ":6C74C778" ADS removed successfully
C:\ProgramData\TEMP => ":7687A3E3" ADS removed successfully
C:\ProgramData\TEMP => ":79EAEF54" ADS removed successfully
C:\ProgramData\TEMP => ":841E05D6" ADS removed successfully
C:\ProgramData\TEMP => ":900EBAFA" ADS removed successfully
C:\ProgramData\TEMP => ":99E02F7F" ADS removed successfully
C:\ProgramData\TEMP => "03C606E" ADS removed successfully
C:\ProgramData\TEMP => "6EEC2F8" ADS removed successfully
C:\ProgramData\TEMP => "BE046F5" ADS removed successfully
C:\ProgramData\TEMP => ":E2E09709" ADS removed successfully
C:\ProgramData\TEMP => ":F512B2D9" ADS removed successfully
"C:\Users\Admin\Desktop\Unconfirmed 722239.crdownload" => not found
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OneDrive" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OneDrive" => removed successfully

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

========= End of CMD: =========

========= DISM /Online /Cleanup-Image /CheckHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.26100.5074

Image Version: 10.0.26200.7840

The component store is repairable.
The operation completed successfully.

========= End of CMD: =========

Do I need to try again? I will copy first.

Oh My! · Mar 1, 2026

It sounds like FRST64 hung up for some reason on our last Fix.

Let's do this.

===================================================

Farbar Recovery Scan Tool - Run Fix Using Attached File

--------------------

Download FRST64 and if it is in the Downloads folder copy and paste the program to your desktop.

Download the attached file and copy and paste the file onto the desktop

Right click on FRST64 and select Run as administrator

Making sure both FRST64 and Fixlist.txt are both still on the desktop click Fix (not Scan)

Your computer will automatically reboot after processing the Fixlist.txt

Following reboot copy and paste the Fixlog.txt report on the desktop in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

Lalaina · Mar 2, 2026

As requested, copy of Fixlog pasted below. Sorry about the other one. Edge is working fine now. Thanks so much for guiding me through this. I appreciate the time you spent.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2026
Ran by Admin (01-03-2026 22:24:12) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
cmd: DISM /Online /Cleanup-Image /RestoreHealth
*****************

Processes closed successfully.

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Deployment Image Servicing and Management tool
Version: 10.0.26100.5074

Image Version: 10.0.26200.7840

[== 3.8% ]

[== 4.8% ]

[=== 5.7% ]

[=== 6.7% ]

[==== 7.7% ]

[===== 8.7% ]

[===== 9.7% ]

[====== 10.6% ]

[====== 11.6% ]

[======= 12.6% ]

[======= 13.6% ]

[======== 14.6% ]

[========= 15.5% ]

[========= 16.5% ]

[========== 17.5% ]

[========== 18.5% ]

[=========== 19.5% ]

[=========== 20.4% ]

[============ 21.2% ]

[============ 22.2% ]

[============= 23.2% ]

[============== 24.2% ]

[============== 25.1% ]

[=============== 26.1% ]

[=============== 27.1% ]

[================ 28.1% ]

[================ 29.1% ]

[================ 29.1% ]

[================= 30.0% ]

[================= 31.0% ]

[================== 32.0% ]

[=================== 33.0% ]

[=================== 34.0% ]

[==================== 34.9% ]

[==================== 35.9% ]

[===================== 36.9% ]

[===================== 37.2% ]

[====================== 38.2% ]

[====================== 38.9% ]

[====================== 39.2% ]

[======================= 40.2% ]

[======================= 41.2% ]

[======================== 42.2% ]

[========================= 43.2% ]

[========================= 43.8% ]

[========================= 44.8% ]

[========================== 45.7% ]

[===========================46.7% ]

[===========================47.7% ]

[===========================48.7% ]

[===========================49.7% ]

[===========================50.6% ]

[===========================51.6% ]

[===========================52.6% ]

[===========================53.6% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.8% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.5% ]

[===========================55.6% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================56.0% ]

[===========================56.2% ]

[===========================56.3% ]

[===========================56.5% ]

[===========================56.6% ]

[===========================56.9%= ]

[===========================57.9%= ]

[===========================58.9%== ]

[===========================59.5%== ]

[===========================60.2%== ]

[===========================62.3%==== ]

[===========================77.4%============ ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 22:32:28 ====

Oh My! · Mar 2, 2026

Thanks for all your efforts.

Everything is looking great. Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?

Lalaina · Mar 2, 2026

Everything is looking good. I even have Run as administrator on my right-click menu now. That will make things easier. Thank you so much for putting up with my elderly confusion and being so nice about my mistakes.. I am ready for clean=up now.

Oh My! · Mar 2, 2026

It was a pleasure working together with you. I am getting along in years as well so I certainly understand. Dealing with computers is not always easy.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------

Download KpRm and save it to your Desktop (see here if you must use Chrome)

Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.

Right click on the icon and select Run as administrator

Click Yes on the Disclaimer

Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days

Click Run

Click OK on All operations are completed

KpRm will delete itself from you Desktop and you can either save or remove the report that is generated

You are free to remove any other tools/reports still remaining

===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.

Answers to common security questions - Best Practices

So How did I get infected?

Why I Stopped Using Third-Party Antivirus on Windows

Pirated Software is All Fun and Games Until Your Data is Stolen

Why You Should Update All Your Software

Thank you for placing your trust in Major Geeks. It was a pleasure serving you.

Log in or Sign up

No Links For Tools On Gif Pages

Lalaina Private E-2

Oh My! Malware Expert Staff Member

Lalaina Private E-2

Oh My! Malware Expert Staff Member

Lalaina Private E-2

Oh My! Malware Expert Staff Member

Lalaina Private E-2

Attached Files:

FRST.txt

Addition.txt

Oh My! Malware Expert Staff Member

Attached Files:

Fixlist.txt

Lalaina Private E-2

Oh My! Malware Expert Staff Member

Attached Files:

Fixlist.txt

Lalaina Private E-2

Attached Files:

Fixlog.txt

Oh My! Malware Expert Staff Member

Lalaina Private E-2

Oh My! Malware Expert Staff Member

Attached Files:

Fixlist.txt

Lalaina Private E-2

Oh My! Malware Expert Staff Member

Lalaina Private E-2

Oh My! Malware Expert Staff Member