PDA

View Full Version : back so soon under attack...



rcb56
2019-10-07, 06:39
i swear! i was on amazon andi didn't click on anything but my browser went nuts and mouse too. no matter what my mouse even just hovered on it did it. if i went over the red x poof. it downloaded about 25 frst installers. the aswMBR killed my pc so it didn't scan. it started opening so many windows finally the browser just shut down. i hate to be back bothering again but please help!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (06-10-2019 22:10:24)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [4222824 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-04]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1224E798-3D98-4167-9210-57D0A608D115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {2F69E2B5-998C-4BE3-B8C1-F4C17A832F81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
Task: {56459180-EFEE-41F5-A5DE-1AAC75A3848F} - System32\Tasks\App Explorer => C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7399080 2019-06-03] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {CE593E85-91CA-4FC6-9123-B03726458666} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {EAF67D8F-5CB1-4E4B-9409-6A9A6E49888B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-03-06] (Lenovo -> Lenovo Group Ltd.)
Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
Tcpip\..\Interfaces\{a7d8a2cf-4df1-462b-8c04-296901f5dbce}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e9912264-f036-4b2d-a7b6-0265d6053904}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\ronny\Desktop\New folder\bin\ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\ronny\Desktop\New folder\bin\jp2ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02]
Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02]

FireFox:
========
FF DefaultProfile: fningdqf.default
FF DefaultProfile: maib197h.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-02]
FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2019-09-26]
FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-09-23]
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\dtplugin\npDeployJava1.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\plugin2\npjp2.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2019-08-30]
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-30]
CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-30]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [178024 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89600 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-06 22:10 - 2019-10-06 22:13 - 000026550 _____ C:\Users\ronny\Desktop\FRST.txt
2019-10-06 22:08 - 2019-10-06 22:11 - 000000000 ____D C:\FRST
2019-10-06 22:05 - 2019-10-06 22:05 - 005198336 _____ (AVAST Software) C:\Users\ronny\Desktop\aswMBR.exe
2019-10-06 22:04 - 2019-10-06 22:04 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64(1).exe
2019-10-06 22:03 - 2019-10-06 22:03 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2019-10-06 22:02 - 2019-10-06 22:02 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2019-10-06 22:02 - 2019-10-06 22:02 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-4HPCQJEC-Windows-10-Home-(64-bit).dat
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\RegBackup
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2019-10-06 22:01 - 2019-10-06 22:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
2019-10-06 18:38 - 2019-10-06 18:38 - 001864748 _____ C:\Users\ronny\Desktop\image1.jpeg
2019-10-04 21:47 - 2019-10-04 21:47 - 000000000 ____D C:\Users\ronny\AppData\Local\Logitech® Webcam Software
2019-10-04 21:44 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
2019-10-04 21:43 - 2019-10-04 21:43 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Leadertech
2019-10-04 21:40 - 2019-10-04 21:43 - 000000000 ____D C:\Program Files (x86)\Logitech
2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\ProgramData\Desktop\Logitech Webcam Software .lnk
2019-10-04 21:40 - 2019-10-04 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-10-02 12:18 - 2019-10-02 12:18 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-10-02 11:10 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\ProgramData\Desktop\SeaMonkey.lnk
2019-10-02 11:09 - 2019-10-02 12:14 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
2019-10-02 11:08 - 2019-10-02 11:08 - 044820438 _____ (Mozilla) C:\Users\ronny\Desktop\seamonkey-2.49.5.installer.exe
2019-10-02 10:58 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
2019-10-02 10:57 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-10-02 10:57 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\Desktop\New folder
2019-10-02 10:57 - 2019-10-02 10:57 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-10-02 10:49 - 2019-10-02 10:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Oracle
2019-09-28 02:49 - 2019-10-06 21:21 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
2019-09-27 23:41 - 2019-09-27 23:41 - 000470308 _____ C:\Users\ronny\Desktop\Resized_Screenshot_20190927-104343.jpeg
2019-09-27 08:54 - 2019-09-27 08:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Adguard Software Ltd
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Local\Adguard_Software_Ltd
2019-09-26 21:24 - 2019-09-18 05:05 - 000089600 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2019-09-26 21:23 - 2019-10-06 21:38 - 000000000 ____D C:\ProgramData\Adguard
2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\Users\Public\Desktop\Adguard.lnk
2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\ProgramData\Desktop\Adguard.lnk
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\ProgramData\fontcacheev1.dat
2019-09-26 21:22 - 2019-10-02 12:18 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-09-26 21:22 - 2019-09-26 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
2019-09-21 23:22 - 2019-09-27 13:35 - 000000000 ____D C:\Users\ronny\AppData\Local\Unity
2019-09-21 23:22 - 2019-09-22 19:47 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Unity
2019-09-21 00:00 - 2019-09-21 00:00 - 000374961 _____ C:\Users\ronny\Desktop\ronald_bridges_nvrf.pdf
2019-09-19 12:34 - 2019-10-04 21:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-09-19 11:18 - 2019-09-19 11:18 - 000000000 ___HD C:\OneDriveTemp
2019-09-18 10:53 - 2019-09-18 11:08 - 000000000 ____D C:\Users\ronny\Desktop\Sounds
2019-09-07 02:06 - 2019-09-08 05:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-06 21:47 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-06 18:36 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-06 08:45 - 2019-08-24 16:09 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-10-05 22:02 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny\AppData\Local\Host App Service
2019-10-05 12:54 - 2019-08-30 01:36 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Maxthon5
2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-04 21:56 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
2019-10-04 21:43 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
2019-10-04 21:43 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
2019-10-02 12:25 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2019-10-02 12:17 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-02 12:15 - 2019-08-23 15:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-10-02 11:47 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\registration
2019-10-02 11:43 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
2019-10-02 11:20 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2019-10-02 11:16 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Local\Mozilla
2019-10-02 11:10 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Mozilla
2019-10-02 10:21 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-29 12:33 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-09-28 02:44 - 2019-08-23 19:28 - 000000000 ___RD C:\Users\ronny\OneDrive
2019-09-28 02:33 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-28 00:45 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2019-09-27 08:53 - 2019-09-01 17:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-09-26 21:21 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-24 14:12 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-24 01:26 - 2019-09-03 23:06 - 000000000 ____D C:\WINDOWS\Net
2019-09-23 21:03 - 2019-08-26 16:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-23 21:02 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-21 03:48 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2019-09-19 11:17 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
2019-09-19 11:17 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-13 03:11 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.old.sql
2019-09-09 03:16 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories ================

2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by ronny (06-10-2019 22:14:48)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.2.2936.0 - Adguard Software Ltd) Hidden
AdGuard (HKLM-x32\...\{bc242975-00ab-4e62-ad42-31de9242d781}) (Version: 7.2.2936.0 - Adguard Software Ltd)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Host App Service) (Version: 0.273.3.522 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02] (Fillr)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-03] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1600.3.0_x86__kgqvnymyfvs32 [2019-10-02] (king.com)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1908.42.0_x64__k1h2ywk1493x8 [2019-10-02] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-10-02] (LENOVO INC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0 [2019-10-02] (Spotify AB)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02] (Nik Rolls)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-08-23 19:13 - 2018-08-12 23:33 - 001564160 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoContextEnginePlugin\x64\x64\SQLite.Interop.dll
2015-10-09 07:42 - 2003-01-26 15:41 - 000040960 _____ (vbAccelerator) [File not signed] C:\Program Files (x86)\Tweaking.com\Registry Backup\SSubTmr6.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{0635B29F-2632-4637-8F71-27A8A139037E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{99B17194-18D2-4791-99E0-75B78A616468}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
FirewallRules: [{A8CD29F5-7DD5-4078-98B5-08A068340E28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{67A9CC3A-842F-477C-8F5A-D5400EF41ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0083959-183D-40B8-ACE3-BF7BF4129EAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8006475F-37EE-4BF6-979B-985DDFA4689F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3802570B-363B-441D-8C64-020D14D5CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1008D5D4-8314-4373-874E-534C3E93BC55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5692BE70-F61F-463C-831C-00E767D45BAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{972054F6-3AB3-4F1D-A5B3-43F551FA4298}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7693F2D9-9301-417B-8CD1-F7B3302A2853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5243A6B1-8F19-4E60-BE3F-18890A09AFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9AD62D3D-D3DA-4ABD-B97F-45071A5CA045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{118302F7-B6F5-4893-BD18-8CD7766C3229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4AA7B009-46A4-47B2-BE4B-2A6BB2620864}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AAE44F32-B9E6-48D4-ACEE-C0A733CEDBBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B0D8EF3F-26C3-4B2B-A70D-852B25C613E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D44185D-45EE-4E85-B252-9945F49A2BAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7784072-0EF8-4F91-BD3B-FE64D28B4961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Restore Points =========================

21-09-2019 06:26:23 Scheduled Checkpoint
29-09-2019 14:21:44 Windows Update
02-10-2019 11:38:49 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2019 09:58:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3d78

Start Time: 01d57cbae873d16b

Termination Time: 0

Application Path: C:\WINDOWS\System32\MicrosoftEdgeCP.exe

Report Id: f5a1e8ac-ce81-413e-a0de-3705ffc03c9c

Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Unknown

Error: (10/06/2019 09:51:46 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (10/06/2019 09:51:46 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/06/2019 08:51:04 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/05/2019 08:55:04 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (10/05/2019 08:55:03 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/05/2019 08:50:55 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/03/2019 02:04:43 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).


System errors:
=============
Error: (10/06/2019 08:45:14 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74

Error: (10/05/2019 08:45:22 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74

Error: (10/03/2019 11:37:55 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74

Error: (10/02/2019 12:33:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: 9NCGJX5QLP9M-AppUp.IntelMediaSDKDFP.

Error: (10/02/2019 12:32:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 9NCGJX5QLP9M-AppUp.IntelMediaSDKDFP.

Error: (10/02/2019 12:25:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/02/2019 12:25:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/02/2019 12:19:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-10-06 22:14:45.790
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ronny\Downloads\FRSTEnglish.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-03 13:52:01.957
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {595EC542-D413-417E-9623-207FF9200C55}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-03 13:39:02.366
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E1EB5BFE-C4AB-4C53-864E-0B62D7A12C91}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-03 13:28:57.452
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CC7CCFAB-08BD-460F-8389-CFE707DD98D0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-03 13:20:23.207
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5AD5FCCE-D023-47E3-BA8E-27DF2FA5B7D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-28 02:42:21.947
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2019-09-11 11:22:10.912
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2019-09-10 20:09:06.651
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-10-06 21:57:17.750
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:57:08.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:57:08.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:57.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:36.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:28.616
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:28.251
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:28.016
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 8TCN53WW 05/17/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 4005.22 MB
Available physical RAM: 1195.96 MB
Total Virtual: 8929.92 MB
Available Virtual: 4394.14 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:882.58 GB) NTFS

\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

Partition: GPT.

==================== End of Addition.txt ============================

rcb56
2019-10-07, 07:52
also when i scroll over a page it highlights everything, then i pull away but before i can it catches part of the text and copies it to clipboard. i can't tell what all it's doing but it does it.

Juliet
2019-10-07, 14:46
It all sounds very odd, and I really can't say whats happened.

We need to remove an item out of your add/remove programs list.
Open the Start menu.
Click Settings.
Click System on the Settings menu.
Select Apps & features from the left pane. ...
Select an app you wish to uninstall.
Lenovo App Explorer (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Host App Service) (Version: 0.273.3.522 - SweetLabs for Lenovo) <==== ATTENTION
Click the Uninstall button that appears.



News is coming in about failed/bad windows updates, so be on the lookout for that.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I'm not sure but the version of Farbar Recovery Scan Tool looks to be outdated?
Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
We can attempt to download a tool to remove this version and all folders and download a more current one.
~~~~~

KpRm

Download KpRm (https://toolslib.net/downloads/finish/951-kprm/) by kernel-panik and save it to your desktop.

Right-click kprm_(version).exe and select Run as Administrator.
When the tool opens, ensure all boxes are checked, and select Run.
Once complete, click OK.
A log will open in Notepad titled kprm-(date).txt.
Please copy and paste its contents in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Next, let's try a newer version of FRST
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

rcb56
2019-10-07, 18:24
ok juliet, thanks. i did as you posted and the file to erase the other frst ran fine and it's report came up when it finished. before i could do anything my entire screen went black and there was nothing except my cursor. it would move but seemed to have no functions. i had to eventually kill the power by holding the power button down and then restart. when i did it opened as normal but the frst was gone from my desktop but so was the other program that deleted it. posting these new frst reports and i will look on my pc for that program.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (07-10-2019 10:15:27)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [4222824 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-06]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1224E798-3D98-4167-9210-57D0A608D115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {2F69E2B5-998C-4BE3-B8C1-F4C17A832F81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {CE593E85-91CA-4FC6-9123-B03726458666} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {EAF67D8F-5CB1-4E4B-9409-6A9A6E49888B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-03-06] (Lenovo -> Lenovo Group Ltd.)
Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
Tcpip\..\Interfaces\{a7d8a2cf-4df1-462b-8c04-296901f5dbce}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e9912264-f036-4b2d-a7b6-0265d6053904}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\ronny\Desktop\New folder\bin\ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\ronny\Desktop\New folder\bin\jp2ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02]
Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02]

FireFox:
========
FF DefaultProfile: fningdqf.default
FF DefaultProfile: maib197h.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-07]
FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2019-10-07]
FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-10-07]
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\dtplugin\npDeployJava1.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\plugin2\npjp2.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2019-08-30]
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-30]
CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-30]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [178024 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89600 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-07 10:15 - 2019-10-07 10:17 - 000027149 _____ C:\Users\ronny\Desktop\FRST.txt
2019-10-07 10:14 - 2019-10-07 10:16 - 000000000 ____D C:\FRST
2019-10-07 10:14 - 2019-10-07 10:14 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2019-10-07 09:05 - 2019-10-07 09:08 - 000003238 _____ C:\Users\ronny\Desktop\kprm-201910070904.txt
2019-10-07 09:05 - 2019-10-07 09:05 - 000000000 ____D C:\KPRM
2019-10-06 22:24 - 2019-10-06 22:29 - 001557804 _____ C:\WINDOWS\Minidump\100619-46203-01.dmp
2019-10-06 22:24 - 2019-10-06 22:24 - 869951544 _____ C:\WINDOWS\MEMORY.DMP
2019-10-06 22:24 - 2019-10-06 22:24 - 000000000 ____D C:\WINDOWS\Minidump
2019-10-06 22:02 - 2019-10-06 22:02 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2019-10-06 22:02 - 2019-10-06 22:02 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-4HPCQJEC-Windows-10-Home-(64-bit).dat
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\RegBackup
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2019-10-06 22:01 - 2019-10-06 22:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
2019-10-04 21:47 - 2019-10-04 21:47 - 000000000 ____D C:\Users\ronny\AppData\Local\Logitech® Webcam Software
2019-10-04 21:44 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
2019-10-04 21:43 - 2019-10-04 21:43 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Leadertech
2019-10-04 21:40 - 2019-10-04 21:43 - 000000000 ____D C:\Program Files (x86)\Logitech
2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\ProgramData\Desktop\Logitech Webcam Software .lnk
2019-10-04 21:40 - 2019-10-04 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-10-02 12:18 - 2019-10-07 10:09 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-10-02 12:18 - 2019-10-07 10:08 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-10-02 11:10 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\ProgramData\Desktop\SeaMonkey.lnk
2019-10-02 11:09 - 2019-10-02 12:14 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
2019-10-02 11:08 - 2019-10-02 11:08 - 044820438 _____ (Mozilla) C:\Users\ronny\Desktop\seamonkey-2.49.5.installer.exe
2019-10-02 10:58 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
2019-10-02 10:57 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-10-02 10:57 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\Desktop\New folder
2019-10-02 10:57 - 2019-10-02 10:57 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-10-02 10:49 - 2019-10-02 10:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Oracle
2019-09-28 02:49 - 2019-10-07 10:13 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
2019-09-27 23:41 - 2019-09-27 23:41 - 000470308 _____ C:\Users\ronny\Desktop\Resized_Screenshot_20190927-104343.jpeg
2019-09-27 08:54 - 2019-09-27 08:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Adguard Software Ltd
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Local\Adguard_Software_Ltd
2019-09-26 21:24 - 2019-09-18 05:05 - 000089600 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2019-09-26 21:23 - 2019-10-07 10:18 - 000000000 ____D C:\ProgramData\Adguard
2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\Users\Public\Desktop\Adguard.lnk
2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\ProgramData\Desktop\Adguard.lnk
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\ProgramData\fontcacheev1.dat
2019-09-26 21:22 - 2019-10-07 10:09 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-09-26 21:22 - 2019-09-26 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
2019-09-21 23:22 - 2019-09-27 13:35 - 000000000 ____D C:\Users\ronny\AppData\Local\Unity
2019-09-21 23:22 - 2019-09-22 19:47 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Unity
2019-09-21 00:00 - 2019-09-21 00:00 - 000374961 _____ C:\Users\ronny\Desktop\ronald_bridges_nvrf.pdf
2019-09-19 12:34 - 2019-10-04 21:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-09-19 11:18 - 2019-09-19 11:18 - 000000000 ___HD C:\OneDriveTemp
2019-09-18 10:53 - 2019-09-18 11:08 - 000000000 ____D C:\Users\ronny\Desktop\Sounds
2019-09-07 02:06 - 2019-09-08 05:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-07 10:11 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-07 10:09 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2019-10-07 10:08 - 2019-08-24 16:09 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-10-07 10:08 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-07 10:08 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-07 08:56 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2019-10-07 04:11 - 2019-08-26 16:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-06 22:32 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-06 22:25 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
2019-10-05 12:54 - 2019-08-30 01:36 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Maxthon5
2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-04 21:56 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
2019-10-04 21:43 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
2019-10-04 21:43 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
2019-10-02 12:15 - 2019-08-23 15:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-10-02 11:47 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\registration
2019-10-02 11:16 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Local\Mozilla
2019-10-02 11:10 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Mozilla
2019-10-02 10:21 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-29 12:33 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-09-28 02:44 - 2019-08-23 19:28 - 000000000 ___RD C:\Users\ronny\OneDrive
2019-09-28 02:33 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-28 00:45 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2019-09-27 08:53 - 2019-09-01 17:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-09-26 21:21 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-24 14:12 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-24 01:26 - 2019-09-03 23:06 - 000000000 ____D C:\WINDOWS\Net
2019-09-23 21:02 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-21 03:48 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2019-09-19 11:17 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
2019-09-19 11:17 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-13 03:11 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.old.sql
2019-09-09 03:16 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories ================

2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by ronny (07-10-2019 10:19:49)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.2.2936.0 - Adguard Software Ltd) Hidden
AdGuard (HKLM-x32\...\{bc242975-00ab-4e62-ad42-31de9242d781}) (Version: 7.2.2936.0 - Adguard Software Ltd)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02] (Fillr)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-03] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1600.3.0_x86__kgqvnymyfvs32 [2019-10-02] (king.com)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1908.42.0_x64__k1h2ywk1493x8 [2019-10-02] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-10-02] (LENOVO INC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0 [2019-10-02] (Spotify AB)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02] (Nik Rolls)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-09-02 18:09 - 2019-05-28 15:06 - 001021440 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll
2019-09-21 08:50 - 2019-06-08 16:48 - 001257472 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2019-08-23 19:13 - 2018-08-12 23:33 - 001564160 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoContextEnginePlugin\x64\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{0635B29F-2632-4637-8F71-27A8A139037E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{99B17194-18D2-4791-99E0-75B78A616468}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
FirewallRules: [{A8CD29F5-7DD5-4078-98B5-08A068340E28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{67A9CC3A-842F-477C-8F5A-D5400EF41ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0083959-183D-40B8-ACE3-BF7BF4129EAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8006475F-37EE-4BF6-979B-985DDFA4689F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3802570B-363B-441D-8C64-020D14D5CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1008D5D4-8314-4373-874E-534C3E93BC55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5692BE70-F61F-463C-831C-00E767D45BAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{972054F6-3AB3-4F1D-A5B3-43F551FA4298}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7693F2D9-9301-417B-8CD1-F7B3302A2853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5243A6B1-8F19-4E60-BE3F-18890A09AFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9AD62D3D-D3DA-4ABD-B97F-45071A5CA045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{118302F7-B6F5-4893-BD18-8CD7766C3229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4AA7B009-46A4-47B2-BE4B-2A6BB2620864}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AAE44F32-B9E6-48D4-ACEE-C0A733CEDBBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B0D8EF3F-26C3-4B2B-A70D-852B25C613E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D44185D-45EE-4E85-B252-9945F49A2BAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7784072-0EF8-4F91-BD3B-FE64D28B4961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Restore Points =========================

07-10-2019 09:06:16 Windows Update
07-10-2019 09:07:19 KpRm

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2019 10:15:50 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (10/07/2019 10:15:49 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/07/2019 10:15:38 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/06/2019 10:34:28 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (10/06/2019 10:34:28 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/06/2019 10:31:40 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/06/2019 09:58:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3d78

Start Time: 01d57cbae873d16b

Termination Time: 0

Application Path: C:\WINDOWS\System32\MicrosoftEdgeCP.exe

Report Id: f5a1e8ac-ce81-413e-a0de-3705ffc03c9c

Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Unknown

Error: (10/06/2019 09:51:46 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).


System errors:
=============
Error: (10/07/2019 10:11:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/07/2019 10:11:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/07/2019 10:11:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/07/2019 10:09:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/07/2019 10:09:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/07/2019 10:08:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:35:36 AM on ‎10/‎7/‎2019 was unexpected.

Error: (10/07/2019 09:39:45 AM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-4HPCQJEC)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (10/07/2019 09:12:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80004002: 2019-08 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB4512192).


Windows Defender:
===================================
Date: 2019-10-06 22:14:45.790
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ronny\Downloads\FRSTEnglish.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-03 13:52:01.957
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {595EC542-D413-417E-9623-207FF9200C55}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-03 13:39:02.366
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E1EB5BFE-C4AB-4C53-864E-0B62D7A12C91}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-03 13:28:57.452
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CC7CCFAB-08BD-460F-8389-CFE707DD98D0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-03 13:20:23.207
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5AD5FCCE-D023-47E3-BA8E-27DF2FA5B7D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-28 02:42:21.947
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2019-09-11 11:22:10.912
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2019-09-10 20:09:06.651
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-10-06 22:41:58.032
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:57:17.750
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:57:08.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:57:08.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:57.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:36.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:28.616
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:28.251
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 8TCN53WW 05/17/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 82%
Total physical RAM: 4005.22 MB
Available physical RAM: 687.71 MB
Total Virtual: 8101.22 MB
Available Virtual: 4275.52 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:890.27 GB) NTFS
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:434.43 GB) NTFS

\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

Partition: GPT.

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

rcb56
2019-10-07, 18:30
ok the file was saved but not sure where the program is. also there is a failed update and i try to run it and it keep's failing


2019-08 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB4512192) - Error 0x80004002


2019-09 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4512578) - Error 0x80004002


Microsoft .NET Framework 4.8 for Windows 10 Version 1809 for x64 (KB4486153) - Error 0x80004002


# Run at 10/7/2019 9:05:42 AM
# KpRm (Kernel-panik) version 1.12
# Website https://kernel-panik.me/tool/kprm/
# Run by ronny from C:\Users\ronny\Desktop
# Computer Name: LAPTOP-4HPCQJEC
# OS: Windows 10 X64 (17763)

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SAM backed up
~ [OK] Hive C:\WINDOWS\System32\config\SECURITY backed up
~ [OK] Hive C:\WINDOWS\System32\config\DEFAULT backed up
~ [OK] Hive C:\WINDOWS\System32\config\SYSTEM backed up
~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT backed up
~ [OK] Hive C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT backed up
~ [OK] Hive C:\Users\ronny\NTUSER.DAT backed up
~ [OK] Hive C:\Users\ronny\AppData\Local\Microsoft\Windows\UsrClass.dat backed up
~ [OK] Hive C:\WINDOWS\System32\config\DRIVERS backed up

[OK] Registry Backup: C:\KPRM\backup\2019-10-07-09-04

-- Backup Registry finished in 44.84s --


- Remove Tools -


## AswMBR
[OK] C:\Users\ronny\Desktop\aswMBR(1).exe deleted (1)
[OK] C:\Users\ronny\Desktop\aswMBR.exe deleted (1)

## FRST
[OK] C:\Users\ronny\Desktop\Addition.txt deleted (1)
[OK] C:\Users\ronny\Desktop\FRST.txt deleted (1)
[OK] C:\Users\ronny\Desktop\FRST64(1).exe deleted (1)
[OK] C:\FRST deleted (1)

-- Remove tools finished in 14.74s --


- Restore System Settings -

[OK] Flush DNS
[OK] Reset WinSock
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

-- Restore System Settings finished in 11.18s --


- Restore UAC -

[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableLUA with default (1) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

-- Restore UAC finished in 0.48s --


- Clear Restore Points -

~ [OK] RP named Scheduled Checkpoint created at 09/21/2019 11:26:23 deleted
~ [OK] RP named Windows Update created at 09/29/2019 19:21:44 deleted
~ [OK] RP named Restore Operation created at 10/02/2019 16:38:49 deleted

[OK] All system restore points have been successfully deleted

-- Clear Restore Points finished in 21.96s --


- Create Restore Point -

[OK] Enable System Restore
[OK] System Restore Point created

- Display System Restore Point -

~ [I] RP named Windows Update created at 10/07/2019 14:06:16 found
~ [I] RP named KpRm created at 10/07/2019 14:07:19 found

-- Create Restore Point finished in 66.35s --


-- KPRM finished in 162.42s --

Juliet
2019-10-07, 22:12
OK, sounds like the graphics driver is acting up on the computer. Thats just my guess I dont have anything to back me on that.
How old is this computer?

~~~~~~~~~~~~~~~~~~~~~~~~`
I want you to re-download Farbar Recovery Scan Tool to desktop
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Don't click on anything to scan or run, we'll do that at another time.


Now we'll work on a script.

****
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
Task: {56459180-EFEE-41F5-A5DE-1AAC75A3848F} - System32\Tasks\App Explorer => C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7399080 2019-06-03] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply


Post these 3 logs when finished.

Read over the below Microsoft links for failed windows updates.
https://support.microsoft.com/en-us/help/4027322/windows-update-troubleshooter
https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors

rcb56
2019-10-08, 05:41
ok juliet, sorry to be so long. hope i did this right...i notice when using my mouse the cursor moves about on it's own, it just jumps about a little at a time but very noticably


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (07-10-2019 21:29:33)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
(Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\ronny\Desktop\AdwCleaner.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11909.1002.3.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [4222824 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-06]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1224E798-3D98-4167-9210-57D0A608D115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {2F69E2B5-998C-4BE3-B8C1-F4C17A832F81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - \Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 -> No File <==== ATTENTION
Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - \Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 -> No File <==== ATTENTION
Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - \Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 -> No File <==== ATTENTION
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {A2734AF0-B86B-49CF-B849-B3D9E28A4DE3} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [35070520 2019-10-07] (Adlice -> )
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {CE593E85-91CA-4FC6-9123-B03726458666} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {EAF67D8F-5CB1-4E4B-9409-6A9A6E49888B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
Tcpip\..\Interfaces\{a7d8a2cf-4df1-462b-8c04-296901f5dbce}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e9912264-f036-4b2d-a7b6-0265d6053904}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\ronny\Desktop\New folder\bin\ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\ronny\Desktop\New folder\bin\jp2ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02]
Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02]

FireFox:
========
FF DefaultProfile: fningdqf.default
FF DefaultProfile: maib197h.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-07]
FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2019-10-07]
FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-10-07]
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\dtplugin\npDeployJava1.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\plugin2\npjp2.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2019-08-30]
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-30]
CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-30]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [178024 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ImControllerService; "%SystemDrive%\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89600 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
U3 TrueSight; C:\WINDOWS\System32\drivers\truesight.sys [28272 2019-10-07] (Adlice -> )
R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-07 21:25 - 2019-10-07 21:25 - 000002058 _____ C:\Users\ronny\Desktop\rogue.txt
2019-10-07 21:06 - 2019-10-07 21:06 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-10-07 21:04 - 2019-10-07 21:06 - 000000000 ____D C:\ProgramData\RogueKiller
2019-10-07 21:04 - 2019-10-07 21:04 - 000003156 _____ C:\WINDOWS\system32\Tasks\RogueKiller Anti-Malware
2019-10-07 21:04 - 2019-10-07 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-10-07 21:04 - 2019-10-07 21:04 - 000000000 ____D C:\Program Files\RogueKiller
2019-10-07 21:02 - 2019-10-07 21:02 - 033051136 _____ (Adlice Software ) C:\Users\ronny\Desktop\RogueKiller_setup.exe
2019-10-07 15:21 - 2019-10-07 15:21 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-10-07 15:21 - 2019-10-07 15:21 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-10-07 15:21 - 2019-10-07 15:21 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-10-07 15:21 - 2019-10-07 15:21 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-10-07 15:09 - 2019-10-07 15:18 - 000000000 ____D C:\AdwCleaner
2019-10-07 15:08 - 2019-10-07 15:08 - 007622344 _____ (Malwarebytes) C:\Users\ronny\Desktop\AdwCleaner.exe
2019-10-07 10:19 - 2019-10-07 10:21 - 000032349 _____ C:\Users\ronny\Desktop\Addition.txt
2019-10-07 10:15 - 2019-10-07 21:31 - 000026730 _____ C:\Users\ronny\Desktop\FRST.txt
2019-10-07 10:14 - 2019-10-07 21:30 - 000000000 ____D C:\FRST
2019-10-07 10:14 - 2019-10-07 10:14 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2019-10-07 09:05 - 2019-10-07 09:08 - 000003238 _____ C:\Users\ronny\Desktop\kprm-201910070904.txt
2019-10-07 09:05 - 2019-10-07 09:05 - 000000000 ____D C:\KPRM
2019-10-06 22:24 - 2019-10-07 18:05 - 000000000 ____D C:\WINDOWS\Minidump
2019-10-06 22:02 - 2019-10-06 22:02 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-10-06 22:02 - 2019-10-06 22:02 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-4HPCQJEC-Windows-10-Home-(64-bit).dat
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\RegBackup
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2019-10-06 22:01 - 2019-10-06 22:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
2019-10-04 21:47 - 2019-10-04 21:47 - 000000000 ____D C:\Users\ronny\AppData\Local\Logitech® Webcam Software
2019-10-04 21:44 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
2019-10-04 21:43 - 2019-10-04 21:43 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Leadertech
2019-10-04 21:40 - 2019-10-04 21:43 - 000000000 ____D C:\Program Files (x86)\Logitech
2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2019-10-04 21:40 - 2019-10-04 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-10-02 11:10 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
2019-10-02 11:09 - 2019-10-02 12:14 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
2019-10-02 11:08 - 2019-10-02 11:08 - 044820438 _____ (Mozilla) C:\Users\ronny\Desktop\seamonkey-2.49.5.installer.exe
2019-10-02 10:58 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
2019-10-02 10:57 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-10-02 10:57 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\Desktop\New folder
2019-10-02 10:57 - 2019-10-02 10:57 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-10-02 10:49 - 2019-10-02 10:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Oracle
2019-09-28 02:49 - 2019-10-07 16:40 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
2019-09-27 23:41 - 2019-09-27 23:41 - 000470308 _____ C:\Users\ronny\Desktop\Resized_Screenshot_20190927-104343.jpeg
2019-09-27 08:54 - 2019-09-27 08:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Adguard Software Ltd
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Local\Adguard_Software_Ltd
2019-09-26 21:24 - 2019-09-18 05:05 - 000089600 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2019-09-26 21:23 - 2019-10-07 21:32 - 000000000 ____D C:\ProgramData\Adguard
2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\Users\Public\Desktop\Adguard.lnk
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\ProgramData\fontcacheev1.dat
2019-09-26 21:22 - 2019-10-07 15:21 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-09-26 21:22 - 2019-09-26 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
2019-09-21 23:22 - 2019-09-27 13:35 - 000000000 ____D C:\Users\ronny\AppData\Local\Unity
2019-09-21 23:22 - 2019-09-22 19:47 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Unity
2019-09-21 00:00 - 2019-09-21 00:00 - 000374961 _____ C:\Users\ronny\Desktop\ronald_bridges_nvrf.pdf
2019-09-19 12:34 - 2019-10-04 21:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-09-19 11:18 - 2019-09-19 11:18 - 000000000 ___HD C:\OneDriveTemp
2019-09-18 10:53 - 2019-09-18 11:08 - 000000000 ____D C:\Users\ronny\Desktop\Sounds
2019-09-07 02:06 - 2019-09-08 05:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-10-07 18:14 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-07 18:03 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-07 15:25 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2019-10-07 15:20 - 2019-08-24 16:09 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-10-07 15:20 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-07 15:19 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
2019-10-07 15:19 - 2019-08-23 15:35 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-10-07 15:18 - 2019-08-23 21:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2019-10-07 15:18 - 2019-08-23 20:40 - 000000000 ____D C:\ProgramData\Lenovo
2019-10-07 15:18 - 2019-08-23 20:40 - 000000000 ____D C:\Program Files (x86)\Lenovo
2019-10-07 15:18 - 2019-08-23 20:39 - 000000000 ____D C:\Program Files\Lenovo
2019-10-07 15:18 - 2019-08-23 19:28 - 000000000 ____D C:\Users\ronny\AppData\Local\Lenovo
2019-10-07 15:18 - 2019-08-23 16:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2019-10-07 15:18 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-10-07 15:06 - 2019-08-30 02:04 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-10-07 15:06 - 2019-08-30 02:04 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-10-07 15:06 - 2019-08-30 02:04 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-07 08:56 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2019-10-07 04:11 - 2019-08-26 16:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-06 22:32 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-05 12:54 - 2019-08-30 01:36 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Maxthon5
2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-04 21:56 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
2019-10-04 21:43 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
2019-10-04 21:43 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
2019-10-02 11:47 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\registration
2019-10-02 11:16 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Local\Mozilla
2019-10-02 11:10 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Mozilla
2019-10-02 10:21 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-29 12:33 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-09-28 02:44 - 2019-08-23 19:28 - 000000000 ___RD C:\Users\ronny\OneDrive
2019-09-28 02:33 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-28 00:45 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2019-09-27 08:53 - 2019-09-01 17:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-09-26 21:21 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-24 14:12 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-24 01:26 - 2019-09-03 23:06 - 000000000 ____D C:\WINDOWS\Net
2019-09-23 21:02 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-21 03:48 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2019-09-19 11:17 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
2019-09-19 11:17 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-13 03:11 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.old.sql
2019-09-09 03:16 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories ================

2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by ronny (07-10-2019 21:33:05)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.2.2936.0 - Adguard Software Ltd) Hidden
AdGuard (HKLM-x32\...\{bc242975-00ab-4e62-ad42-31de9242d781}) (Version: 7.2.2936.0 - Adguard Software Ltd)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
RogueKiller version 13.5.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.2.0 - Adlice Software)
SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02] (Fillr)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-03] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1600.3.0_x86__kgqvnymyfvs32 [2019-10-02] (king.com)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1908.42.0_x64__k1h2ywk1493x8 [2019-10-02] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-10-02] (LENOVO INC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0 [2019-10-02] (Spotify AB)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02] (Nik Rolls)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{0635B29F-2632-4637-8F71-27A8A139037E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{99B17194-18D2-4791-99E0-75B78A616468}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
FirewallRules: [{A8CD29F5-7DD5-4078-98B5-08A068340E28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{67A9CC3A-842F-477C-8F5A-D5400EF41ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0083959-183D-40B8-ACE3-BF7BF4129EAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8006475F-37EE-4BF6-979B-985DDFA4689F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3802570B-363B-441D-8C64-020D14D5CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1008D5D4-8314-4373-874E-534C3E93BC55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5692BE70-F61F-463C-831C-00E767D45BAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{972054F6-3AB3-4F1D-A5B3-43F551FA4298}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7693F2D9-9301-417B-8CD1-F7B3302A2853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5243A6B1-8F19-4E60-BE3F-18890A09AFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9AD62D3D-D3DA-4ABD-B97F-45071A5CA045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{118302F7-B6F5-4893-BD18-8CD7766C3229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4AA7B009-46A4-47B2-BE4B-2A6BB2620864}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AAE44F32-B9E6-48D4-ACEE-C0A733CEDBBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B0D8EF3F-26C3-4B2B-A70D-852B25C613E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D44185D-45EE-4E85-B252-9945F49A2BAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7784072-0EF8-4F91-BD3B-FE64D28B4961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Restore Points =========================

07-10-2019 09:06:16 Windows Update
07-10-2019 09:07:19 KpRm

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2019 03:14:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (10/07/2019 03:14:16 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/07/2019 03:11:39 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/07/2019 10:15:50 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (10/07/2019 10:15:49 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/07/2019 10:15:38 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (10/06/2019 10:34:28 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (10/06/2019 10:34:28 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (10/07/2019 03:40:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/07/2019 03:26:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/07/2019 03:25:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/07/2019 03:25:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/07/2019 03:25:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/07/2019 03:25:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/07/2019 03:23:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/07/2019 03:23:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Interface Foundation Service service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2019-10-06 22:14:45.790
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ronny\Downloads\FRSTEnglish.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

Date: 2019-10-03 13:52:01.957
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {595EC542-D413-417E-9623-207FF9200C55}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-03 13:39:02.366
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E1EB5BFE-C4AB-4C53-864E-0B62D7A12C91}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-03 13:28:57.452
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CC7CCFAB-08BD-460F-8389-CFE707DD98D0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-10-03 13:20:23.207
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5AD5FCCE-D023-47E3-BA8E-27DF2FA5B7D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-28 02:42:21.947
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2019-09-11 11:22:10.912
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2019-09-10 20:09:06.651
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-10-07 21:24:34.838
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-07 15:40:28.155
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-07 10:40:57.274
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 22:41:58.032
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:57:17.750
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:57:08.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:57:08.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-10-06 21:56:57.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 8TCN53WW 05/17/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 82%
Total physical RAM: 4005.22 MB
Available physical RAM: 709.12 MB
Total Virtual: 8101.22 MB
Available Virtual: 3367.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:890.23 GB) NTFS
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:434.43 GB) NTFS

\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

Partition: GPT.

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-10-03.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-07-2019
# Duration: 00:00:15
# OS: Windows 10 Home
# Cleaned: 14
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service

***** [ Files ] *****

Deleted C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKU\S-1-5-19\Software\Host App Service
Deleted HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKU\S-1-5-20\Software\Host App Service
Deleted HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoIMController Folder C:\Program Files (x86)\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Program Files\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\ronny\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\drivers\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [15021 octets] - [07/10/2019 15:09:50]
AdwCleaner[S00].txt - [2602 octets] - [07/10/2019 15:11:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

RogueKiller Anti-Malware V13.5.2.0 (x64) [Oct 7 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : ronny [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20191007_082013, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/10/07 21:06:15 (Duration : 00:17:55)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

rcb56
2019-10-08, 06:40
is the 4th try at typing .mice are all very erratic

Juliet
2019-10-08, 13:55
Please don't forget this next step.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - \Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 -> No File <==== ATTENTION
Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - \Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 -> No File <==== ATTENTION
Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - \Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 -> No File <==== ATTENTION
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]
S2 ImControllerService; "%SystemDrive%\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]
FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**
I want you to try this next**
System File Checker tool to repair missing or corrupted system files
https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system


Whats the name of your computer?
Reason I ask, this isn't pointing to malware but rather system malfunctions. Might have to send you to the manufacturer forum to get some type of diagnostics.

rcb56
2019-10-08, 21:27
ok juliet, thanks...you asked and i forgot this lenovo is nearing 1 year old

rcb56
2019-10-08, 21:42
juliet it's a Lenovo ideapad 330. i think just a tad under middle of the road i think

Juliet
2019-10-09, 01:55
How you coming along with the Fixscript I created for you to run?

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**

System File Checker tool <== have you run this yet?

rcb56
2019-10-09, 03:15
Juliet I thought I posted the frst report and the windows page is why I'm on my phone with you, it's because in safe mode it says windows help select your product but nothing is there???

rcb56
2019-10-09, 03:21
Running the DISM now

rcb56
2019-10-09, 03:26
well command prompt gives this C:\Users\ronny>For more information, refer to the help by running DISM.exe /?.
more was unexpected at this time.

C:\Users\ronny>
C:\Users\ronny>The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
'The' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\ronny>
C:\Users\ronny>C:\Users\ronny>sfc /scannow
'C:\Users\ronny' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\ronny>
C:\Users\ronny>Windows Resource Protection could not start the repair service.
'Windows' is not recognized as an internal or external command,
operable program or batch file.

rcb56
2019-10-09, 03:31
tried to post the DSIM from my pc and got 404 error too large to post

rcb56
2019-10-09, 03:33
here is the fixlog...

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by ronny (08-10-2019 13:24:32) Run:1
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny (Available Profiles: ronny)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - \Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 -> No File <==== ATTENTION
Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - \Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 -> No File <==== ATTENTION
Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - \Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 -> No File <==== ATTENTION
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]
S2 ImControllerService; "%SystemDrive%\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]
FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14D92110-62E1-4DFC-AF69-90B8267352A3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14D92110-62E1-4DFC-AF69-90B8267352A3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31473F18-652A-46FE-AD09-70FC2DD2193D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31473F18-652A-46FE-AD09-70FC2DD2193D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56C52AC1-4093-48BD-BD1F-0EE5C79A2134}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56C52AC1-4093-48BD-BD1F-0EE5C79A2134}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72AFA575-B5B7-4F9E-A73A-DEF06AD8224D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72AFA575-B5B7-4F9E-A73A-DEF06AD8224D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE77526C-BEAF-4E49-86F6-D04BC84A3FF2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE77526C-BEAF-4E49-86F6-D04BC84A3FF2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBF36B46-CBDF-45A6-B321-60F118CB9CC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBF36B46-CBDF-45A6-B321-60F118CB9CC3}" => removed successfully
C:\WINDOWS\System32\Tasks\LenovoUtility Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LenovoUtility Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED066DF5-E55B-4A40-B888-00144190843A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED066DF5-E55B-4A40-B888-00144190843A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKU\S-1-5-21-4109447768-91167649-2371174200-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully
ImControllerService => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ED2A87C-9EC4-413C-AF33-32D93891E375}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68A18C2B-DA57-474E-87B7-4F1B95611589}" => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\InfInstallerLog._19-10-04_09-43-11-562.log => moved successfully
C:\Windows\Temp\InfInstallerLog._19-10-07_09-53-24-345.log => moved successfully
C:\Windows\Temp\lnonpnpsamp.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\sa.9NCGJX5QLP9M_0__.Public.InstallAgent.dat => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 8937472 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 721879874 B
Java, Flash, Steam htmlcache => 5763 B
Windows/system/drivers => 19456 B
Edge => 20720893 B
Chrome => 125716405 B
Firefox => 198670594 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 256 B
LocalService => 256 B
LocalService => 256 B
NetworkService => 128744 B
NetworkService => 128744 B
ronny => 590181918 B

RecycleBin => 7967255 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:28:48 ====

rcb56
2019-10-09, 03:35
:oops::bomb::crazy::banghead:

rcb56
2019-10-09, 03:47
i've meant to tell you juliet, that in all of this something has def helped as it is now possible/ as opposed to the other day when i reappeared when this was just a mad circus so it is getting up now and seemingly trying to behave.

Juliet
2019-10-09, 12:30
I think something with the operating system has gone bonkers.
Might not be your fault (windows updates), sit still a day or two and lets see if it improves more.

rcb56
2019-10-09, 19:35
ok, you know that seems to be the way it goes since having this Lenovo. it runs just fine a while, then hiccup and look out! i dunno! i'll check back in a day or two if ok...btw this morning it acts as though nothing is wrong. :shrug::scratch:

Juliet
2019-10-09, 22:45
It's the time of the month for updates to be coming through, everyday maybe twice a day antivirus updates come through (Long list of things that behave the same way)
I don't think any of this was malware related. But if you have more issues later that are system related, we'll have to go to the Lenovo help forums.

Juliet
2019-10-13, 14:23
It's been 4 days now, so I'm expecting things are back to normal.

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Right-click kprm_(version).exe and select Run as Administrator.
When the tool opens, ensure all boxes are checked, and select Run.
Once complete, click OK.
A log will open in Notepad titled kprm-(date).txt.
Please copy and paste its contents in your next reply.
When the tool has finished, it will create and open a log report and delete itself.

~~~~~~~~~~~~~~~~~~~~~