rcb56
2019-10-07, 06:39
i swear! i was on amazon andi didn't click on anything but my browser went nuts and mouse too. no matter what my mouse even just hovered on it did it. if i went over the red x poof. it downloaded about 25 frst installers. the aswMBR killed my pc so it didn't scan. it started opening so many windows finally the browser just shut down. i hate to be back bothering again but please help!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (06-10-2019 22:10:24)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [4222824 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-04]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1224E798-3D98-4167-9210-57D0A608D115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {2F69E2B5-998C-4BE3-B8C1-F4C17A832F81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
Task: {56459180-EFEE-41F5-A5DE-1AAC75A3848F} - System32\Tasks\App Explorer => C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7399080 2019-06-03] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {CE593E85-91CA-4FC6-9123-B03726458666} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {EAF67D8F-5CB1-4E4B-9409-6A9A6E49888B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-03-06] (Lenovo -> Lenovo Group Ltd.)
Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
Tcpip\..\Interfaces\{a7d8a2cf-4df1-462b-8c04-296901f5dbce}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e9912264-f036-4b2d-a7b6-0265d6053904}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\ronny\Desktop\New folder\bin\ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\ronny\Desktop\New folder\bin\jp2ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02]
Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02]
FireFox:
========
FF DefaultProfile: fningdqf.default
FF DefaultProfile: maib197h.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-02]
FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2019-09-26]
FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-09-23]
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\dtplugin\npDeployJava1.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\plugin2\npjp2.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2019-08-30]
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-30]
CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-30]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [178024 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89600 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-10-06 22:10 - 2019-10-06 22:13 - 000026550 _____ C:\Users\ronny\Desktop\FRST.txt
2019-10-06 22:08 - 2019-10-06 22:11 - 000000000 ____D C:\FRST
2019-10-06 22:05 - 2019-10-06 22:05 - 005198336 _____ (AVAST Software) C:\Users\ronny\Desktop\aswMBR.exe
2019-10-06 22:04 - 2019-10-06 22:04 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64(1).exe
2019-10-06 22:03 - 2019-10-06 22:03 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2019-10-06 22:02 - 2019-10-06 22:02 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2019-10-06 22:02 - 2019-10-06 22:02 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-4HPCQJEC-Windows-10-Home-(64-bit).dat
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\RegBackup
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2019-10-06 22:01 - 2019-10-06 22:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
2019-10-06 18:38 - 2019-10-06 18:38 - 001864748 _____ C:\Users\ronny\Desktop\image1.jpeg
2019-10-04 21:47 - 2019-10-04 21:47 - 000000000 ____D C:\Users\ronny\AppData\Local\Logitech® Webcam Software
2019-10-04 21:44 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
2019-10-04 21:43 - 2019-10-04 21:43 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Leadertech
2019-10-04 21:40 - 2019-10-04 21:43 - 000000000 ____D C:\Program Files (x86)\Logitech
2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\ProgramData\Desktop\Logitech Webcam Software .lnk
2019-10-04 21:40 - 2019-10-04 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-10-02 12:18 - 2019-10-02 12:18 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-10-02 11:10 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\ProgramData\Desktop\SeaMonkey.lnk
2019-10-02 11:09 - 2019-10-02 12:14 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
2019-10-02 11:08 - 2019-10-02 11:08 - 044820438 _____ (Mozilla) C:\Users\ronny\Desktop\seamonkey-2.49.5.installer.exe
2019-10-02 10:58 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
2019-10-02 10:57 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-10-02 10:57 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\Desktop\New folder
2019-10-02 10:57 - 2019-10-02 10:57 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-10-02 10:49 - 2019-10-02 10:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Oracle
2019-09-28 02:49 - 2019-10-06 21:21 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
2019-09-27 23:41 - 2019-09-27 23:41 - 000470308 _____ C:\Users\ronny\Desktop\Resized_Screenshot_20190927-104343.jpeg
2019-09-27 08:54 - 2019-09-27 08:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Adguard Software Ltd
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Local\Adguard_Software_Ltd
2019-09-26 21:24 - 2019-09-18 05:05 - 000089600 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2019-09-26 21:23 - 2019-10-06 21:38 - 000000000 ____D C:\ProgramData\Adguard
2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\Users\Public\Desktop\Adguard.lnk
2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\ProgramData\Desktop\Adguard.lnk
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\ProgramData\fontcacheev1.dat
2019-09-26 21:22 - 2019-10-02 12:18 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-09-26 21:22 - 2019-09-26 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
2019-09-21 23:22 - 2019-09-27 13:35 - 000000000 ____D C:\Users\ronny\AppData\Local\Unity
2019-09-21 23:22 - 2019-09-22 19:47 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Unity
2019-09-21 00:00 - 2019-09-21 00:00 - 000374961 _____ C:\Users\ronny\Desktop\ronald_bridges_nvrf.pdf
2019-09-19 12:34 - 2019-10-04 21:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-09-19 11:18 - 2019-09-19 11:18 - 000000000 ___HD C:\OneDriveTemp
2019-09-18 10:53 - 2019-09-18 11:08 - 000000000 ____D C:\Users\ronny\Desktop\Sounds
2019-09-07 02:06 - 2019-09-08 05:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-10-06 21:47 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-06 18:36 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-06 08:45 - 2019-08-24 16:09 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-10-05 22:02 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny\AppData\Local\Host App Service
2019-10-05 12:54 - 2019-08-30 01:36 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Maxthon5
2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-04 21:56 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
2019-10-04 21:43 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
2019-10-04 21:43 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
2019-10-02 12:25 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2019-10-02 12:17 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-02 12:15 - 2019-08-23 15:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-10-02 11:47 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\registration
2019-10-02 11:43 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
2019-10-02 11:20 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2019-10-02 11:16 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Local\Mozilla
2019-10-02 11:10 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Mozilla
2019-10-02 10:21 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-29 12:33 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-09-28 02:44 - 2019-08-23 19:28 - 000000000 ___RD C:\Users\ronny\OneDrive
2019-09-28 02:33 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-28 00:45 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2019-09-27 08:53 - 2019-09-01 17:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-09-26 21:21 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-24 14:12 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-24 01:26 - 2019-09-03 23:06 - 000000000 ____D C:\WINDOWS\Net
2019-09-23 21:03 - 2019-08-26 16:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-23 21:02 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-21 03:48 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2019-09-19 11:17 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
2019-09-19 11:17 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-13 03:11 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.old.sql
2019-09-09 03:16 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
==================== Files in the root of some directories ================
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by ronny (06-10-2019 22:14:48)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.2.2936.0 - Adguard Software Ltd) Hidden
AdGuard (HKLM-x32\...\{bc242975-00ab-4e62-ad42-31de9242d781}) (Version: 7.2.2936.0 - Adguard Software Ltd)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Host App Service) (Version: 0.273.3.522 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Packages:
=========
Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02] (Fillr)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-03] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1600.3.0_x86__kgqvnymyfvs32 [2019-10-02] (king.com)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1908.42.0_x64__k1h2ywk1493x8 [2019-10-02] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-10-02] (LENOVO INC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0 [2019-10-02] (Spotify AB)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02] (Nik Rolls)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2019-08-23 19:13 - 2018-08-12 23:33 - 001564160 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoContextEnginePlugin\x64\x64\SQLite.Interop.dll
2015-10-09 07:42 - 2003-01-26 15:41 - 000040960 _____ (vbAccelerator) [File not signed] C:\Program Files (x86)\Tweaking.com\Registry Backup\SSubTmr6.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{0635B29F-2632-4637-8F71-27A8A139037E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{99B17194-18D2-4791-99E0-75B78A616468}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
FirewallRules: [{A8CD29F5-7DD5-4078-98B5-08A068340E28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{67A9CC3A-842F-477C-8F5A-D5400EF41ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0083959-183D-40B8-ACE3-BF7BF4129EAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8006475F-37EE-4BF6-979B-985DDFA4689F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3802570B-363B-441D-8C64-020D14D5CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1008D5D4-8314-4373-874E-534C3E93BC55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5692BE70-F61F-463C-831C-00E767D45BAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{972054F6-3AB3-4F1D-A5B3-43F551FA4298}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7693F2D9-9301-417B-8CD1-F7B3302A2853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5243A6B1-8F19-4E60-BE3F-18890A09AFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9AD62D3D-D3DA-4ABD-B97F-45071A5CA045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{118302F7-B6F5-4893-BD18-8CD7766C3229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4AA7B009-46A4-47B2-BE4B-2A6BB2620864}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AAE44F32-B9E6-48D4-ACEE-C0A733CEDBBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B0D8EF3F-26C3-4B2B-A70D-852B25C613E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D44185D-45EE-4E85-B252-9945F49A2BAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7784072-0EF8-4F91-BD3B-FE64D28B4961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Codecs (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Restore Points =========================
21-09-2019 06:26:23 Scheduled Checkpoint
29-09-2019 14:21:44 Windows Update
02-10-2019 11:38:49 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/06/2019 09:58:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3d78
Start Time: 01d57cbae873d16b
Termination Time: 0
Application Path: C:\WINDOWS\System32\MicrosoftEdgeCP.exe
Report Id: f5a1e8ac-ce81-413e-a0de-3705ffc03c9c
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Hang type: Unknown
Error: (10/06/2019 09:51:46 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (10/06/2019 09:51:46 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (10/06/2019 08:51:04 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (10/05/2019 08:55:04 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (10/05/2019 08:55:03 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (10/05/2019 08:50:55 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (10/03/2019 02:04:43 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
System errors:
=============
Error: (10/06/2019 08:45:14 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74
Error: (10/05/2019 08:45:22 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74
Error: (10/03/2019 11:37:55 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74
Error: (10/02/2019 12:33:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: 9NCGJX5QLP9M-AppUp.IntelMediaSDKDFP.
Error: (10/02/2019 12:32:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 9NCGJX5QLP9M-AppUp.IntelMediaSDKDFP.
Error: (10/02/2019 12:25:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/02/2019 12:25:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/02/2019 12:19:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-10-06 22:14:45.790
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ronny\Downloads\FRSTEnglish.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2
Date: 2019-10-03 13:52:01.957
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {595EC542-D413-417E-9623-207FF9200C55}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-03 13:39:02.366
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E1EB5BFE-C4AB-4C53-864E-0B62D7A12C91}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-03 13:28:57.452
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CC7CCFAB-08BD-460F-8389-CFE707DD98D0}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-03 13:20:23.207
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5AD5FCCE-D023-47E3-BA8E-27DF2FA5B7D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-09-28 02:42:21.947
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Date: 2019-09-11 11:22:10.912
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2019-09-10 20:09:06.651
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2019-10-06 21:57:17.750
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:57:08.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:57:08.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:57.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:36.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:28.616
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:28.251
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:28.016
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 8TCN53WW 05/17/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 4005.22 MB
Available physical RAM: 1195.96 MB
Total Virtual: 8929.92 MB
Available Virtual: 4394.14 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:882.58 GB) NTFS
\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)
Partition: GPT.
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (06-10-2019 22:10:24)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [4222824 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-04]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1224E798-3D98-4167-9210-57D0A608D115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {2F69E2B5-998C-4BE3-B8C1-F4C17A832F81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
Task: {56459180-EFEE-41F5-A5DE-1AAC75A3848F} - System32\Tasks\App Explorer => C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7399080 2019-06-03] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {CE593E85-91CA-4FC6-9123-B03726458666} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {EAF67D8F-5CB1-4E4B-9409-6A9A6E49888B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-03-06] (Lenovo -> Lenovo Group Ltd.)
Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
Tcpip\..\Interfaces\{a7d8a2cf-4df1-462b-8c04-296901f5dbce}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e9912264-f036-4b2d-a7b6-0265d6053904}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\ronny\Desktop\New folder\bin\ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\ronny\Desktop\New folder\bin\jp2ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02]
Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02]
FireFox:
========
FF DefaultProfile: fningdqf.default
FF DefaultProfile: maib197h.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-02]
FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2019-09-26]
FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-09-23]
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\dtplugin\npDeployJava1.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\plugin2\npjp2.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2019-08-30]
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-30]
CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-30]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [178024 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89600 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-10-06 22:10 - 2019-10-06 22:13 - 000026550 _____ C:\Users\ronny\Desktop\FRST.txt
2019-10-06 22:08 - 2019-10-06 22:11 - 000000000 ____D C:\FRST
2019-10-06 22:05 - 2019-10-06 22:05 - 005198336 _____ (AVAST Software) C:\Users\ronny\Desktop\aswMBR.exe
2019-10-06 22:04 - 2019-10-06 22:04 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64(1).exe
2019-10-06 22:03 - 2019-10-06 22:03 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2019-10-06 22:02 - 2019-10-06 22:02 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2019-10-06 22:02 - 2019-10-06 22:02 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-4HPCQJEC-Windows-10-Home-(64-bit).dat
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\RegBackup
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2019-10-06 22:01 - 2019-10-06 22:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
2019-10-06 18:38 - 2019-10-06 18:38 - 001864748 _____ C:\Users\ronny\Desktop\image1.jpeg
2019-10-04 21:47 - 2019-10-04 21:47 - 000000000 ____D C:\Users\ronny\AppData\Local\Logitech® Webcam Software
2019-10-04 21:44 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
2019-10-04 21:43 - 2019-10-04 21:43 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Leadertech
2019-10-04 21:40 - 2019-10-04 21:43 - 000000000 ____D C:\Program Files (x86)\Logitech
2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\ProgramData\Desktop\Logitech Webcam Software .lnk
2019-10-04 21:40 - 2019-10-04 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-10-02 12:18 - 2019-10-02 12:18 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-10-02 12:18 - 2019-10-02 12:18 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-10-02 11:10 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\ProgramData\Desktop\SeaMonkey.lnk
2019-10-02 11:09 - 2019-10-02 12:14 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
2019-10-02 11:08 - 2019-10-02 11:08 - 044820438 _____ (Mozilla) C:\Users\ronny\Desktop\seamonkey-2.49.5.installer.exe
2019-10-02 10:58 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
2019-10-02 10:57 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-10-02 10:57 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\Desktop\New folder
2019-10-02 10:57 - 2019-10-02 10:57 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-10-02 10:49 - 2019-10-02 10:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Oracle
2019-09-28 02:49 - 2019-10-06 21:21 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
2019-09-27 23:41 - 2019-09-27 23:41 - 000470308 _____ C:\Users\ronny\Desktop\Resized_Screenshot_20190927-104343.jpeg
2019-09-27 08:54 - 2019-09-27 08:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Adguard Software Ltd
2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Local\Adguard_Software_Ltd
2019-09-26 21:24 - 2019-09-18 05:05 - 000089600 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
2019-09-26 21:23 - 2019-10-06 21:38 - 000000000 ____D C:\ProgramData\Adguard
2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\Users\Public\Desktop\Adguard.lnk
2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\ProgramData\Desktop\Adguard.lnk
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\ProgramData\fontcacheev1.dat
2019-09-26 21:22 - 2019-10-02 12:18 - 000000000 ____D C:\Program Files (x86)\Adguard
2019-09-26 21:22 - 2019-09-26 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
2019-09-21 23:22 - 2019-09-27 13:35 - 000000000 ____D C:\Users\ronny\AppData\Local\Unity
2019-09-21 23:22 - 2019-09-22 19:47 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Unity
2019-09-21 00:00 - 2019-09-21 00:00 - 000374961 _____ C:\Users\ronny\Desktop\ronald_bridges_nvrf.pdf
2019-09-19 12:34 - 2019-10-04 21:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-09-19 11:18 - 2019-09-19 11:18 - 000000000 ___HD C:\OneDriveTemp
2019-09-18 10:53 - 2019-09-18 11:08 - 000000000 ____D C:\Users\ronny\Desktop\Sounds
2019-09-07 02:06 - 2019-09-08 05:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-10-06 21:47 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-06 18:36 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-06 08:45 - 2019-08-24 16:09 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-10-05 22:02 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny\AppData\Local\Host App Service
2019-10-05 12:54 - 2019-08-30 01:36 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Maxthon5
2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-04 21:56 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
2019-10-04 21:43 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
2019-10-04 21:43 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
2019-10-02 12:25 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2019-10-02 12:17 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-02 12:15 - 2019-08-23 15:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-10-02 11:47 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\registration
2019-10-02 11:43 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
2019-10-02 11:20 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2019-10-02 11:16 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Local\Mozilla
2019-10-02 11:10 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Mozilla
2019-10-02 10:21 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-29 12:33 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-09-28 02:44 - 2019-08-23 19:28 - 000000000 ___RD C:\Users\ronny\OneDrive
2019-09-28 02:33 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-28 00:45 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2019-09-27 08:53 - 2019-09-01 17:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-09-26 21:21 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-24 14:12 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-24 01:26 - 2019-09-03 23:06 - 000000000 ____D C:\WINDOWS\Net
2019-09-23 21:03 - 2019-08-26 16:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-09-23 21:02 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-21 03:48 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2019-09-19 11:17 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
2019-09-19 11:17 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-13 03:11 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.old.sql
2019-09-09 03:16 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
==================== Files in the root of some directories ================
2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by ronny (06-10-2019 22:14:48)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.2.2936.0 - Adguard Software Ltd) Hidden
AdGuard (HKLM-x32\...\{bc242975-00ab-4e62-ad42-31de9242d781}) (Version: 7.2.2936.0 - Adguard Software Ltd)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Host App Service) (Version: 0.273.3.522 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Packages:
=========
Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02] (Fillr)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-03] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1600.3.0_x86__kgqvnymyfvs32 [2019-10-02] (king.com)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1908.42.0_x64__k1h2ywk1493x8 [2019-10-02] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-10-02] (LENOVO INC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0 [2019-10-02] (Spotify AB)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02] (Nik Rolls)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2019-08-23 19:13 - 2018-08-12 23:33 - 001564160 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoContextEnginePlugin\x64\x64\SQLite.Interop.dll
2015-10-09 07:42 - 2003-01-26 15:41 - 000040960 _____ (vbAccelerator) [File not signed] C:\Program Files (x86)\Tweaking.com\Registry Backup\SSubTmr6.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{0635B29F-2632-4637-8F71-27A8A139037E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{99B17194-18D2-4791-99E0-75B78A616468}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
FirewallRules: [{A8CD29F5-7DD5-4078-98B5-08A068340E28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{67A9CC3A-842F-477C-8F5A-D5400EF41ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0083959-183D-40B8-ACE3-BF7BF4129EAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8006475F-37EE-4BF6-979B-985DDFA4689F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3802570B-363B-441D-8C64-020D14D5CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1008D5D4-8314-4373-874E-534C3E93BC55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5692BE70-F61F-463C-831C-00E767D45BAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{972054F6-3AB3-4F1D-A5B3-43F551FA4298}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7693F2D9-9301-417B-8CD1-F7B3302A2853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5243A6B1-8F19-4E60-BE3F-18890A09AFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9AD62D3D-D3DA-4ABD-B97F-45071A5CA045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{118302F7-B6F5-4893-BD18-8CD7766C3229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4AA7B009-46A4-47B2-BE4B-2A6BB2620864}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AAE44F32-B9E6-48D4-ACEE-C0A733CEDBBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B0D8EF3F-26C3-4B2B-A70D-852B25C613E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D44185D-45EE-4E85-B252-9945F49A2BAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B7784072-0EF8-4F91-BD3B-FE64D28B4961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Codecs (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Restore Points =========================
21-09-2019 06:26:23 Scheduled Checkpoint
29-09-2019 14:21:44 Windows Update
02-10-2019 11:38:49 Restore Operation
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/06/2019 09:58:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3d78
Start Time: 01d57cbae873d16b
Termination Time: 0
Application Path: C:\WINDOWS\System32\MicrosoftEdgeCP.exe
Report Id: f5a1e8ac-ce81-413e-a0de-3705ffc03c9c
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Hang type: Unknown
Error: (10/06/2019 09:51:46 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (10/06/2019 09:51:46 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (10/06/2019 08:51:04 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (10/05/2019 08:55:04 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (10/05/2019 08:55:03 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (10/05/2019 08:50:55 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (10/03/2019 02:04:43 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
System errors:
=============
Error: (10/06/2019 08:45:14 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74
Error: (10/05/2019 08:45:22 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74
Error: (10/03/2019 11:37:55 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74
Error: (10/02/2019 12:33:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: 9NCGJX5QLP9M-AppUp.IntelMediaSDKDFP.
Error: (10/02/2019 12:32:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 9NCGJX5QLP9M-AppUp.IntelMediaSDKDFP.
Error: (10/02/2019 12:25:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/02/2019 12:25:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/02/2019 12:19:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-10-06 22:14:45.790
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0
Name: Trojan:Win32/Tiggre!plock
ID: 2147723626
Severity: Severe
Category: Trojan
Path: file:_C:\Users\ronny\Downloads\FRSTEnglish.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2
Date: 2019-10-03 13:52:01.957
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {595EC542-D413-417E-9623-207FF9200C55}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-03 13:39:02.366
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E1EB5BFE-C4AB-4C53-864E-0B62D7A12C91}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-03 13:28:57.452
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CC7CCFAB-08BD-460F-8389-CFE707DD98D0}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-10-03 13:20:23.207
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5AD5FCCE-D023-47E3-BA8E-27DF2FA5B7D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-09-28 02:42:21.947
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Date: 2019-09-11 11:22:10.912
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2019-09-11 10:25:43.237
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2019-09-10 20:09:06.651
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.301.893.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16300.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2019-10-06 21:57:17.750
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:57:08.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:57:08.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:57.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:36.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:28.616
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:28.251
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2019-10-06 21:56:28.016
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 8TCN53WW 05/17/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 4005.22 MB
Available physical RAM: 1195.96 MB
Total Virtual: 8929.92 MB
Available Virtual: 4394.14 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:882.58 GB) NTFS
\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)
Partition: GPT.
==================== End of Addition.txt ============================