PDA

View Full Version : Malwarbytes is missing...



rcb56
2020-02-03, 05:03
i just noticed. gone, paid version i had for awhile now and it's just an empty folder now. plus this laptop thoughnot the fastest does seem to be running terribly slow so i thought i'd check in here and see if there was a real problem. i realize i'll need to contact malwarebytes about their program, but i thought if something got it then maybe this should be my first step. the aswMBR as the last time i attempted to run crashedmy pc. thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02
Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (02-02-2020 20:34:56)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Acrox) [File not signed] C:\Blackweb Gaming AP\Blackweb Gaming AP.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(DEVGURU Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.mspaint_6.1907.18017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19122.138.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20011.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [Blackweb Gaming AP] => C:\Blackweb Gaming AP\Blackweb Gaming AP.exe [4572160 2018-12-03] (Acrox) [File not signed]
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27530616 2020-01-07] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\79.1.2.43\Installer\chrmstp.exe [2020-01-17] (Brave Software, Inc.) [File not signed]
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-06]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03DECDDE-F4B1-44F3-9409-39BF17651149} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {0C25F01C-2626-4E63-9C4A-C1B0D1A0F5A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0DC837F4-B0A7-4D92-BBC2-208778FABD04} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-11] (Adobe Inc. -> Adobe Systems)
Task: {112CBE13-520D-4DCF-993C-30FAF813B393} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {2FD0F9A8-C83D-4FCC-BD4C-839960DC14AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31FD8A2F-9D5E-4525-AFCF-2D4B03D890EF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {38FAD77F-6D48-4035-BF92-011D322C5647} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-25] (Adobe Inc. -> Adobe)
Task: {3BEB2327-EE69-4E8B-B89A-DB4ECDABEE48} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4981CF69-42E6-4140-B62A-D15905D49575} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-01-25] (Adobe Inc. -> Adobe)
Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {913DEC7B-6404-4696-8410-CBAD196D382C} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0bcac531-5d49-47cd-83a9-fde31a860b63}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3c4cf5c5-956d-414c-aa7f-b1f6f0c46421}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4127e473-dfe3-4b25-bc2c-0156f88a971e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8def4e12-00e5-41e9-8a5a-38726c85de90}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{911b4540-8355-45a8-a572-9d59dc506868}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9160b299-4de8-46a3-89d4-bf9551ab42a3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2

Internet Explorer:
==================
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge Notifications: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> hxxps://www.facebook.com
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-08]
Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-08]

FireFox:
========
FF DefaultProfile: fningdqf.default
FF DefaultProfile: maib197h.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-07]
FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2020-02-01]
FF Notifications: Mozilla\Firefox\Profiles\g2q5qzsk.default-release -> hxxps://www.facebook.com
FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-01-15] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2020-01-23]
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3324319&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCB0F839A-04A4-4A4D-ADAD-AD1A6A976444&SSPV=","hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (File Converter Extension) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blppeofoijnlbofllclklacdlfckbkok [2020-01-23]
CHR Extension: (Adobe Acrobat) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-12-29]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-17]
CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-13]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-17]
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-24] (Lenovo -> Lenovo Group Ltd.)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-22] (A.V.M. SOFTWARE, INC. -> AVM Software)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-09-23] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [780328 2019-09-23] (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [136040 2019-09-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
U3 TrueSight; C:\WINDOWS\System32\drivers\truesight.sys [28272 2019-10-07] (Adlice -> )
R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-02 20:34 - 2020-02-02 20:37 - 000028621 _____ C:\Users\ronny\Desktop\FRST.txt
2020-02-02 20:33 - 2020-02-02 20:36 - 000000000 ____D C:\FRST
2020-02-02 20:32 - 2020-02-02 20:32 - 002279424 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2020-02-02 20:30 - 2020-02-02 20:30 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2020-02-02 20:30 - 2020-02-02 20:30 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2020-02-02 20:28 - 2020-02-02 20:28 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup(1).exe
2020-02-01 02:06 - 2020-02-01 02:06 - 001483907 _____ C:\Users\ronny\Desktop\MCC9043_IB.PDF
2020-01-29 14:02 - 2020-01-29 14:07 - 000000000 ____D C:\Blackweb Gaming AP
2020-01-29 14:02 - 2020-01-29 14:02 - 000000770 _____ C:\Users\ronny\Desktop\Blackweb Gaming AP.lnk
2020-01-29 14:02 - 2020-01-29 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackweb Gaming AP
2020-01-29 05:44 - 2020-01-29 05:44 - 033108558 _____ C:\Users\ronny\Desktop\. I Wish My Baby Was Born.wav
2020-01-28 23:50 - 2020-01-28 23:50 - 046524077 _____ C:\Users\ronny\Desktop\output%2F442374760742842%2Fmoises--allfiles.zip
2020-01-25 20:57 - 2020-01-25 20:57 - 000004548 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-01-25 20:57 - 2020-01-25 20:57 - 000004370 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-01-24 19:37 - 2020-01-24 19:37 - 028721742 _____ C:\Users\ronny\Desktop\Closer To The Bone.wav
2020-01-23 02:17 - 2020-01-28 23:48 - 000000000 ____D C:\Users\ronny\Desktop\converts
2020-01-23 02:07 - 2020-01-23 02:07 - 000001366 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2020-01-23 02:07 - 2020-01-23 02:07 - 000001366 _____ C:\ProgramData\Desktop\NCH Suite.lnk
2020-01-23 02:07 - 2020-01-23 02:07 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
2020-01-23 02:07 - 2020-01-23 02:07 - 000001214 _____ C:\Users\Public\Desktop\PhotoPad Image Editor.lnk
2020-01-23 02:07 - 2020-01-23 02:07 - 000001214 _____ C:\ProgramData\Desktop\PhotoPad Image Editor.lnk
2020-01-23 02:07 - 2020-01-23 02:07 - 000000000 ____D C:\Users\ronny\NCH Software Suite
2020-01-23 02:06 - 2020-01-23 02:06 - 001847864 _____ (NCH Software) C:\Users\ronny\Desktop\PhotoPadPhotoEditingSoftware.exe
2020-01-23 01:54 - 2020-01-23 01:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\FastStone
2020-01-23 01:53 - 2020-01-23 01:53 - 000001199 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
2020-01-23 01:53 - 2020-01-23 01:53 - 000001199 _____ C:\ProgramData\Desktop\FastStone Image Viewer.lnk
2020-01-23 01:53 - 2020-01-23 01:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2020-01-23 01:53 - 2020-01-23 01:53 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2020-01-23 01:52 - 2020-01-23 01:52 - 007059871 _____ (FastStone Soft) C:\Users\ronny\Desktop\FSViewerSetup74.exe
2020-01-20 00:46 - 2020-01-20 00:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-01-18 17:38 - 2020-01-18 17:39 - 000004608 _____ C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-01-16 22:53 - 2020-01-16 22:53 - 000000000 ____D C:\ProgramData\mb3migration
2020-01-16 22:50 - 2020-01-16 22:50 - 002573312 _____ (Farbar) C:\Users\ronny\Downloads\FRSTEnglish.exe
2020-01-15 10:37 - 2020-01-15 10:37 - 000000000 ____D C:\Program Files (x86)\Flyordie Plugin
2020-01-15 10:28 - 2020-01-15 10:28 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
2020-01-15 10:27 - 2020-01-15 10:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-01-15 10:27 - 2020-01-15 10:27 - 000114232 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2020-01-15 10:26 - 2020-01-15 10:39 - 000000000 ____D C:\Program Files (x86)\Java
2020-01-12 02:16 - 2020-01-12 02:16 - 000001039 _____ C:\Users\ronny\Downloads\Galaxy Note9 - Shortcut.lnk
2020-01-11 22:12 - 2020-01-24 14:02 - 000000000 ____D C:\Users\ronny\Desktop\Moises Remakes
2020-01-07 09:57 - 2020-01-31 16:11 - 000000000 ____D C:\Users\ronny\Desktop\Karaoke
2020-01-06 20:24 - 2020-01-06 20:24 - 000002320 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2020-01-06 20:24 - 2020-01-06 20:24 - 000002112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2020-01-06 20:24 - 2020-01-06 20:24 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2020-01-06 20:24 - 2020-01-06 20:24 - 000001198 _____ C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2020-01-06 20:24 - 2020-01-06 20:24 - 000001198 _____ C:\ProgramData\Desktop\WavePad Sound Editor.lnk
2020-01-06 20:22 - 2020-01-06 20:22 - 000001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RecordPad Sound Recorder.lnk
2020-01-06 20:22 - 2020-01-06 20:22 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Recordpad

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-02 20:30 - 2019-10-06 21:02 - 000034355 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2020-02-02 20:25 - 2019-08-23 15:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-02 18:04 - 2019-08-23 19:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-02 14:53 - 2019-09-28 01:49 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
2020-02-02 14:53 - 2019-08-23 18:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-02-02 14:53 - 2019-08-23 15:06 - 000000000 ____D C:\WINDOWS\INF
2020-02-02 14:52 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-02-01 05:07 - 2019-08-26 15:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2020-01-31 18:28 - 2019-08-23 15:08 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-31 18:28 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-31 04:16 - 2019-11-18 08:55 - 000000000 ____D C:\ProgramData\Paltalk Update
2020-01-30 14:08 - 2019-08-23 18:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2020-01-30 02:07 - 2019-08-24 14:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2020-01-29 16:52 - 2019-10-06 21:24 - 000000000 ____D C:\WINDOWS\Minidump
2020-01-29 14:06 - 2019-08-23 18:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2020-01-29 14:04 - 2019-08-23 20:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-29 14:03 - 2019-08-23 14:35 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2020-01-29 14:02 - 2019-08-23 18:14 - 000000000 ____D C:\Users\ronny
2020-01-29 04:47 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-01-29 04:44 - 2020-01-01 16:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-29 04:44 - 2019-08-26 15:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-28 23:10 - 2019-10-07 23:23 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2020-01-28 05:20 - 2019-08-26 15:20 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-25 20:58 - 2019-11-28 23:09 - 000000000 ____D C:\Users\ronny\AppData\Local\Adobe
2020-01-25 20:56 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-01-25 20:56 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-01-24 14:04 - 2019-11-14 10:55 - 000000000 ____D C:\Users\ronny\Desktop\Recordings
2020-01-23 02:07 - 2019-08-24 14:37 - 000000000 ____D C:\Users\ronny\AppData\Roaming\NCH Software
2020-01-23 02:07 - 2019-08-24 14:37 - 000000000 ____D C:\ProgramData\NCH Software
2020-01-23 02:07 - 2019-08-24 14:37 - 000000000 ____D C:\Program Files (x86)\NCH Software
2020-01-22 13:24 - 2019-08-30 01:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-19 01:08 - 2018-10-09 08:54 - 000000000 ____D C:\ProgramData\Package Cache
2020-01-18 21:14 - 2019-08-23 18:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
2020-01-18 21:14 - 2019-08-23 18:28 - 000000000 ___RD C:\Users\ronny\OneDrive
2020-01-18 21:14 - 2019-08-23 18:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-17 19:19 - 2019-12-19 15:14 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-01-17 01:58 - 2019-11-18 08:55 - 000000000 ____D C:\Program Files (x86)\Paltalk
2020-01-16 23:04 - 2019-09-01 15:26 - 000000000 ____D C:\Program Files\Malwarebytes
2020-01-16 22:55 - 2019-08-23 15:08 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-15 01:27 - 2019-08-23 20:00 - 000000000 ____D C:\ProgramData\Oracle
2020-01-14 22:06 - 2019-08-23 20:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-14 22:00 - 2019-08-23 20:49 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-14 15:10 - 2019-08-23 18:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2020-01-11 08:42 - 2019-09-07 01:06 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
2020-01-08 13:35 - 2019-08-24 15:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
2020-01-08 13:34 - 2019-10-04 20:44 - 000000000 ____D C:\ProgramData\LogiShrd
2020-01-08 13:32 - 2019-10-16 18:00 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
2020-01-08 13:23 - 2019-08-23 15:08 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-08 10:55 - 2019-09-19 11:34 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2020-01-07 22:56 - 2020-01-02 04:49 - 000000000 ____D C:\Users\Public\Logi
2020-01-06 19:49 - 2019-09-08 06:29 - 000000000 ____D C:\Users\ronny\Desktop\Email attachments
2020-01-03 23:12 - 2020-01-02 03:01 - 000000000 ____D C:\ProgramData\boost_interprocess

==================== Files in the root of some directories ========

2019-09-26 20:23 - 2019-09-26 20:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat
2020-01-18 17:38 - 2020-01-18 17:39 - 000004608 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-12-21 10:11 - 2019-12-21 10:11 - 000007606 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
Ran by ronny (02-02-2020 20:39:35)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.321 - Adobe)
Blackweb Gaming AP version 1.0.9.9 (HKLM\...\Blackweb Gaming AP_is1) (Version: 1.0.9.9 - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.2.43 - Brave Software Inc)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
Dwyco CDC-X version 2.20 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.20 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FastStone Image Viewer 7.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.4 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.6.1.1 - Recisio)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 5.50 - NCH Software)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 8.01 - NCH Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.17.0 - Samsung Electronics Co., Ltd.)
SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 9.79 - NCH Software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)

Packages:
=========
Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-08] (Fillr)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.29.4.0_x86__kgqvnymyfvs32 [2020-01-25] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1690.1.0_x86__kgqvnymyfvs32 [2020-01-29] (king.com)
Cloud Drive! -> C:\Program Files\WindowsApps\5913DefineStudio.CloudDrive_4.9.0.0_x64__jj4r3mnwe2ey2 [2020-01-01] (Define Studio) [MS Ad]
Geek app-Wish -> C:\Program Files\WindowsApps\25912WinPhoneTotalApps.Geekapp-Wish_1.0.0.1_neutral__rdnsa2fnwy8xy [2020-01-12] (Wonderful World Apps (WWA))
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa [2020-01-29] (Apple Inc.) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1910.41.0_x64__k1h2ywk1493x8 [2019-12-30] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4 [2020-01-03] (LENOVO INC) [Startup Task]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
Movie Maker : Video Editor With Photo Slideshow -> C:\Program Files\WindowsApps\13941FunAppsMaker.MovieMakerVideoEditorWithPhotoSl_1.0.16.0_x64__yg31wsae9kk16 [2020-01-16] (FunAppsMaker) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) [MS Ad]
MultiRec -> C:\Program Files\WindowsApps\davidtanzer.net.MultiRec_1.0.2.0_x64__8k66xfnpkzez6 [2019-10-14] (David Tanzer)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.22.5.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)
Sketchpads -> C:\Program Files\WindowsApps\48791Untoldlies.Sketchpads_1.1.0.1_neutral__8yj6wf32v5cte [2019-12-29] (LiKZ)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0 [2020-01-30] (Spotify AB) [Startup Task]
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-08] (Nik Rolls)
Ultra Paint -> C:\Program Files\WindowsApps\D5BE6627.UltraPaint_2.0.2.0_x86__9pm2v9747qaaa [2019-11-07] (CompuClever Systems Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat ()

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ronny\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 17:38 - 2018-04-11 17:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2019-10-23 21:31 - 2019-10-23 21:36 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{E955BADC-DF2B-47FB-BE7D-EDD81425FC1F}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{F850B365-54C0-4904-BFE8-3BFA9131EF8C}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{504637E0-AA81-4A4E-B46F-C0E05C5F2A3A}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{34AE96D9-E476-415C-991A-2BE79EF9283E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F2F739EC-FE16-4AAB-AE9E-93754A25E2BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12325.20344.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA0C68E5-8F3D-4F7A-A2CA-74D5875ECA92}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D290D7F-B51E-440A-9C69-C43F5AFFFB1E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A5EBA336-D986-4597-95D2-1FD9ACA8E84E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AF73B399-A155-4B55-A474-8616E9F030E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{218F3333-5012-4BA0-836E-6A9F51C39D4D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F087B9C-F52A-46F2-888C-987D66701220}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{53F7BA74-C0B0-4649-85B9-CE5753F7F3EA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8C2F5129-16B2-4DBA-A8E0-AC574DBB8C85}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B951595-69B9-44CD-B944-FF7131C1C9A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{74555956-CF20-43E4-AF0C-0D033D244B12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9672B3FE-5EA7-42F5-B24D-3A812DAC9977}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D19C51B7-FFD9-49E8-A6DC-AC8779C29B2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{65ADEC78-7014-45A1-ABAA-134CB2615634}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8AC0834B-1BB3-4082-AEA9-F54AD6B432F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A2E686FD-EAFD-4E93-8147-7D359B4EB541}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6F2EADC-CC10-400A-8457-B98B4BD7CF10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

15-01-2020 09:54:16 Removed Java 8 Update 241
24-01-2020 03:54:21 Windows Update

==================== Faulty Device Manager Devices ============

Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/02/2020 02:27:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Maxthon.exe version 5.2.7.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4c8

Start Time: 01d5d8e71589d96a

Termination Time: 629

Application Path: C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe

Report Id: 96a1c812-a212-4b5d-a0f3-7f76fb48aa26

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (01/30/2020 03:02:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_smphost, version: 10.0.17763.1, time stamp: 0xb900eeff
Faulting module name: ntdll.dll, version: 10.0.17763.592, time stamp: 0x0f1b8afd
Exception code: 0xc0000005
Fault offset: 0x000000000004df23
Faulting process id: 0x2fb8
Faulting application start time: 0x01d5d74c0f7b33be
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6c1fc899-d5c0-4ec3-b189-e4e22fea7be7
Faulting package full name:
Faulting package-relative application ID:

Error: (01/28/2020 11:10:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
Exception code: 0xe0434352
Fault offset: 0x0000000000039129
Faulting process id: 0x2ec0
Faulting application start time: 0x01d5d6626c80b832
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: b3b3f6ea-73fd-4c62-9091-b67030303a24
Faulting package full name:
Faulting package-relative application ID:

Error: (01/28/2020 11:10:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
Exception code: 0xe0434352
Fault offset: 0x0000000000039129
Faulting process id: 0x35e4
Faulting application start time: 0x01d5d6626d0a525f
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3d29dc5f-b75c-4b78-800a-1cc956d61038
Faulting package full name:
Faulting package-relative application ID:

Error: (01/28/2020 11:10:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GfxDownloadWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
at GfxGameSettingsDownload.Program.Main(System.String[])

Error: (01/28/2020 11:10:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GfxDownloadWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
at GfxGameSettingsDownload.Program.Main(System.String[])

Error: (01/26/2020 11:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
Exception code: 0xe0434352
Fault offset: 0x0000000000039129
Faulting process id: 0x3a18
Faulting application start time: 0x01d5d4d0037545ed
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 835abf9c-b264-4f6c-b04a-d4b2d93b1e85
Faulting package full name:
Faulting package-relative application ID:

Error: (01/26/2020 11:09:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GfxDownloadWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
at GfxGameSettingsDownload.Program.Main(System.String[])


System errors:
=============
Error: (02/02/2020 05:00:54 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device #3, {9160b299-4de8-46a3-89d4-bf9551ab42a3}, had event 74

Error: (02/01/2020 03:19:30 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-4HPCQJEC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-4HPCQJEC\ronny SID (S-1-5-21-4109447768-91167649-2371174200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2020 03:19:30 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-4HPCQJEC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-4HPCQJEC\ronny SID (S-1-5-21-4109447768-91167649-2371174200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2020 03:14:33 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-4HPCQJEC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-4HPCQJEC\ronny SID (S-1-5-21-4109447768-91167649-2371174200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2020 03:14:32 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-4HPCQJEC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user LAPTOP-4HPCQJEC\ronny SID (S-1-5-21-4109447768-91167649-2371174200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/01/2020 02:46:41 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR52.

Error: (02/01/2020 02:46:41 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR52.

Error: (02/01/2020 02:46:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR52.


Windows Defender:
===================================
Date: 2020-01-29 12:10:15.282
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {396DB32F-329D-4CA1-B855-88898DACEE7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-29 12:00:20.346
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1432EAAB-C3BC-4099-BFB2-4BF8C948F140}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-26 01:20:29.453
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1D46E386-20CC-4C51-9A04-6479414C8A63}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-17 01:22:26.603
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BE924E9C-C209-4E3A-A140-1F77F13EEA40}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-11 12:14:21.755
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {705343EE-9386-47F2-9305-DD4037B960A3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-29 14:14:28.932
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3203.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-01-29 04:55:13.481
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3203.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-01-28 19:40:01.886
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.3203.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-01-21 20:36:52.957
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.2762.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-01-19 03:20:39.734
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.307.2608.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-01-11 08:51:46.998
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-11 01:19:02.236
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-11 01:08:31.850
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-11 01:08:21.492
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-11 01:08:11.555
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-11 01:07:57.109
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-11 01:06:26.727
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-01-08 22:29:47.492
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 8TCN53WW 05/17/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 83%
Total physical RAM: 4005.22 MB
Available physical RAM: 654.88 MB
Total Virtual: 10262.96 MB
Available Virtual: 3155.1 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:869.69 GB) NTFS

\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

Partition: GPT.

==================== End of Addition.txt =======================

Juliet
2020-02-03, 14:37
I found
C:\Program Files\Malwarebytes <==folder but not really seeing other items that would be related.

Then, several errors related to MalwareBytes
Date: 2020-01-08 22:29:47.492
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

You will need to post/followup at the MBAM forum to see what goes there.
~~~

We can run a fix script using FRST


Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3324319&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCB0F839A-04A4-4A4D-ADAD-AD1A6A976444&SSPV=","hxxps://www.google.com/"
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
AlternateDataStreams: C:\Users\ronny\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
FirewallRules: [{E955BADC-DF2B-47FB-BE7D-EDD81425FC1F}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{F850B365-54C0-4904-BFE8-3BFA9131EF8C}] => (Allow) %systemroot%\system32\alg.exe No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

~~~~~~~~~~~~~

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop by Malwarebytes and save the file to your Desktop.

Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
Accept the Terms of use.
Wait until the database is updated.
Click Scan Now.
When finished, please click Clean & Repair.
Your PC should reboot now if any items were found.
After reboot, a log file will be opened. Attach or Copy its content into your next reply.

Please post these 2 logs when finished.

rcb56
2020-02-03, 18:17
ok juliet thanks, here's the two reports. now in hindsight i may have erred but last night in learning m-bytes was missing i was worried about it paid for and all i d'loaded a new copy and used my license to reinstall and ran it. it detected 17 items that weren't a serious threat but i quarrentined them. i tried to get a copy of that report to post also but in my software i don't see where that report is. it was all the same location in an appdata file.

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
Ran by ronny (03-02-2020 09:45:37) Run:1
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny (Available Profiles: ronny)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3324319&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCB0F839A-04A4-4A4D-ADAD-AD1A6A976444&SSPV=","hxxps://www.google.com/"
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
AlternateDataStreams: C:\Users\ronny\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
FirewallRules: [{E955BADC-DF2B-47FB-BE7D-EDD81425FC1F}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{F850B365-54C0-4904-BFE8-3BFA9131EF8C}] => (Allow) %systemroot%\system32\alg.exe No File
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
"Chrome StartupUrls" => removed successfully
"HKU\S-1-5-21-4109447768-91167649-2371174200-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DE58705-3063-4F2A-835E-EB8A8011C103} => removed successfully
C:\Users\ronny\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E955BADC-DF2B-47FB-BE7D-EDD81425FC1F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F850B365-54C0-4904-BFE8-3BFA9131EF8C}" => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\mbamiservice.log => moved successfully
C:\Windows\Temp\mb_errors2220.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\sa.9NCGJX5QLP9M_0__.Public.InstallAgent.dat => moved successfully
C:\Windows\Temp\WER8C6C.tmp.WERDataCollectionStatus.txt => moved successfully
C:\Windows\Temp\WERFC4C.tmp.WERDataCollectionStatus.txt => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 193030797 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 1899090 B
Chrome => 465476632 B
Firefox => 181480543 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 256 B
LocalService => 1222 B
NetworkService => 329534 B
ronny => 470565467 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:48:40 ====

----
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-03-2020
# Duration: 00:01:13
# OS: Windows 10 Home
# Scanned: 34824
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

rcb56
2020-02-03, 18:23
i spoke too soon, here is a copy of the scan last night. sorry.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/2/20
Scan Time: 11:54 PM
Log File: a2001496-4649-11ea-92ea-00f48ddc7000.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18620
License: Premium

-System Information-
OS: Windows 10 (Build 17763.678)
CPU: x64
File System: NTFS
User: LAPTOP-4HPCQJEC\ronny

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 281355
Threats Detected: 17
Threats Quarantined: 17
Time Elapsed: 5 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 199, 454832, , , ,

File: 14
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000025.ldb, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000027.ldb, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000029.ldb, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000030.log, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000031.ldb, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 199, 454832, , , ,
PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 199, 454832, 1.0.18620, , ame,
PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 199, 454832, 1.0.18620, , ame,
PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 199, 454832, 1.0.18620, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Juliet
2020-02-03, 20:19
I think you did fine.
What MalwareBytes found had also been listed in Google
CHR StartupUrls: Default
All of it was taken out.

Let's just do an online scan now because there really doesnt appear to be any malware.

http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

rcb56
2020-02-04, 03:03
ok juliet thanks. i thought those looked similar to what m-bytes usually finds quite often. i knew tho after running it and putting those into quarrentine the new report would show nothing and i'd rather you see it did come up with something. glad to hear that on the malware. waiting now on the d'load and scans.

rcb56
2020-02-04, 03:27
ok juliet, not much to that!

Emsisoft Emergency Kit 2020.1.0.9909 stable [en-us]
OS: Windows 10 (Version 10.0, Build 17763, 64-bit Edition)

Forensics log

Date Component Action Details
2/3/2020 7:11:06 PM User LAPTOP-4HPCQJEC\ronny Setting modified "Detect PUPs" has been changed to "Enabled".
2/3/2020 7:09:43 PM User LAPTOP-4HPCQJEC\ronny Setting modified "Recommended readings & news" has been changed to "Enabled".
2/3/2020 7:09:41 PM User Update Downloaded and installed 101 files (15286 kb) (2 min. 37 sec.).
2/3/2020 7:07:13 PM User LAPTOP-4HPCQJEC\ronny Setting modified "Recommended readings & news" has been changed to "Disabled".
2/3/2020 7:07:05 PM Core Notification "Recommended Reading:Ransomware data exfiltration detection and mitigation strategies".

Juliet
2020-02-04, 12:06
Looking good.

Ready to remove tools and quarantine folders?

rcb56
2020-02-04, 18:30
ok, i think you've done it again let's clean up this mess you made :p::thanks::oreo:

Juliet
2020-02-04, 19:33
Hey now Arkansas ...Tennessee girl didn't do it!.....LOL


Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:

- Delete tools

Click the "Run" button.

When the tool has finished, it will create and open a log report and delete itself.

rcb56
2020-02-04, 19:48
i think we have a basketball game coming up with tennyshoe...good luck and thanks for the help!

# Run at 2/4/2020 11:46:36 AM
# KpRm (Kernel-panik) version 2.6
# Website https://kernel-panik.me/tool/kprm/
# Run by ronny from C:\Users\ronny\Desktop
# Computer Name: LAPTOP-4HPCQJEC
# OS: Windows 10 X64 (17763)
# Number of passes: 3

- Checked options -

~ Delete Tools

- Delete Tools -


## AdwCleaner
[OK] C:\Users\ronny\Desktop\AdwCleaner.exe deleted (1)

## AswMBR
[OK] C:\Users\ronny\Desktop\aswMBR.exe deleted (1)

## Emisoft Emergency Kit
[OK] C:\Users\ronny\Desktop\EmsisoftEmergencyKit.exe deleted (1)

## FRST
[OK] C:\Users\ronny\Desktop\Addition.txt deleted (1)
[OK] C:\Users\ronny\Desktop\Fixlog.txt deleted (1)
[OK] C:\Users\ronny\Desktop\FRST.txt deleted (1)
[OK] C:\Users\ronny\Desktop\FRST64.exe deleted (1)
[OK] C:\Users\ronny\Downloads\FRSTEnglish.exe deleted (1)

## Malwarebytes (log)
[OK] C:\Users\ronny\Desktop\mbamq.txt deleted (1)

- Other Lines -


## Quarantines keeped
~ C:\AdwCleaner (AdwCleaner)
~ C:\EEK (Emisoft Emergency Kit)
~ C:\FRST (FRST)

-- KPRM finished in 6.61s --

Juliet
2020-02-04, 19:59
Razorbacks vs. Volunteers 2-26 I think

Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.