PDA

View Full Version : grrrrrrr! i've tried other tools before trying farbar...



rcb56
2020-03-08, 22:42
and farbar has stopped responding in 6 tries. the other as before shut my pc down upon opening it. don't know if it's anything but it has slowed x3 i'd bet after the other day it was like the dpi on my mouse was turned way up, i couldn't catch it, and everything it touched it did. red x and it closed, over a program and it opened. browsers opened up until it crashed!

rcb56
2020-03-09, 02:13
well i deleted farbar and downloaded again new and ran as admin, it got to scanning other areas and became unresponsive. i don't know what to do. feel like i ought to get a room here!

Juliet
2020-03-09, 14:13
How long did you let it sit?, was it running with task manager open?
Very possible it's your antivirus. happens to me too.

Or, you could attempt to run it in safe mode?

rcb56
2020-03-10, 03:44
ok...some folks, just sooo smart. i ran in safe mode and thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (09-03-2020 20:29:52)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27585400 2020-01-28] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73256 2018-07-01] (Polyclef Software LLC -> Mobile Stream)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27585400 2020-01-28] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.132\Installer\chrmstp.exe [2020-03-05] (Google LLC -> Google LLC)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-06]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02395C77-4ADC-4C1C-AAD4-E4F6DA3BFA2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {0DC837F4-B0A7-4D92-BBC2-208778FABD04} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-11] (Adobe Inc. -> Adobe Systems)
Task: {11637F67-0922-426F-84FF-FA70FBA1FF4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31FD8A2F-9D5E-4525-AFCF-2D4B03D890EF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {38FAD77F-6D48-4035-BF92-011D322C5647} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-14] (Adobe Inc. -> Adobe)
Task: {3CD617F7-DFF3-4924-A894-31B33EE3B680} - System32\Tasks\NCH Software\WavePadDowngrade => C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe [4285496 2019-12-18] (NCH Software, Inc. -> NCH Software)
Task: {4981CF69-42E6-4140-B62A-D15905D49575} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_pepper.exe [1453624 2020-02-14] (Adobe Inc. -> Adobe)
Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
Task: {6D4F6831-4DFD-40E6-AA86-B9E2D0B78B5C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\ronny\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B2ACB566-981E-4486-89E7-15432568B5E9} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001 => C:\Users\ronny\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
Task: {E4E5FF1A-9C2C-4845-969B-599F416D55B1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-12] (Adobe Inc. -> Adobe)
Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {FAB2F3B6-5DCD-4DE1-B5FA-797DE294E5DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0bcac531-5d49-47cd-83a9-fde31a860b63}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3c4cf5c5-956d-414c-aa7f-b1f6f0c46421}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4127e473-dfe3-4b25-bc2c-0156f88a971e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41bf5d2c-1448-4cf2-b637-856c4c61d320}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8def4e12-00e5-41e9-8a5a-38726c85de90}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{911b4540-8355-45a8-a572-9d59dc506868}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
Tcpip\..\Interfaces\{ad325e77-a627-4f2a-83dc-8d6f3d4c4890}: [DhcpNameServer] 192.168.117.1
Tcpip\..\Interfaces\{d221ac92-401c-49f0-9a27-5deb15c13aad}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge Notifications: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> hxxps://www.facebook.com
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-08]
Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-08]

FireFox:
========
FF DefaultProfile: fningdqf.default
FF DefaultProfile: maib197h.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-07]
FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2020-02-03]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2020-03-06]
FF Notifications: Mozilla\Firefox\Profiles\g2q5qzsk.default-release -> hxxps://www.facebook.com
FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-12] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-12] (Adobe Inc. -> )
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-01-15] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2020-02-09]
CHR HomePage: Default -> hxxp://www.msn.com/
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
CHR Extension: (File Converter Extension) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blppeofoijnlbofllclklacdlfckbkok [2020-01-23]
CHR Extension: (Adobe Acrobat) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-12-29]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-17]
CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-13]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-08]
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
S2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
S2 MBAMInstallerService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe [5235520 2020-03-09] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-02-03] (Malwarebytes Inc -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
S2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-22] (A.V.M. SOFTWARE, INC. -> AVM Software)
S2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-09-23] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [780328 2019-09-23] (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.)
S2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [136040 2019-09-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 easytether; C:\WINDOWS\System32\drivers\easytthrx.sys [22728 2015-11-22] (Polyclef Software -> Mobile Stream)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
S2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-02-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-03-06] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
S3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
U3 TrueSight; C:\WINDOWS\System32\drivers\truesight.sys [28272 2019-10-07] (Adlice -> )
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-08 18:50 - 2020-03-08 18:50 - 002279936 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2020-03-08 11:41 - 2020-03-08 19:05 - 000014538 _____ C:\Users\ronny\Desktop\Addition.txt
2020-03-08 11:38 - 2020-03-09 20:31 - 000022703 _____ C:\Users\ronny\Desktop\FRST.txt
2020-03-08 11:34 - 2020-03-08 11:34 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
2020-03-08 11:34 - 2020-03-08 11:34 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2020-03-08 03:24 - 2020-03-08 03:24 - 030248394 _____ C:\Users\ronny\Desktop\Years.wav
2020-03-07 21:25 - 2020-03-07 21:25 - 046784773 _____ C:\Users\ronny\Desktop\output%2F443996435059966%2Fmoises--allfiles.zip
2020-03-07 21:09 - 2020-03-07 23:41 - 000000000 ____D C:\Users\ronny\AppData\Roaming\ocenaudio
2020-03-07 21:08 - 2020-03-07 21:08 - 000000832 _____ C:\Users\Public\Desktop\ocenaudio.lnk
2020-03-07 21:08 - 2020-03-07 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ocenaudio
2020-03-07 21:08 - 2020-03-07 21:08 - 000000000 ____D C:\Program Files\ocenaudio
2020-02-19 12:30 - 2020-02-19 12:31 - 000000000 ____D C:\Users\ronny\AppData\Local\TeamViewer
2020-02-19 12:30 - 2020-02-19 12:30 - 000000000 ____D C:\Users\ronny\AppData\Roaming\TeamViewer
2020-02-19 12:29 - 2020-02-26 16:42 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-02-19 12:24 - 2020-02-19 12:25 - 000000000 ____D C:\ProgramData\SupremoRemoteDesktop
2020-02-17 22:02 - 2020-02-17 22:02 - 002835343 _____ C:\Users\ronny\Desktop\(5) Facebook.html
2020-02-17 22:02 - 2020-02-17 22:02 - 000000000 ____D C:\Users\ronny\Desktop\(5) Facebook_files
2020-02-15 13:40 - 2020-03-06 22:10 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-02-15 13:40 - 2020-02-15 13:40 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-02-15 13:40 - 2020-02-15 13:40 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-02-14 13:26 - 2020-02-14 13:26 - 000044544 _____ C:\Users\ronny\Desktop\NarrowsDamGeneration2-10-20thru02-16-20Rev2.xls
2020-02-14 13:19 - 2020-02-14 13:19 - 000044544 _____ C:\Users\ronny\Desktop\NarrowsDamGeneration2-17-20thru02-23-20.xls
2020-02-13 13:39 - 2020-02-13 13:40 - 000000000 ____D C:\Users\ronny\Desktop\New folder
2020-02-13 13:38 - 2020-02-13 13:38 - 000130234 _____ C:\Users\ronny\Downloads\ResetWUEng.zip
2020-02-11 19:44 - 2020-02-11 19:44 - 204486112 _____ (Logitech Inc.) C:\Users\ronny\Desktop\Options_8.10.84.exe.mxdl
2020-02-11 18:00 - 2020-02-11 18:03 - 204486112 _____ (Logitech Inc.) C:\Users\ronny\Desktop\Options_8.10.84(1).exe.mxdl
2020-02-08 23:22 - 2020-02-08 23:22 - 000000000 ____D C:\Program Files\Logitech
2020-02-08 23:15 - 2020-02-08 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-02-08 04:24 - 2020-02-08 04:24 - 000000000 ____D C:\Users\ronny\.android
2020-02-08 04:14 - 2020-02-08 04:14 - 000002549 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
2020-02-08 04:14 - 2020-02-08 04:14 - 000000000 ____D C:\Program Files\Mobile Stream
2020-02-08 04:11 - 2020-02-08 04:09 - 006133328 _____ (Mobile Stream) C:\Users\ronny\Desktop\easytether (1).exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-09 20:30 - 2020-02-02 21:33 - 000000000 ____D C:\FRST
2020-03-09 20:30 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-09 20:30 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
2020-03-09 20:27 - 2020-02-06 12:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-03-09 20:25 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-03-09 20:25 - 2019-08-23 15:35 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2020-03-09 20:24 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
2020-03-09 19:55 - 2019-10-08 00:23 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2020-03-09 19:54 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-03-09 19:41 - 2019-09-28 02:49 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
2020-03-09 19:12 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-09 19:12 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-03-09 16:18 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-08 17:05 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-03-08 11:35 - 2019-10-06 22:02 - 000050616 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2020-03-08 10:53 - 2020-02-03 20:04 - 000000000 ____D C:\EEK
2020-03-07 21:01 - 2019-08-24 15:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2020-03-06 23:43 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2020-03-06 22:10 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2020-03-06 22:07 - 2020-01-01 17:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-03-05 17:30 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-05 07:55 - 2020-01-07 10:57 - 000000000 ____D C:\Users\ronny\Desktop\Karaoke
2020-03-05 07:54 - 2019-11-14 11:55 - 000000000 ____D C:\Users\ronny\Desktop\Recordings
2020-03-04 22:45 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-02-26 16:44 - 2019-08-23 20:38 - 000258768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-02-26 16:43 - 2019-12-19 16:12 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2020-02-26 16:43 - 2019-10-02 11:09 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
2020-02-26 16:41 - 2020-01-29 15:02 - 000000000 ____D C:\Blackweb Gaming AP
2020-02-21 20:37 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2020-02-19 12:45 - 2019-12-19 16:14 - 000000000 ____D C:\Users\ronny\AppData\Local\BraveSoftware
2020-02-17 17:49 - 2019-09-07 02:06 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
2020-02-15 13:40 - 2020-02-03 00:51 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-02-14 13:21 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2020-02-14 10:00 - 2020-01-25 21:57 - 000004558 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-02-14 10:00 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-02-14 10:00 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-02-12 10:16 - 2019-08-23 21:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-02-12 10:13 - 2019-08-23 21:49 - 120407888 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-02-12 00:45 - 2020-02-06 16:56 - 000004546 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-02-11 12:52 - 2019-11-29 00:17 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-02-10 01:21 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
2020-02-10 01:21 - 2019-08-23 19:28 - 000000000 __RDL C:\Users\ronny\OneDrive
2020-02-10 01:20 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-08 23:23 - 2019-10-16 19:00 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
2020-02-08 23:22 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
2020-02-08 23:15 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
2020-02-08 18:26 - 2020-02-07 23:56 - 000000000 ____D C:\Users\ronny\Desktop\recipes
2020-02-08 10:53 - 2019-08-24 16:10 - 015546368 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
2020-02-08 04:14 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
2020-02-08 04:07 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories ========

2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat
2020-01-18 18:38 - 2020-01-18 18:39 - 000004608 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-12-21 11:11 - 2019-12-21 11:11 - 000007606 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
Ran by ronny (09-03-2020 20:32:42)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.330 - Adobe)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
Dwyco CDC-X version 2.20 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.20 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
EasyTether (HKLM\...\{BE94EA52-041A-4643-A192-9481EDBFA73F}) (Version: 1.3.4 - Mobile Stream) Hidden
EasyTether (HKLM-x32\...\{11e8bc09-c842-4244-bf90-2bea82be07c5}) (Version: 1.3.4 - Mobile Stream)
EasyTether ADB USB driver (HKLM\...\{428D980B-9D77-4AAB-A4FC-00248C1882C8}) (Version: 1.3.4 - Mobile Stream)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FastStone Image Viewer 7.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.4 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.6.1.1 - Recisio)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.7.10 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 5.50 - NCH Software)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 8.01 - NCH Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.17.0 - Samsung Electronics Co., Ltd.)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 9.79 - NCH Software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)

Packages:
=========
Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-08] (Fillr)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.32.4.0_x86__kgqvnymyfvs32 [2020-03-05] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1710.1.0_x86__kgqvnymyfvs32 [2020-02-28] (king.com)
Cloud Drive! -> C:\Program Files\WindowsApps\5913DefineStudio.CloudDrive_4.9.0.0_x64__jj4r3mnwe2ey2 [2020-01-01] (Define Studio) [MS Ad]
Geek app-Wish -> C:\Program Files\WindowsApps\25912WinPhoneTotalApps.Geekapp-Wish_1.0.0.1_neutral__rdnsa2fnwy8xy [2020-01-12] (Wonderful World Apps (WWA))
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa [2020-01-29] (Apple Inc.) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2001.12.0_x64__k1h2ywk1493x8 [2020-02-28] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4 [2020-01-03] (LENOVO INC) [Startup Task]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20583.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-02-28] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
Movie Maker : Video Editor With Photo Slideshow -> C:\Program Files\WindowsApps\13941FunAppsMaker.MovieMakerVideoEditorWithPhotoSl_1.0.16.0_x64__yg31wsae9kk16 [2020-01-16] (FunAppsMaker) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad]
MultiRec -> C:\Program Files\WindowsApps\davidtanzer.net.MultiRec_1.0.2.0_x64__8k66xfnpkzez6 [2019-10-14] (David Tanzer)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.9.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)
Sketchpads -> C:\Program Files\WindowsApps\48791Untoldlies.Sketchpads_1.1.0.1_neutral__8yj6wf32v5cte [2019-12-29] (LiKZ)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0 [2020-03-05] (Spotify AB) [Startup Task]
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-08] (Nik Rolls)
Ultra Paint -> C:\Program Files\WindowsApps\D5BE6627.UltraPaint_2.0.3.0_x86__9pm2v9747qaaa [2020-02-13] (CompuClever Systems Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-03] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ronny\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2019-10-23 22:31 - 2019-10-23 22:36 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run: => "Blackweb Gaming AP"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "EasyTether"
HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "Paltalk"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{AA0C68E5-8F3D-4F7A-A2CA-74D5875ECA92}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D290D7F-B51E-440A-9C69-C43F5AFFFB1E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A5EBA336-D986-4597-95D2-1FD9ACA8E84E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AF73B399-A155-4B55-A474-8616E9F030E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{218F3333-5012-4BA0-836E-6A9F51C39D4D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F087B9C-F52A-46F2-888C-987D66701220}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{53F7BA74-C0B0-4649-85B9-CE5753F7F3EA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8C2F5129-16B2-4DBA-A8E0-AC574DBB8C85}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{716C029D-9851-4BAB-BB78-EA426DDDBD9D}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{C93ADECC-7050-42FC-A3D6-2DE856BF88F9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12527.20242.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3414BFAD-21A1-4832-9DDB-9C51ADBAAD92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AFD5B04D-19D9-4A38-8637-11B96764123E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{15CE8858-939B-414C-9C78-B6561499B58D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{78567BEC-C13B-44EB-B950-609C4AEE6053}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9495D1FD-10BE-4BC5-A3CF-49E5304CC41B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{49C8C205-1866-49FF-AF8D-63B1EF4B85CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E85F60CC-1D02-41DD-BA2B-1BE68D658ED2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7B4BA752-099B-4352-9340-69407657BA62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1E635050-C8BB-44F8-AFC0-983F22D6ED09}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

19-02-2020 12:45:21 Removed Java 8 Update 231
01-03-2020 14:14:18 Scheduled Checkpoint
08-03-2020 15:21:59 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: USB Audio CODEC
Description: USB Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Generic USB Audio)
Service: usbaudio
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Qualcomm Atheros QCA9377 Wireless Network Adapter #2
Description: Qualcomm Atheros QCA9377 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: Qcamain10x64
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: System Interface Foundation V2 Device
Description: System Interface Foundation V2 Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: ========================

Application errors:
==================
Error: (03/09/2020 07:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.553, time stamp: 0x5e3e03ac
Faulting module name: ntdll.dll, version: 10.0.17763.592, time stamp: 0x0f1b8afd
Exception code: 0xc0000374
Fault offset: 0x00000000000fb049
Faulting process id: 0x20d8
Faulting application start time: 0x01d5f67689f3b246
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 51606a6e-d185-4bbf-9679-8b185243fceb
Faulting package full name:
Faulting package-relative application ID:

Error: (03/09/2020 02:40:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.553, time stamp: 0x5e3e03ac
Faulting module name: ntdll.dll, version: 10.0.17763.592, time stamp: 0x0f1b8afd
Exception code: 0xc0000374
Fault offset: 0x00000000000fb049
Faulting process id: 0x290c
Faulting application start time: 0x01d5f64a89377881
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a25c934c-4e01-4d9b-a64f-c757fc190ce6
Faulting package full name:
Faulting package-relative application ID:

Error: (03/08/2020 10:14:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
Exception code: 0xe0434352
Fault offset: 0x0000000000039129
Faulting process id: 0x2424
Faulting application start time: 0x01d5f5c0db883abb
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 671dcc32-21f5-4a89-9077-22f44473e8d7
Faulting package full name:
Faulting package-relative application ID:

Error: (03/08/2020 10:14:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GfxDownloadWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
at GfxGameSettingsDownload.Program.Main(System.String[])

Error: (03/08/2020 01:13:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 8.3.2020.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6ac

Start Time: 01d5f5726507b678

Termination Time: 5

Application Path: C:\Users\ronny\Desktop\FRST64.exe

Report Id: 3823e4db-d596-44c5-88dc-9e88996f3fd1

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-process

Error: (03/08/2020 11:55:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 8.3.2020.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 14f8

Start Time: 01d5f567e02bc8fe

Termination Time: 0

Application Path: C:\Users\ronny\Desktop\FRST64.exe

Report Id: 060b5f83-96a5-4db9-b4e4-56d67a0907a6

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-process

Error: (03/07/2020 10:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
Exception code: 0xe0434352
Fault offset: 0x0000000000039129
Faulting process id: 0x36e4
Faulting application start time: 0x01d5f4f77ba27a6d
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3f6ad8d2-07da-4681-a1f8-e7c664c4ea20
Faulting package full name:
Faulting package-relative application ID:

Error: (03/07/2020 10:13:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GfxDownloadWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.DirectoryNotFoundException
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
at GfxGameSettingsDownload.Program.Main(System.String[])


System errors:
=============
Error: (03/09/2020 08:33:49 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/09/2020 08:32:52 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{E48EDA45-43C6-48E0-9323-A7B2067D9CD5}

Error: (03/09/2020 08:32:52 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{E48EDA45-43C6-48E0-9323-A7B2067D9CD5}

Error: (03/09/2020 08:32:41 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/09/2020 08:31:30 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (03/09/2020 08:30:41 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/09/2020 08:30:41 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (03/09/2020 08:30:41 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


Windows Defender:
===================================
Date: 2020-01-29 12:10:15.282
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {396DB32F-329D-4CA1-B855-88898DACEE7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-29 12:00:20.346
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1432EAAB-C3BC-4099-BFB2-4BF8C948F140}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-26 01:20:29.453
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1D46E386-20CC-4C51-9A04-6479414C8A63}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-17 01:22:26.603
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BE924E9C-C209-4E3A-A140-1F77F13EEA40}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-11 12:14:21.755
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {705343EE-9386-47F2-9305-DD4037B960A3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-09 20:26:23.265
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-03-09 20:26:23.265
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-03-09 20:26:23.264
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-03-09 20:26:23.256
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-03-09 20:26:23.256
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.309.903.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-03-08 09:45:06.581
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-03-08 09:44:15.064
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-03-08 09:44:06.029
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-03-08 09:43:54.346
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-03-08 09:43:42.308
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-03-08 09:43:42.178
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-03-08 09:43:42.009
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2020-03-07 20:13:04.476
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 8TCN53WW 05/17/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 38%
Total physical RAM: 4005.22 MB
Available physical RAM: 2482 MB
Total Virtual: 8357.22 MB
Available Virtual: 7099.63 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:872.02 GB) NTFS

\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

Partition: GPT.

==================== End of Addition.txt =======================

Juliet
2020-03-10, 13:30
No problems showing as infected, can remove a couple of things that are not malicious.

I want you to read over articles and see if maybe you have these windows updates on your computer.

https://www.techradar.com/news/yet-another-windows-10-fail-as-new-update-breaks-the-internet-heres-how-to-fix-it
https://www.techradar.com/news/the-latest-windows-10-update-is-so-broken-even-microsoft-thinks-you-should-uninstall-it

Also
How to Run Troubleshooters to Find and Fix Common Problems in Windows 10
https://www.tenforums.com/tutorials/76013-troubleshoot-problems-windows-10-troubleshooters.html

Also remember your in safe mode and you will need to reverse that back.

rcb56
2020-03-12, 01:04
ok juliet thanks. sorry i had to leave town. i'll read that as i still believe my updates don't all get through. i knew just these initial scans and anything usually pops up. i feel better getting checked and knowing it's not an infection. i can just delete farbar right?

rcb56
2020-03-12, 04:28
the first link i read and it led me into settings and on into showing installed updates giving me how to on uninstalling a problem update but in the end it showed i had no updates, all had failed. i guess i should be contacting microsoft.

rcb56
2020-03-12, 09:35
oh...:banghead:...i swear! i went to microsoft to get answers and seemed the best idea they gave was a fresh install of win10. i download the tool and ran it and after about 10 minutes ERROR...said it quit the instal but don't know why. :mad::mad::mad::mad::mad:

Juliet
2020-03-12, 13:50
dadgum.........

Let's try using System File Checker to see if somethings can be straightened out.

https://support.microsoft.com/en-us/help/4026529/windows-10-using-system-file-checker

rcb56
2020-03-13, 18:23
ok juliet, i tried every way of installing new and reset and each time failed. i asked questions at microsoft and that was 20 hours ago and no replys. :rolleyes::nono: i'll do that link and see. yesterday i used the media creation tool and it froze at 1%. i tried to close it but wouldn't. i had to reboot twice before my pc did anything. i know i was lucky to not locked up good but what do you do in an install that freezes or system restore freezes?

rcb56
2020-03-13, 21:05
i can't post the results and i cant get the to attach

Juliet
2020-03-14, 02:29
Something has gone belly up but I have no idea what.

Let me recommend you start a topic below (Have you been here before)
https://forums.whatthetech.com/index.php?showforum=119
explain what you've already tried and whats happening now.

rcb56
2020-03-14, 05:06
ok, i know just by looking the txt files dism are way long. i've been there and will try there. thanks juliett.

rcb56
2020-03-14, 09:22
well i was afraid of that...i have been there before and the first thing this guy is spittin stuff out from the 1st reply i don't know what he means. it's over my head and he's telling me to do stuff without any testing or reports. tells me i need both UEFI and legacy bios CFM, says i'll have to redo my partitions...i have no idea how and without someone sitting right here i'm not gonna try. this pc would have trouble from now on. i'll just have to take it in. thanks for your help!

Juliet
2020-03-14, 15:09
Ztruker has edited his post, please read over it again, he is mentioning you should attempt to backup the computer first so that your not losing anything. Actually an image backup.

Then he list Once you have that your data is safe, then you can do a Clean Install of Windows 10.

How to Clean Install Windows 10 https://www.tenforums.com/tutorials/1950-clean-install-windows-10-a.html <== very good forum by the way

Then restore your data from the backup.
Not trying to make this hard and uncomfortable for you, truly not.

rcb56
2020-03-14, 20:26
no i understand you aren't nor is he, i just have zero knowledge in this and less confidence. i'll re read his post. thanks.