PDA

View Full Version : is it microsoft or is it fake?



rcb56
2020-12-19, 04:33
that's my question after they took control of my pc and had me call a tech of theirs to let him into my pc to find the problem...lol, yea ok...hello stranger so you want in my pc? that what he said. i told him i'd get back with him on that. just being safe here, you may find nothing or a lot. thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (18-12-2020 20:16:22)
Running from C:\Users\ronny\Downloads
Loaded Profiles: ronny
Platform: Windows 10 Home Version 1909 18363.1256 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <35>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1667208 2020-11-23] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27660216 2020-11-10] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27660216 2020-11-10] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3157D448-CF82-4935-9BE8-7A38D7874FE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe
Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {6BD67C7B-1EED-4037-A8C9-B4B6359EADD4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {7D14A629-B295-47BB-9607-5A955A6F2FAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {97604842-DA68-4926-806B-C0861C13882C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {E01434BC-B825-49F7-BAD7-D42970B88A76} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {FA810C09-D881-4375-A1F0-17C65E6B4EEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1232e081-3ace-4211-9a2a-c7905161ff8c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{af97352d-e735-4ecd-bdfa-31997e5c514b}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ed8eb7c4-60b8-418b-a88b-903ebe971820}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{fd63fefb-e36d-4b82-a277-e20845b6d9ff}: [DhcpNameServer] 192.168.42.129

Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-18]
Edge DownloadDir: C:\Users\ronny\Downloads
Edge Notifications: Default -> hxxps://www.youtube.com
Edge HomePage: Default -> hxxps://www.oann.com/
Edge DefaultSearchURL: Default -> hxxps://images.crazygames.com/games/cannon-balls-3d/thumb-1576755043044.png?auto=format,compress&q=75&cs=strip&ch=DPR&w=192&h=192&fit=fill&fill=blur
Edge Extension: (Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bifnnkpgakamifkjfppdlmmbeojlgdfi [2020-07-28]
Edge Extension: (Featured Songs | SingSnap Karaoke) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hhiajehpjhiangplbhcdmaomkbcjkiok [2020-07-28]
Edge Extension: (Amazon Assistant) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2020-09-25]
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
Edge Extension: ((7) Facebook) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofohkhocbjomniionenjnkmhapjnahmj [2020-07-28]
Edge Extension: (8 Ball Pool - A free Sports Game) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pflldibpeogkdfhedafalghhpnfofnaj [2020-07-28]

FireFox:
========
FF DefaultProfile: 1a5my9te.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\1a5my9te.default [2020-12-18]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zb50iane.default-release [2020-12-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [117168 2015-08-07] (Andrea Electronics -> Andrea Electronics Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-13] (Malwarebytes Inc -> Malwarebytes)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1337784 2020-09-30] (A.V.M. SOFTWARE, INC. -> AVM Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [231936 2019-10-06] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\windows\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 e2esoft_ivcamaudio_simple; C:\windows\system32\drivers\iVCamAud.sys [255464 2020-11-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-11-13] (Malwarebytes Corporation -> Malwarebytes)
S3 iVCam; C:\windows\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-09] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [19912 2020-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [197792 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [138904 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\windows\system32\DRIVERS\stdriverx64.sys [54664 2020-07-15] (NCH Software Pty Ltd -> )
R3 VCAM_WDM; C:\windows\system32\DRIVERS\VCam_WDM.sys [1090984 2018-03-13] (Shanghai Yitu Information Technology Co.,Ltd. -> e2eSoft)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-18 20:16 - 2020-12-18 20:17 - 000015158 _____ C:\Users\ronny\Downloads\FRST.txt
2020-12-18 20:13 - 2020-12-18 20:16 - 000000000 ____D C:\FRST
2020-12-18 20:11 - 2020-12-18 20:12 - 002286592 _____ (Farbar) C:\Users\ronny\Downloads\FRST64.exe
2020-12-18 20:11 - 2020-12-18 20:11 - 002286592 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 748936.crdownload
2020-12-18 20:02 - 2020-12-18 20:02 - 000000207 _____ C:\windows\tweaking.com-regbackup-DADS-Windows-10-Home-(64-bit).dat
2020-12-18 20:02 - 2020-12-18 20:02 - 000000000 ____D C:\RegBackup
2020-12-18 20:01 - 2020-12-18 20:02 - 000017987 _____ C:\windows\Tweaking.com - Registry Backup Setup Log.txt
2020-12-18 20:01 - 2020-12-18 20:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup.exe
2020-12-18 20:01 - 2020-12-18 20:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2020-12-18 20:01 - 2020-12-18 20:01 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2020-12-18 20:01 - 2020-12-18 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-12-18 20:01 - 2020-12-18 20:01 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-12-18 19:41 - 2020-12-18 19:41 - 000015194 _____ C:\Users\ronny\Downloads\This computer is BLOCKED.html
2020-12-16 23:22 - 2020-12-16 23:22 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc (2).xlsx
2020-12-16 23:19 - 2020-12-16 23:19 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc.xlsx
2020-12-16 23:19 - 2020-12-16 23:19 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc (1).xlsx
2020-12-16 23:19 - 2020-12-16 23:19 - 000000000 ____D C:\Users\ronny\AppData\Roaming\LibreOffice
2020-12-16 15:16 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\windows\system32\Drivers\ssudbus2.sys
2020-12-15 22:10 - 2020-12-15 22:10 - 000197792 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2020-12-15 22:10 - 2020-12-15 22:10 - 000138904 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2020-12-15 22:10 - 2020-12-15 22:10 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2020-12-15 21:59 - 2020-12-15 21:59 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\ProgramData\Logishrd
2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\Program Files\Logitech
2020-12-15 21:56 - 2020-12-15 21:56 - 211968984 _____ (Logitech Inc.) C:\Users\ronny\Downloads\Options_8.36.86.exe
2020-12-14 23:50 - 2020-12-14 23:50 - 000117740 _____ C:\windows\system32\cc_20201214_235031.reg
2020-12-14 23:35 - 2020-12-18 19:50 - 000000000 ____D C:\Program Files\CCleaner
2020-12-14 23:35 - 2020-12-17 19:44 - 000004210 _____ C:\windows\system32\Tasks\CCleaner Update
2020-12-14 23:35 - 2020-12-14 23:35 - 000002866 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2020-12-14 23:35 - 2020-12-14 23:35 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-12-14 23:35 - 2020-12-14 23:35 - 000000870 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-12-14 23:35 - 2020-12-14 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-12-14 23:34 - 2020-12-14 23:35 - 030536752 _____ (Piriform Software Ltd) C:\Users\ronny\Downloads\ccsetup575.exe
2020-12-14 02:59 - 2020-11-04 00:13 - 000255464 _____ (e2eSoft) C:\windows\system32\Drivers\iVCamAud.sys
2020-12-14 02:56 - 2020-12-14 02:56 - 018077432 _____ (e2eSoft ) C:\Users\ronny\Downloads\iVCam_x64_v6.1.5.exe
2020-12-14 02:54 - 2020-12-14 02:54 - 000000000 ____D C:\windows\LastGood.Tmp
2020-12-14 02:54 - 2020-11-02 18:40 - 001090536 _____ (e2eSoft) C:\windows\system32\Drivers\iVCam.sys
2020-12-14 02:53 - 2020-12-14 02:53 - 015804440 _____ (e2eSoft ) C:\Users\ronny\Downloads\iVCam_v4.6.exe
2020-12-11 03:38 - 2020-12-11 03:38 - 003768309 _____ C:\Users\ronny\Downloads\OneDrive-2020-12-11.zip
2020-12-09 12:32 - 2020-12-09 12:32 - 000220160 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2020-12-09 01:27 - 2020-12-09 01:27 - 002045952 _____ C:\windows\system32\rdpnano.dll
2020-12-09 01:27 - 2020-12-09 01:27 - 001756600 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2020-12-09 01:27 - 2020-12-09 01:27 - 001366144 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2020-12-09 01:27 - 2020-12-09 01:27 - 000171008 _____ C:\windows\system32\FsNVSDeviceSource.dll
2020-12-09 01:27 - 2020-12-09 01:27 - 000102912 _____ (Microsoft Corporation) C:\windows\system32\ncpa.cpl
2020-12-09 01:27 - 2020-12-09 01:27 - 000100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncpa.cpl
2020-12-09 01:27 - 2020-12-09 01:27 - 000059392 _____ C:\windows\system32\runexehelper.exe
2020-12-09 01:27 - 2020-12-09 01:27 - 000001370 _____ C:\windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-09 01:27 - 2020-12-09 01:27 - 000000357 _____ C:\windows\system32\DrtmAuth14.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000357 _____ C:\windows\system32\DrtmAuth13.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth9.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth8.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth7.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth6.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth5.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth4.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth3.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth2.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth18.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth17.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth16.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth15.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth12.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth11.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth10.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth1.bin
2020-12-04 12:27 - 2020-12-04 12:31 - 015412776 _____ C:\Users\ronny\Downloads\DroidCam.Setup.6.3.3.exe
2020-12-04 10:23 - 2020-12-04 10:59 - 062378712 _____ (Dwyco, Inc. ) C:\Users\ronny\Downloads\cdcxdwy.exe
2020-11-30 15:34 - 2020-11-30 15:34 - 000301570 _____ C:\Users\ronny\Downloads\2556 (2).dcr
2020-11-30 15:34 - 2020-11-30 15:34 - 000301570 _____ C:\Users\ronny\Downloads\2556 (1).dcr
2020-11-27 19:57 - 2020-11-27 19:57 - 029043984 _____ () C:\Users\ronny\Downloads\WiFi_22.0.0_Driver64_Win10.exe
2020-11-27 19:46 - 2020-11-27 19:46 - 008331800 _____ C:\Users\ronny\Downloads\16 watch back over your shoulder.m4a
2020-11-25 18:20 - 2020-11-25 18:20 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2020-11-21 23:40 - 2020-11-21 23:40 - 000000000 ___HD C:\$SysReset
2020-11-20 01:02 - 2020-11-20 01:02 - 000301570 _____ C:\Users\ronny\Downloads\2556.dcr

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-18 19:57 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-18 19:52 - 2019-10-23 14:32 - 000840852 _____ C:\windows\system32\PerfStringBackup.INI
2020-12-18 19:52 - 2019-03-18 22:50 - 000000000 ____D C:\windows\INF
2020-12-18 19:49 - 2020-07-01 21:15 - 000000000 ___RD C:\Users\ronny\OneDrive
2020-12-18 19:49 - 2020-06-08 10:08 - 000000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-18 19:48 - 2020-07-01 21:08 - 000000000 ____D C:\Users\ronny
2020-12-18 19:48 - 2019-10-23 13:31 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-12-18 19:48 - 2019-10-23 13:31 - 000000000 ____D C:\windows\system32\SleepStudy
2020-12-18 14:37 - 2020-07-10 04:21 - 000004142 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
2020-12-18 12:25 - 2019-03-18 22:52 - 000000000 ____D C:\windows\AppReadiness
2020-12-16 15:17 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-16 01:43 - 2020-07-10 06:41 - 006275072 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
2020-12-15 22:31 - 2020-07-10 06:41 - 006275072 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
2020-12-15 22:11 - 2020-07-01 21:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2020-12-15 22:09 - 2019-03-18 22:37 - 000786432 _____ C:\windows\system32\config\BBI
2020-12-15 21:29 - 2020-07-10 04:36 - 000000000 ____D C:\Users\ronny\AppData\Local\e2eSoft
2020-12-15 21:29 - 2020-07-10 04:20 - 000000000 ____D C:\Program Files (x86)\e2eSoft
2020-12-14 23:57 - 2020-07-01 21:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2020-12-14 23:41 - 2020-11-12 21:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2020-12-14 23:41 - 2020-07-01 21:02 - 000000000 ____D C:\windows\minidump
2020-12-14 23:41 - 2019-10-23 14:30 - 000000000 ____D C:\windows\Panther
2020-12-14 23:41 - 2019-03-18 22:52 - 000000000 ____D C:\windows\LiveKernelReports
2020-12-14 22:58 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\NDF
2020-12-14 22:40 - 2020-09-06 13:10 - 000000000 ____D C:\Program Files (x86)\ClipX
2020-12-14 21:12 - 2020-07-03 00:16 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
2020-12-13 02:41 - 2020-07-12 10:01 - 000000000 ____D C:\ProgramData\Paltalk Update
2020-12-13 02:11 - 2020-07-12 10:00 - 000000000 ____D C:\Program Files (x86)\Paltalk
2020-12-12 22:57 - 2020-07-19 07:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-12 22:57 - 2020-07-19 07:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-12 22:57 - 2020-07-19 07:00 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-12 02:39 - 2020-07-01 21:15 - 000003354 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-687888615-3449104039-937635755-1001
2020-12-12 02:39 - 2020-07-01 21:15 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-11 09:15 - 2020-07-01 21:15 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2020-12-11 03:25 - 2020-09-16 12:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-09 12:33 - 2019-10-23 13:34 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-09 12:32 - 2020-07-01 21:12 - 000000000 ___RD C:\Users\ronny\3D Objects
2020-12-09 12:32 - 2019-10-23 13:31 - 000438640 _____ C:\windows\system32\FNTCACHE.DAT
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Dism
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SystemResources
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\oobe
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Dism
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\ShellExperiences
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\bcastdvr
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-09 01:30 - 2019-03-18 22:37 - 000000000 ____D C:\windows\CbsTemp
2020-12-08 21:16 - 2020-07-02 23:50 - 000004524 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-12-08 21:16 - 2019-03-18 22:56 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2020-12-08 21:16 - 2019-03-18 22:56 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-12-08 21:16 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Macromed
2020-12-08 21:16 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Macromed
2020-12-04 12:32 - 2020-07-09 18:50 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-04 11:00 - 2020-07-10 04:03 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2020-12-04 10:32 - 2019-10-23 13:31 - 000000000 ____D C:\windows\system32\Drivers\wd
2020-12-03 14:18 - 2019-10-23 14:40 - 000003418 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 14:18 - 2019-10-23 14:40 - 000003294 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-02 17:19 - 2019-10-23 14:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 17:19 - 2019-10-23 14:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-02 17:19 - 2019-10-23 14:40 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-30 08:21 - 2020-07-19 07:00 - 000003480 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-30 08:21 - 2020-07-19 07:00 - 000003356 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 19:59 - 2020-06-08 10:08 - 000000000 ____D C:\Program Files\Intel
2020-11-25 11:20 - 2020-09-16 12:35 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-22 00:58 - 2020-08-12 10:00 - 000000000 ____D C:\Program Files (x86)\Easy Thumbnails
2020-11-22 00:57 - 2020-11-16 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Thumbnails
2020-11-22 00:57 - 2020-09-30 00:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-22 00:57 - 2020-08-16 21:44 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Easy Thumbnails
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Portable Devices
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ___RD C:\windows\PrintDialog
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ___HD C:\windows\ELAMBKUP
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\PolicyDefinitions
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\L2Schemas
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\IME
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\DiagTrack
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\Containers
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files\Common Files\System
2020-11-22 00:57 - 2019-03-18 22:37 - 000000000 ____D C:\windows\servicing
2020-11-22 00:52 - 2019-03-19 00:19 - 000000000 ____D C:\windows\system32\OpenSSH
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\SysWOW64\F12
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\SysWOW64\DiagSvcs
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\UNP
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\F12
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\dsc
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\DiagSvcs
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\TextInput
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\setup
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\PerceptionSimulation
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\oobe
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\migwiz
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\InstallShield
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\downlevel
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Com
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\AdvancedInstallers
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\WinMetadata
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\WinBioPlugIns
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\SystemResetPlatform
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Sysprep
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\ShellExperiences
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\setup
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\PerceptionSimulation
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\migwiz
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\InputMethod
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\downlevel
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\DDFs
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Com
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\appraiser
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\AdvancedInstallers
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\ShellComponents
2020-11-22 00:31 - 2019-03-18 22:52 - 000000000 ____D C:\windows\registration

==================== Files in the root of some directories ========

2020-07-10 04:21 - 2020-07-10 04:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by ronny (18-12-2020 20:18:03)
Running from C:\Users\ronny\Downloads
Windows 10 Home Version 1909 18363.1256 (X64) (2020-07-02 03:02:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Dwyco CDC-X version 2.30 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.30 - Dwyco, Inc.)
e2eSoft VCam 6.4 (HKLM-x32\...\VCam_is1) (Version: 6.4 - e2eSoft)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.36.86 - Logitech)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Firefox 43.0 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0 (x64 en-US)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 6.42 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 11.27 - NCH Software)

Packages:
=========
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.0.26.0_x64__0aqw1zw0x2snt [2020-12-02] (韵华软件) [MS Ad]
Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_1.1.0.0_x86__0ah1jqwq7j8nj [2020-12-11] (Ironjaw Studios Private Limited) [MS Ad]
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.50.7.0_x86__kgqvnymyfvs32 [2020-12-16] (king.com)
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.35.0_x64__xsbsxxypt8dh6 [2020-12-16] (eyacker.com)
Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.9.0_x64__q68sgvev02mx6 [2020-11-22] (Swisspix) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Studios) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok

==================== Loaded Modules (Whitelisted) =============

2020-10-09 12:56 - 2020-10-09 12:56 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 22:49 - 2019-03-18 22:49 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Desktop\Grand-Teton-National-Park-Wyoming.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1EFE4B38-276B-4B44-B0F7-A28E15464D81}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{2811985E-4113-43E9-91BC-9538D7559372}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{59D56F90-F78C-4975-B93B-BC7113E70530}C:\program files (x86)\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files (x86)\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query User{A6C00DBA-BDA5-4E65-9447-C6482AC5F8D8}C:\program files (x86)\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files (x86)\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [{5B55DA72-E057-4E45-BE35-E09C0C0759F7}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [{17E8ABB5-14C9-4C7D-B730-018C58B1E484}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [TCP Query User{2F221377-8491-488A-BDA7-003BE5028821}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{BF8399EB-40A7-4C06-A57B-9477A0FE9ECA}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{2E835BC0-9A0F-4588-9095-605F448A1D05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4419992-6231-4561-885A-8A0DF09DEC6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A57B8224-7F4B-4CE6-AEC1-6CB81CFA8FE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EE4753E1-9862-4FEA-8018-675B60397C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{94A83817-8FB6-4ECB-8CAC-8DBE6A9698EC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [{0C212BF3-8492-42EF-9255-0AF5CC41A6CA}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)

==================== Restore Points =========================

06-12-2020 17:00:39 Scheduled Checkpoint
14-12-2020 22:39:27 Removed Speedtest by Ookla

==================== Faulty Device Manager Devices ============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead

Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Dads.local. Addr 192.168.1.4

Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F

Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA FE80:0000:0000:0000:088D:D0CD:FD1C:D91F

Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F

Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Dads.local. Addr 192.168.1.4

Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F

Error: (12/17/2020 08:10:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead


System errors:
=============
Error: (12/18/2020 07:48:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:46:42 PM on ‎12/‎18/‎2020 was unexpected.

Error: (12/17/2020 09:40:16 AM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 4 failed to bind to its provider.

Error: (12/17/2020 09:40:16 AM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv4 TCP/IP interface with index 4 failed to bind to its provider.

Error: (12/17/2020 09:40:16 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Remote NDIS based Internet Sharing Device #3, {1232e081-3ace-4211-9a2a-c7905161ff8c}, had event 74

Error: (12/14/2020 11:49:30 PM) (Source: DCOM) (EventID: 10000) (User: DADS)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (12/14/2020 11:41:17 PM) (Source: DCOM) (EventID: 10000) (User: DADS)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (12/14/2020 11:28:07 PM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: The server Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (12/14/2020 11:01:33 PM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: The server Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2020-12-08 19:38:26.065
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0452B4B1-4213-400E-8B6F-A8FCE041DCC0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-07 15:12:22.939
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A50EFC74-6F1F-494A-9DB6-79E9DED16A40}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-06 13:01:24.017
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D28B6F6A-FF82-428C-A00F-3919158CC07A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-07-22 02:55:54.791
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5454A90F-D8A4-4859-9E10-F51C4357ACCA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-07-04 05:00:11.879
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9AC034E9-45EC-48FB-ADE9-F0F335743D33}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-08 10:42:24.209
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.2240.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-11-07 12:23:10.002
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.510.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2020-11-07 12:23:10.001
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.510.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2020-11-07 12:23:10.001
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.510.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2020-09-01 01:39:39.958
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.2097.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80072f8f
Error description: A security error occurred

CodeIntegrity:
===================================

Date: 2020-12-18 20:07:23.677
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2020-12-18 20:07:23.675
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2020-12-18 20:07:23.185
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2020-12-18 20:07:23.184
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2020-12-18 20:07:15.696
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 20:07:15.695
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 20:06:44.717
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-18 20:06:44.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Hewlett-Packard L01 v02.65 07/13/2015
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 8082.33 MB
Available physical RAM: 3643.05 MB
Total Virtual: 9362.33 MB
Available Virtual: 4738.89 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:882.33 GB) NTFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:336.59 GB) NTFS

\\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ (Recovery image) (Fixed) (Total:0.73 GB) (Free:0.3 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=749 MB) - (Type=27)

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2020-12-18 20:20:07
-----------------------------
20:20:07.706 OS Version: Windows x64 6.2.9200
20:20:07.706 Number of processors: 4 586 0x3C03
20:20:07.716 ComputerName: DADS UserName:
20:20:12.465 Initialize success
20:20:12.557 VM: initialized successfully
20:20:12.557 VM: Intel CPU BiosDisabled
20:24:01.674 AVAST engine defs: 17030301
20:24:06.745 The log file has been saved successfully to "C:\Users\ronny\OneDrive\Desktop\aswMBR.txt"

Juliet
2020-12-19, 16:56
YOUR COMPUTER HAS BEEN BLOCKED Tech Support Scam
is an web browser advertisement shown by scammy remote tech support companies that try to scare visitors into thinking that they are infected so they call the listed phone number. I want to make it clear that if you see this alert in a web browser then your computer is fine! This is just an advertisement and you should not call the number or purchase any services from them.
https://www.bleepingcomputer.com/virus-removal/remove-the-your-computer-has-been-blocked-tech-support-scam

almost all browser based tech support scams can be closed by simply opening Windows Task Manager and ending the browser process. It is important, though, that if you end the browser process that you do not reopen previously closed sites if prompted by the browser when you start it again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
FirewallRules: [{5B55DA72-E057-4E45-BE35-E09C0C0759F7}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [{17E8ABB5-14C9-4C7D-B730-018C58B1E484}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download and run AdwCleaner

Download AdwCleaner from here (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your desktop.

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

Logs to include with the next post:

Fixlog.txt
AdwCleaner log
Mbam.txt

rcb56
2020-12-19, 19:29
ok juliet thanks, here are those reports. thanks...



Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by ronny (19-12-2020 11:09:14) Run:1
Running from C:\Users\ronny\Downloads
Loaded Profiles: ronny
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
FirewallRules: [{5B55DA72-E057-4E45-BE35-E09C0C0759F7}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [{17E8ABB5-14C9-4C7D-B730-018C58B1E484}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk => moved successfully
C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk => Shortcut argument removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk => Shortcut argument removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B55DA72-E057-4E45-BE35-E09C0C0759F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17E8ABB5-14C9-4C7D-B730-018C58B1E484}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe" => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\AdobeARM.log => moved successfully
C:\Windows\Temp\ArmUI.ini => moved successfully
C:\Windows\Temp\mat-debug-12736.log => moved successfully
C:\Windows\Temp\mat-debug-4648.log => moved successfully
C:\Windows\Temp\mat-debug-5768.log => moved successfully
C:\Windows\Temp\mat-debug-668.log => moved successfully
C:\Windows\Temp\mat-debug-7916.log => moved successfully
C:\Windows\Temp\mat-debug-8340.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38262557 B
Java, Flash, Steam htmlcache => 1229 B
Windows/system/drivers => 3664611 B
Edge => 11432926 B
Chrome => 0 B
Firefox => 27842288 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15524 B
NetworkService => 31504062 B
ronny => 254211869 B

RecycleBin => 110106 B
EmptyTemp: => 360.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:09:49 ====

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-19-2020
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1406 octets] - [19/12/2020 11:15:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/19/20
Scan Time: 11:22 AM
Log File: bea1a886-421e-11eb-ae2c-5065f31c66a8.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.34527
License: Premium

-System Information-
OS: Windows 10 (Build 18362.1256)
CPU: x64
File System: NTFS
User: DADS\ronny

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 284654
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Juliet
2020-12-19, 21:35
If you didnt allow access to your computer (please dont ever do that) I think your OK.
What they do while on the computer is start going through documents, favorites to locate bank sites or stored shopping card info, other things they feel they could get access to that might turn up money.

I'm not seeing an infection on the machine but let's do an online to see if any remnants are found.


Download
ESET Online Scanner (https://www.eset.com/us/home/online-scanner/) and save it to your desktop.


Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

How is the computer now?

rcb56
2020-12-19, 22:48
ok juliet, no i didn't let him do anything. thanks for all your help.

12/19/2020 14:45:50 PM
Files scanned: 399715
Detected files: 1
Cleaned files: 1
Total scan time 00:57:17
Scan status: Finished
C:\Users\ronny\Downloads\This computer is BLOCKED.html HTML/FakeAlert.SP trojan cleaned by deleting

rcb56
2020-12-20, 15:07
asking about my pc, it has been fine, i just wanted to make sure those pop ups did no harm. i knew i hadn't let him do anything so i was just making sure. thanks!

Juliet
2020-12-20, 16:03
Your in good shape now.

I think to help secure your computer you should add add-ons like NoScript or AdBlocker to help keep this kind of pop up from happening.


AdBlock
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

NoScript <== can take a while to get used to, but good at blocking java script.
https://addons.mozilla.org/en-US/firefox/addon/noscript/


Let's remove tools and quarantine folders.

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:


- Delete tools
- Delete now

Click the "Run" button.




When the tool has finished, it will create and open a log report and delete itself.

rcb56
2020-12-21, 00:47
thanks juliet, i know now this happens what to do and not do. i hope others may read it and know also. thanks again!

Juliet
2020-12-21, 13:53
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.