rcb56
2020-12-19, 04:33
that's my question after they took control of my pc and had me call a tech of theirs to let him into my pc to find the problem...lol, yea ok...hello stranger so you want in my pc? that what he said. i told him i'd get back with him on that. just being safe here, you may find nothing or a lot. thank you!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (18-12-2020 20:16:22)
Running from C:\Users\ronny\Downloads
Loaded Profiles: ronny
Platform: Windows 10 Home Version 1909 18363.1256 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <35>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1667208 2020-11-23] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27660216 2020-11-10] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27660216 2020-11-10] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3157D448-CF82-4935-9BE8-7A38D7874FE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe
Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {6BD67C7B-1EED-4037-A8C9-B4B6359EADD4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {7D14A629-B295-47BB-9607-5A955A6F2FAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {97604842-DA68-4926-806B-C0861C13882C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {E01434BC-B825-49F7-BAD7-D42970B88A76} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {FA810C09-D881-4375-A1F0-17C65E6B4EEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1232e081-3ace-4211-9a2a-c7905161ff8c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{af97352d-e735-4ecd-bdfa-31997e5c514b}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ed8eb7c4-60b8-418b-a88b-903ebe971820}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{fd63fefb-e36d-4b82-a277-e20845b6d9ff}: [DhcpNameServer] 192.168.42.129
Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-18]
Edge DownloadDir: C:\Users\ronny\Downloads
Edge Notifications: Default -> hxxps://www.youtube.com
Edge HomePage: Default -> hxxps://www.oann.com/
Edge DefaultSearchURL: Default -> hxxps://images.crazygames.com/games/cannon-balls-3d/thumb-1576755043044.png?auto=format,compress&q=75&cs=strip&ch=DPR&w=192&h=192&fit=fill&fill=blur
Edge Extension: (Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bifnnkpgakamifkjfppdlmmbeojlgdfi [2020-07-28]
Edge Extension: (Featured Songs | SingSnap Karaoke) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hhiajehpjhiangplbhcdmaomkbcjkiok [2020-07-28]
Edge Extension: (Amazon Assistant) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2020-09-25]
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
Edge Extension: ((7) Facebook) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofohkhocbjomniionenjnkmhapjnahmj [2020-07-28]
Edge Extension: (8 Ball Pool - A free Sports Game) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pflldibpeogkdfhedafalghhpnfofnaj [2020-07-28]
FireFox:
========
FF DefaultProfile: 1a5my9te.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\1a5my9te.default [2020-12-18]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zb50iane.default-release [2020-12-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [117168 2015-08-07] (Andrea Electronics -> Andrea Electronics Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-13] (Malwarebytes Inc -> Malwarebytes)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1337784 2020-09-30] (A.V.M. SOFTWARE, INC. -> AVM Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [231936 2019-10-06] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\windows\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 e2esoft_ivcamaudio_simple; C:\windows\system32\drivers\iVCamAud.sys [255464 2020-11-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-11-13] (Malwarebytes Corporation -> Malwarebytes)
S3 iVCam; C:\windows\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-09] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [19912 2020-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [197792 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [138904 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\windows\system32\DRIVERS\stdriverx64.sys [54664 2020-07-15] (NCH Software Pty Ltd -> )
R3 VCAM_WDM; C:\windows\system32\DRIVERS\VCam_WDM.sys [1090984 2018-03-13] (Shanghai Yitu Information Technology Co.,Ltd. -> e2eSoft)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-18 20:16 - 2020-12-18 20:17 - 000015158 _____ C:\Users\ronny\Downloads\FRST.txt
2020-12-18 20:13 - 2020-12-18 20:16 - 000000000 ____D C:\FRST
2020-12-18 20:11 - 2020-12-18 20:12 - 002286592 _____ (Farbar) C:\Users\ronny\Downloads\FRST64.exe
2020-12-18 20:11 - 2020-12-18 20:11 - 002286592 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 748936.crdownload
2020-12-18 20:02 - 2020-12-18 20:02 - 000000207 _____ C:\windows\tweaking.com-regbackup-DADS-Windows-10-Home-(64-bit).dat
2020-12-18 20:02 - 2020-12-18 20:02 - 000000000 ____D C:\RegBackup
2020-12-18 20:01 - 2020-12-18 20:02 - 000017987 _____ C:\windows\Tweaking.com - Registry Backup Setup Log.txt
2020-12-18 20:01 - 2020-12-18 20:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup.exe
2020-12-18 20:01 - 2020-12-18 20:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2020-12-18 20:01 - 2020-12-18 20:01 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2020-12-18 20:01 - 2020-12-18 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-12-18 20:01 - 2020-12-18 20:01 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-12-18 19:41 - 2020-12-18 19:41 - 000015194 _____ C:\Users\ronny\Downloads\This computer is BLOCKED.html
2020-12-16 23:22 - 2020-12-16 23:22 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc (2).xlsx
2020-12-16 23:19 - 2020-12-16 23:19 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc.xlsx
2020-12-16 23:19 - 2020-12-16 23:19 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc (1).xlsx
2020-12-16 23:19 - 2020-12-16 23:19 - 000000000 ____D C:\Users\ronny\AppData\Roaming\LibreOffice
2020-12-16 15:16 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\windows\system32\Drivers\ssudbus2.sys
2020-12-15 22:10 - 2020-12-15 22:10 - 000197792 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2020-12-15 22:10 - 2020-12-15 22:10 - 000138904 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2020-12-15 22:10 - 2020-12-15 22:10 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2020-12-15 21:59 - 2020-12-15 21:59 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\ProgramData\Logishrd
2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\Program Files\Logitech
2020-12-15 21:56 - 2020-12-15 21:56 - 211968984 _____ (Logitech Inc.) C:\Users\ronny\Downloads\Options_8.36.86.exe
2020-12-14 23:50 - 2020-12-14 23:50 - 000117740 _____ C:\windows\system32\cc_20201214_235031.reg
2020-12-14 23:35 - 2020-12-18 19:50 - 000000000 ____D C:\Program Files\CCleaner
2020-12-14 23:35 - 2020-12-17 19:44 - 000004210 _____ C:\windows\system32\Tasks\CCleaner Update
2020-12-14 23:35 - 2020-12-14 23:35 - 000002866 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2020-12-14 23:35 - 2020-12-14 23:35 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-12-14 23:35 - 2020-12-14 23:35 - 000000870 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-12-14 23:35 - 2020-12-14 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-12-14 23:34 - 2020-12-14 23:35 - 030536752 _____ (Piriform Software Ltd) C:\Users\ronny\Downloads\ccsetup575.exe
2020-12-14 02:59 - 2020-11-04 00:13 - 000255464 _____ (e2eSoft) C:\windows\system32\Drivers\iVCamAud.sys
2020-12-14 02:56 - 2020-12-14 02:56 - 018077432 _____ (e2eSoft ) C:\Users\ronny\Downloads\iVCam_x64_v6.1.5.exe
2020-12-14 02:54 - 2020-12-14 02:54 - 000000000 ____D C:\windows\LastGood.Tmp
2020-12-14 02:54 - 2020-11-02 18:40 - 001090536 _____ (e2eSoft) C:\windows\system32\Drivers\iVCam.sys
2020-12-14 02:53 - 2020-12-14 02:53 - 015804440 _____ (e2eSoft ) C:\Users\ronny\Downloads\iVCam_v4.6.exe
2020-12-11 03:38 - 2020-12-11 03:38 - 003768309 _____ C:\Users\ronny\Downloads\OneDrive-2020-12-11.zip
2020-12-09 12:32 - 2020-12-09 12:32 - 000220160 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2020-12-09 01:27 - 2020-12-09 01:27 - 002045952 _____ C:\windows\system32\rdpnano.dll
2020-12-09 01:27 - 2020-12-09 01:27 - 001756600 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2020-12-09 01:27 - 2020-12-09 01:27 - 001366144 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2020-12-09 01:27 - 2020-12-09 01:27 - 000171008 _____ C:\windows\system32\FsNVSDeviceSource.dll
2020-12-09 01:27 - 2020-12-09 01:27 - 000102912 _____ (Microsoft Corporation) C:\windows\system32\ncpa.cpl
2020-12-09 01:27 - 2020-12-09 01:27 - 000100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncpa.cpl
2020-12-09 01:27 - 2020-12-09 01:27 - 000059392 _____ C:\windows\system32\runexehelper.exe
2020-12-09 01:27 - 2020-12-09 01:27 - 000001370 _____ C:\windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-09 01:27 - 2020-12-09 01:27 - 000000357 _____ C:\windows\system32\DrtmAuth14.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000357 _____ C:\windows\system32\DrtmAuth13.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth9.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth8.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth7.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth6.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth5.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth4.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth3.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth2.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth18.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth17.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth16.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth15.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth12.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth11.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth10.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth1.bin
2020-12-04 12:27 - 2020-12-04 12:31 - 015412776 _____ C:\Users\ronny\Downloads\DroidCam.Setup.6.3.3.exe
2020-12-04 10:23 - 2020-12-04 10:59 - 062378712 _____ (Dwyco, Inc. ) C:\Users\ronny\Downloads\cdcxdwy.exe
2020-11-30 15:34 - 2020-11-30 15:34 - 000301570 _____ C:\Users\ronny\Downloads\2556 (2).dcr
2020-11-30 15:34 - 2020-11-30 15:34 - 000301570 _____ C:\Users\ronny\Downloads\2556 (1).dcr
2020-11-27 19:57 - 2020-11-27 19:57 - 029043984 _____ () C:\Users\ronny\Downloads\WiFi_22.0.0_Driver64_Win10.exe
2020-11-27 19:46 - 2020-11-27 19:46 - 008331800 _____ C:\Users\ronny\Downloads\16 watch back over your shoulder.m4a
2020-11-25 18:20 - 2020-11-25 18:20 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2020-11-21 23:40 - 2020-11-21 23:40 - 000000000 ___HD C:\$SysReset
2020-11-20 01:02 - 2020-11-20 01:02 - 000301570 _____ C:\Users\ronny\Downloads\2556.dcr
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-18 19:57 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-18 19:52 - 2019-10-23 14:32 - 000840852 _____ C:\windows\system32\PerfStringBackup.INI
2020-12-18 19:52 - 2019-03-18 22:50 - 000000000 ____D C:\windows\INF
2020-12-18 19:49 - 2020-07-01 21:15 - 000000000 ___RD C:\Users\ronny\OneDrive
2020-12-18 19:49 - 2020-06-08 10:08 - 000000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-18 19:48 - 2020-07-01 21:08 - 000000000 ____D C:\Users\ronny
2020-12-18 19:48 - 2019-10-23 13:31 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-12-18 19:48 - 2019-10-23 13:31 - 000000000 ____D C:\windows\system32\SleepStudy
2020-12-18 14:37 - 2020-07-10 04:21 - 000004142 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
2020-12-18 12:25 - 2019-03-18 22:52 - 000000000 ____D C:\windows\AppReadiness
2020-12-16 15:17 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-16 01:43 - 2020-07-10 06:41 - 006275072 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
2020-12-15 22:31 - 2020-07-10 06:41 - 006275072 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
2020-12-15 22:11 - 2020-07-01 21:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2020-12-15 22:09 - 2019-03-18 22:37 - 000786432 _____ C:\windows\system32\config\BBI
2020-12-15 21:29 - 2020-07-10 04:36 - 000000000 ____D C:\Users\ronny\AppData\Local\e2eSoft
2020-12-15 21:29 - 2020-07-10 04:20 - 000000000 ____D C:\Program Files (x86)\e2eSoft
2020-12-14 23:57 - 2020-07-01 21:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2020-12-14 23:41 - 2020-11-12 21:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2020-12-14 23:41 - 2020-07-01 21:02 - 000000000 ____D C:\windows\minidump
2020-12-14 23:41 - 2019-10-23 14:30 - 000000000 ____D C:\windows\Panther
2020-12-14 23:41 - 2019-03-18 22:52 - 000000000 ____D C:\windows\LiveKernelReports
2020-12-14 22:58 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\NDF
2020-12-14 22:40 - 2020-09-06 13:10 - 000000000 ____D C:\Program Files (x86)\ClipX
2020-12-14 21:12 - 2020-07-03 00:16 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
2020-12-13 02:41 - 2020-07-12 10:01 - 000000000 ____D C:\ProgramData\Paltalk Update
2020-12-13 02:11 - 2020-07-12 10:00 - 000000000 ____D C:\Program Files (x86)\Paltalk
2020-12-12 22:57 - 2020-07-19 07:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-12 22:57 - 2020-07-19 07:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-12 22:57 - 2020-07-19 07:00 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-12 02:39 - 2020-07-01 21:15 - 000003354 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-687888615-3449104039-937635755-1001
2020-12-12 02:39 - 2020-07-01 21:15 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-11 09:15 - 2020-07-01 21:15 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2020-12-11 03:25 - 2020-09-16 12:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-09 12:33 - 2019-10-23 13:34 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-09 12:32 - 2020-07-01 21:12 - 000000000 ___RD C:\Users\ronny\3D Objects
2020-12-09 12:32 - 2019-10-23 13:31 - 000438640 _____ C:\windows\system32\FNTCACHE.DAT
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Dism
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SystemResources
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\oobe
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Dism
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\ShellExperiences
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\bcastdvr
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-09 01:30 - 2019-03-18 22:37 - 000000000 ____D C:\windows\CbsTemp
2020-12-08 21:16 - 2020-07-02 23:50 - 000004524 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-12-08 21:16 - 2019-03-18 22:56 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2020-12-08 21:16 - 2019-03-18 22:56 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-12-08 21:16 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Macromed
2020-12-08 21:16 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Macromed
2020-12-04 12:32 - 2020-07-09 18:50 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-04 11:00 - 2020-07-10 04:03 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2020-12-04 10:32 - 2019-10-23 13:31 - 000000000 ____D C:\windows\system32\Drivers\wd
2020-12-03 14:18 - 2019-10-23 14:40 - 000003418 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 14:18 - 2019-10-23 14:40 - 000003294 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-02 17:19 - 2019-10-23 14:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 17:19 - 2019-10-23 14:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-02 17:19 - 2019-10-23 14:40 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-30 08:21 - 2020-07-19 07:00 - 000003480 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-30 08:21 - 2020-07-19 07:00 - 000003356 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 19:59 - 2020-06-08 10:08 - 000000000 ____D C:\Program Files\Intel
2020-11-25 11:20 - 2020-09-16 12:35 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-22 00:58 - 2020-08-12 10:00 - 000000000 ____D C:\Program Files (x86)\Easy Thumbnails
2020-11-22 00:57 - 2020-11-16 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Thumbnails
2020-11-22 00:57 - 2020-09-30 00:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-22 00:57 - 2020-08-16 21:44 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Easy Thumbnails
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Portable Devices
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ___RD C:\windows\PrintDialog
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ___HD C:\windows\ELAMBKUP
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\PolicyDefinitions
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\L2Schemas
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\IME
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\DiagTrack
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\Containers
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files\Common Files\System
2020-11-22 00:57 - 2019-03-18 22:37 - 000000000 ____D C:\windows\servicing
2020-11-22 00:52 - 2019-03-19 00:19 - 000000000 ____D C:\windows\system32\OpenSSH
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\SysWOW64\F12
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\SysWOW64\DiagSvcs
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\UNP
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\F12
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\dsc
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\DiagSvcs
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\TextInput
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\setup
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\PerceptionSimulation
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\oobe
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\migwiz
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\InstallShield
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\downlevel
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Com
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\AdvancedInstallers
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\WinMetadata
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\WinBioPlugIns
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\SystemResetPlatform
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Sysprep
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\ShellExperiences
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\setup
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\PerceptionSimulation
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\migwiz
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\InputMethod
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\downlevel
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\DDFs
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Com
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\appraiser
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\AdvancedInstallers
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\ShellComponents
2020-11-22 00:31 - 2019-03-18 22:52 - 000000000 ____D C:\windows\registration
==================== Files in the root of some directories ========
2020-07-10 04:21 - 2020-07-10 04:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by ronny (18-12-2020 20:18:03)
Running from C:\Users\ronny\Downloads
Windows 10 Home Version 1909 18363.1256 (X64) (2020-07-02 03:02:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Dwyco CDC-X version 2.30 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.30 - Dwyco, Inc.)
e2eSoft VCam 6.4 (HKLM-x32\...\VCam_is1) (Version: 6.4 - e2eSoft)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.36.86 - Logitech)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Firefox 43.0 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0 (x64 en-US)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 6.42 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 11.27 - NCH Software)
Packages:
=========
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.0.26.0_x64__0aqw1zw0x2snt [2020-12-02] (韵华软件) [MS Ad]
Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_1.1.0.0_x86__0ah1jqwq7j8nj [2020-12-11] (Ironjaw Studios Private Limited) [MS Ad]
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.50.7.0_x86__kgqvnymyfvs32 [2020-12-16] (king.com)
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.35.0_x64__xsbsxxypt8dh6 [2020-12-16] (eyacker.com)
Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.9.0_x64__q68sgvev02mx6 [2020-11-22] (Swisspix) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Studios) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
==================== Loaded Modules (Whitelisted) =============
2020-10-09 12:56 - 2020-10-09 12:56 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 22:49 - 2019-03-18 22:49 - 000000824 _____ C:\windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Desktop\Grand-Teton-National-Park-Wyoming.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1EFE4B38-276B-4B44-B0F7-A28E15464D81}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{2811985E-4113-43E9-91BC-9538D7559372}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{59D56F90-F78C-4975-B93B-BC7113E70530}C:\program files (x86)\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files (x86)\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query User{A6C00DBA-BDA5-4E65-9447-C6482AC5F8D8}C:\program files (x86)\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files (x86)\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [{5B55DA72-E057-4E45-BE35-E09C0C0759F7}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [{17E8ABB5-14C9-4C7D-B730-018C58B1E484}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [TCP Query User{2F221377-8491-488A-BDA7-003BE5028821}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{BF8399EB-40A7-4C06-A57B-9477A0FE9ECA}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{2E835BC0-9A0F-4588-9095-605F448A1D05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4419992-6231-4561-885A-8A0DF09DEC6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A57B8224-7F4B-4CE6-AEC1-6CB81CFA8FE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EE4753E1-9862-4FEA-8018-675B60397C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{94A83817-8FB6-4ECB-8CAC-8DBE6A9698EC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [{0C212BF3-8492-42EF-9255-0AF5CC41A6CA}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
==================== Restore Points =========================
06-12-2020 17:00:39 Scheduled Checkpoint
14-12-2020 22:39:27 Removed Speedtest by Ookla
==================== Faulty Device Manager Devices ============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Dads.local. Addr 192.168.1.4
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA FE80:0000:0000:0000:088D:D0CD:FD1C:D91F
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Dads.local. Addr 192.168.1.4
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F
Error: (12/17/2020 08:10:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead
System errors:
=============
Error: (12/18/2020 07:48:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:46:42 PM on 12/18/2020 was unexpected.
Error: (12/17/2020 09:40:16 AM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 4 failed to bind to its provider.
Error: (12/17/2020 09:40:16 AM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv4 TCP/IP interface with index 4 failed to bind to its provider.
Error: (12/17/2020 09:40:16 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Remote NDIS based Internet Sharing Device #3, {1232e081-3ace-4211-9a2a-c7905161ff8c}, had event 74
Error: (12/14/2020 11:49:30 PM) (Source: DCOM) (EventID: 10000) (User: DADS)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (12/14/2020 11:41:17 PM) (Source: DCOM) (EventID: 10000) (User: DADS)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (12/14/2020 11:28:07 PM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: The server Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (12/14/2020 11:01:33 PM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: The server Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2020-12-08 19:38:26.065
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0452B4B1-4213-400E-8B6F-A8FCE041DCC0}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-12-07 15:12:22.939
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A50EFC74-6F1F-494A-9DB6-79E9DED16A40}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-12-06 13:01:24.017
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D28B6F6A-FF82-428C-A00F-3919158CC07A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-07-22 02:55:54.791
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5454A90F-D8A4-4859-9E10-F51C4357ACCA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-07-04 05:00:11.879
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9AC034E9-45EC-48FB-ADE9-F0F335743D33}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-12-08 10:42:24.209
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.2240.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2020-11-07 12:23:10.002
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.510.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2020-11-07 12:23:10.001
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.510.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2020-11-07 12:23:10.001
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.510.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2020-09-01 01:39:39.958
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.2097.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80072f8f
Error description: A security error occurred
CodeIntegrity:
===================================
Date: 2020-12-18 20:07:23.677
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-12-18 20:07:23.675
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-12-18 20:07:23.185
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-12-18 20:07:23.184
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-12-18 20:07:15.696
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-18 20:07:15.695
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-18 20:06:44.717
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-18 20:06:44.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Hewlett-Packard L01 v02.65 07/13/2015
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 8082.33 MB
Available physical RAM: 3643.05 MB
Total Virtual: 9362.33 MB
Available Virtual: 4738.89 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:882.33 GB) NTFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:336.59 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ (Recovery image) (Fixed) (Total:0.73 GB) (Free:0.3 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=749 MB) - (Type=27)
==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2020-12-18 20:20:07
-----------------------------
20:20:07.706 OS Version: Windows x64 6.2.9200
20:20:07.706 Number of processors: 4 586 0x3C03
20:20:07.716 ComputerName: DADS UserName:
20:20:12.465 Initialize success
20:20:12.557 VM: initialized successfully
20:20:12.557 VM: Intel CPU BiosDisabled
20:24:01.674 AVAST engine defs: 17030301
20:24:06.745 The log file has been saved successfully to "C:\Users\ronny\OneDrive\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (18-12-2020 20:16:22)
Running from C:\Users\ronny\Downloads
Loaded Profiles: ronny
Platform: Windows 10 Home Version 1909 18363.1256 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <35>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1667208 2020-11-23] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27660216 2020-11-10] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27660216 2020-11-10] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3157D448-CF82-4935-9BE8-7A38D7874FE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe
Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {6BD67C7B-1EED-4037-A8C9-B4B6359EADD4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {7D14A629-B295-47BB-9607-5A955A6F2FAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {97604842-DA68-4926-806B-C0861C13882C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {E01434BC-B825-49F7-BAD7-D42970B88A76} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {FA810C09-D881-4375-A1F0-17C65E6B4EEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1232e081-3ace-4211-9a2a-c7905161ff8c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{af97352d-e735-4ecd-bdfa-31997e5c514b}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ed8eb7c4-60b8-418b-a88b-903ebe971820}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{fd63fefb-e36d-4b82-a277-e20845b6d9ff}: [DhcpNameServer] 192.168.42.129
Edge:
======
DownloadDir: C:\Users\ronny\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-18]
Edge DownloadDir: C:\Users\ronny\Downloads
Edge Notifications: Default -> hxxps://www.youtube.com
Edge HomePage: Default -> hxxps://www.oann.com/
Edge DefaultSearchURL: Default -> hxxps://images.crazygames.com/games/cannon-balls-3d/thumb-1576755043044.png?auto=format,compress&q=75&cs=strip&ch=DPR&w=192&h=192&fit=fill&fill=blur
Edge Extension: (Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bifnnkpgakamifkjfppdlmmbeojlgdfi [2020-07-28]
Edge Extension: (Featured Songs | SingSnap Karaoke) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hhiajehpjhiangplbhcdmaomkbcjkiok [2020-07-28]
Edge Extension: (Amazon Assistant) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2020-09-25]
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
Edge Extension: ((7) Facebook) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofohkhocbjomniionenjnkmhapjnahmj [2020-07-28]
Edge Extension: (8 Ball Pool - A free Sports Game) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pflldibpeogkdfhedafalghhpnfofnaj [2020-07-28]
FireFox:
========
FF DefaultProfile: 1a5my9te.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\1a5my9te.default [2020-12-18]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zb50iane.default-release [2020-12-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [117168 2015-08-07] (Andrea Electronics -> Andrea Electronics Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-13] (Malwarebytes Inc -> Malwarebytes)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1337784 2020-09-30] (A.V.M. SOFTWARE, INC. -> AVM Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [231936 2019-10-06] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\windows\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 e2esoft_ivcamaudio_simple; C:\windows\system32\drivers\iVCamAud.sys [255464 2020-11-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-11-13] (Malwarebytes Corporation -> Malwarebytes)
S3 iVCam; C:\windows\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-09] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [19912 2020-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [197792 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [138904 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\windows\system32\DRIVERS\stdriverx64.sys [54664 2020-07-15] (NCH Software Pty Ltd -> )
R3 VCAM_WDM; C:\windows\system32\DRIVERS\VCam_WDM.sys [1090984 2018-03-13] (Shanghai Yitu Information Technology Co.,Ltd. -> e2eSoft)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-18 20:16 - 2020-12-18 20:17 - 000015158 _____ C:\Users\ronny\Downloads\FRST.txt
2020-12-18 20:13 - 2020-12-18 20:16 - 000000000 ____D C:\FRST
2020-12-18 20:11 - 2020-12-18 20:12 - 002286592 _____ (Farbar) C:\Users\ronny\Downloads\FRST64.exe
2020-12-18 20:11 - 2020-12-18 20:11 - 002286592 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 748936.crdownload
2020-12-18 20:02 - 2020-12-18 20:02 - 000000207 _____ C:\windows\tweaking.com-regbackup-DADS-Windows-10-Home-(64-bit).dat
2020-12-18 20:02 - 2020-12-18 20:02 - 000000000 ____D C:\RegBackup
2020-12-18 20:01 - 2020-12-18 20:02 - 000017987 _____ C:\windows\Tweaking.com - Registry Backup Setup Log.txt
2020-12-18 20:01 - 2020-12-18 20:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup.exe
2020-12-18 20:01 - 2020-12-18 20:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2020-12-18 20:01 - 2020-12-18 20:01 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2020-12-18 20:01 - 2020-12-18 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-12-18 20:01 - 2020-12-18 20:01 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-12-18 19:41 - 2020-12-18 19:41 - 000015194 _____ C:\Users\ronny\Downloads\This computer is BLOCKED.html
2020-12-16 23:22 - 2020-12-16 23:22 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc (2).xlsx
2020-12-16 23:19 - 2020-12-16 23:19 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc.xlsx
2020-12-16 23:19 - 2020-12-16 23:19 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc (1).xlsx
2020-12-16 23:19 - 2020-12-16 23:19 - 000000000 ____D C:\Users\ronny\AppData\Roaming\LibreOffice
2020-12-16 15:16 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\windows\system32\Drivers\ssudbus2.sys
2020-12-15 22:10 - 2020-12-15 22:10 - 000197792 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2020-12-15 22:10 - 2020-12-15 22:10 - 000138904 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2020-12-15 22:10 - 2020-12-15 22:10 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2020-12-15 21:59 - 2020-12-15 21:59 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\ProgramData\Logishrd
2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\Program Files\Logitech
2020-12-15 21:56 - 2020-12-15 21:56 - 211968984 _____ (Logitech Inc.) C:\Users\ronny\Downloads\Options_8.36.86.exe
2020-12-14 23:50 - 2020-12-14 23:50 - 000117740 _____ C:\windows\system32\cc_20201214_235031.reg
2020-12-14 23:35 - 2020-12-18 19:50 - 000000000 ____D C:\Program Files\CCleaner
2020-12-14 23:35 - 2020-12-17 19:44 - 000004210 _____ C:\windows\system32\Tasks\CCleaner Update
2020-12-14 23:35 - 2020-12-14 23:35 - 000002866 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
2020-12-14 23:35 - 2020-12-14 23:35 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-12-14 23:35 - 2020-12-14 23:35 - 000000870 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-12-14 23:35 - 2020-12-14 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-12-14 23:34 - 2020-12-14 23:35 - 030536752 _____ (Piriform Software Ltd) C:\Users\ronny\Downloads\ccsetup575.exe
2020-12-14 02:59 - 2020-11-04 00:13 - 000255464 _____ (e2eSoft) C:\windows\system32\Drivers\iVCamAud.sys
2020-12-14 02:56 - 2020-12-14 02:56 - 018077432 _____ (e2eSoft ) C:\Users\ronny\Downloads\iVCam_x64_v6.1.5.exe
2020-12-14 02:54 - 2020-12-14 02:54 - 000000000 ____D C:\windows\LastGood.Tmp
2020-12-14 02:54 - 2020-11-02 18:40 - 001090536 _____ (e2eSoft) C:\windows\system32\Drivers\iVCam.sys
2020-12-14 02:53 - 2020-12-14 02:53 - 015804440 _____ (e2eSoft ) C:\Users\ronny\Downloads\iVCam_v4.6.exe
2020-12-11 03:38 - 2020-12-11 03:38 - 003768309 _____ C:\Users\ronny\Downloads\OneDrive-2020-12-11.zip
2020-12-09 12:32 - 2020-12-09 12:32 - 000220160 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2020-12-09 01:27 - 2020-12-09 01:27 - 002045952 _____ C:\windows\system32\rdpnano.dll
2020-12-09 01:27 - 2020-12-09 01:27 - 001756600 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2020-12-09 01:27 - 2020-12-09 01:27 - 001366144 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2020-12-09 01:27 - 2020-12-09 01:27 - 000171008 _____ C:\windows\system32\FsNVSDeviceSource.dll
2020-12-09 01:27 - 2020-12-09 01:27 - 000102912 _____ (Microsoft Corporation) C:\windows\system32\ncpa.cpl
2020-12-09 01:27 - 2020-12-09 01:27 - 000100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncpa.cpl
2020-12-09 01:27 - 2020-12-09 01:27 - 000059392 _____ C:\windows\system32\runexehelper.exe
2020-12-09 01:27 - 2020-12-09 01:27 - 000001370 _____ C:\windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-09 01:27 - 2020-12-09 01:27 - 000000357 _____ C:\windows\system32\DrtmAuth14.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000357 _____ C:\windows\system32\DrtmAuth13.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth9.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth8.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth7.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth6.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth5.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth4.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth3.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth2.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth18.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth17.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth16.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth15.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth12.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth11.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth10.bin
2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth1.bin
2020-12-04 12:27 - 2020-12-04 12:31 - 015412776 _____ C:\Users\ronny\Downloads\DroidCam.Setup.6.3.3.exe
2020-12-04 10:23 - 2020-12-04 10:59 - 062378712 _____ (Dwyco, Inc. ) C:\Users\ronny\Downloads\cdcxdwy.exe
2020-11-30 15:34 - 2020-11-30 15:34 - 000301570 _____ C:\Users\ronny\Downloads\2556 (2).dcr
2020-11-30 15:34 - 2020-11-30 15:34 - 000301570 _____ C:\Users\ronny\Downloads\2556 (1).dcr
2020-11-27 19:57 - 2020-11-27 19:57 - 029043984 _____ () C:\Users\ronny\Downloads\WiFi_22.0.0_Driver64_Win10.exe
2020-11-27 19:46 - 2020-11-27 19:46 - 008331800 _____ C:\Users\ronny\Downloads\16 watch back over your shoulder.m4a
2020-11-25 18:20 - 2020-11-25 18:20 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2020-11-21 23:40 - 2020-11-21 23:40 - 000000000 ___HD C:\$SysReset
2020-11-20 01:02 - 2020-11-20 01:02 - 000301570 _____ C:\Users\ronny\Downloads\2556.dcr
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-18 19:57 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-18 19:52 - 2019-10-23 14:32 - 000840852 _____ C:\windows\system32\PerfStringBackup.INI
2020-12-18 19:52 - 2019-03-18 22:50 - 000000000 ____D C:\windows\INF
2020-12-18 19:49 - 2020-07-01 21:15 - 000000000 ___RD C:\Users\ronny\OneDrive
2020-12-18 19:49 - 2020-06-08 10:08 - 000000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-18 19:48 - 2020-07-01 21:08 - 000000000 ____D C:\Users\ronny
2020-12-18 19:48 - 2019-10-23 13:31 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-12-18 19:48 - 2019-10-23 13:31 - 000000000 ____D C:\windows\system32\SleepStudy
2020-12-18 14:37 - 2020-07-10 04:21 - 000004142 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
2020-12-18 12:25 - 2019-03-18 22:52 - 000000000 ____D C:\windows\AppReadiness
2020-12-16 15:17 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-16 01:43 - 2020-07-10 06:41 - 006275072 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
2020-12-15 22:31 - 2020-07-10 06:41 - 006275072 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
2020-12-15 22:11 - 2020-07-01 21:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2020-12-15 22:09 - 2019-03-18 22:37 - 000786432 _____ C:\windows\system32\config\BBI
2020-12-15 21:29 - 2020-07-10 04:36 - 000000000 ____D C:\Users\ronny\AppData\Local\e2eSoft
2020-12-15 21:29 - 2020-07-10 04:20 - 000000000 ____D C:\Program Files (x86)\e2eSoft
2020-12-14 23:57 - 2020-07-01 21:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2020-12-14 23:41 - 2020-11-12 21:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2020-12-14 23:41 - 2020-07-01 21:02 - 000000000 ____D C:\windows\minidump
2020-12-14 23:41 - 2019-10-23 14:30 - 000000000 ____D C:\windows\Panther
2020-12-14 23:41 - 2019-03-18 22:52 - 000000000 ____D C:\windows\LiveKernelReports
2020-12-14 22:58 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\NDF
2020-12-14 22:40 - 2020-09-06 13:10 - 000000000 ____D C:\Program Files (x86)\ClipX
2020-12-14 21:12 - 2020-07-03 00:16 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
2020-12-13 02:41 - 2020-07-12 10:01 - 000000000 ____D C:\ProgramData\Paltalk Update
2020-12-13 02:11 - 2020-07-12 10:00 - 000000000 ____D C:\Program Files (x86)\Paltalk
2020-12-12 22:57 - 2020-07-19 07:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-12 22:57 - 2020-07-19 07:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-12 22:57 - 2020-07-19 07:00 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-12 02:39 - 2020-07-01 21:15 - 000003354 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-687888615-3449104039-937635755-1001
2020-12-12 02:39 - 2020-07-01 21:15 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-11 09:15 - 2020-07-01 21:15 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2020-12-11 03:25 - 2020-09-16 12:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-09 12:33 - 2019-10-23 13:34 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-09 12:32 - 2020-07-01 21:12 - 000000000 ___RD C:\Users\ronny\3D Objects
2020-12-09 12:32 - 2019-10-23 13:31 - 000438640 _____ C:\windows\system32\FNTCACHE.DAT
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Dism
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SystemResources
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\oobe
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Dism
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\ShellExperiences
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\bcastdvr
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-09 01:30 - 2019-03-18 22:37 - 000000000 ____D C:\windows\CbsTemp
2020-12-08 21:16 - 2020-07-02 23:50 - 000004524 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-12-08 21:16 - 2019-03-18 22:56 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
2020-12-08 21:16 - 2019-03-18 22:56 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-12-08 21:16 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Macromed
2020-12-08 21:16 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Macromed
2020-12-04 12:32 - 2020-07-09 18:50 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-04 11:00 - 2020-07-10 04:03 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2020-12-04 10:32 - 2019-10-23 13:31 - 000000000 ____D C:\windows\system32\Drivers\wd
2020-12-03 14:18 - 2019-10-23 14:40 - 000003418 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 14:18 - 2019-10-23 14:40 - 000003294 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-02 17:19 - 2019-10-23 14:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 17:19 - 2019-10-23 14:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-02 17:19 - 2019-10-23 14:40 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-30 08:21 - 2020-07-19 07:00 - 000003480 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-30 08:21 - 2020-07-19 07:00 - 000003356 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 19:59 - 2020-06-08 10:08 - 000000000 ____D C:\Program Files\Intel
2020-11-25 11:20 - 2020-09-16 12:35 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-22 00:58 - 2020-08-12 10:00 - 000000000 ____D C:\Program Files (x86)\Easy Thumbnails
2020-11-22 00:57 - 2020-11-16 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Thumbnails
2020-11-22 00:57 - 2020-09-30 00:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-22 00:57 - 2020-08-16 21:44 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Easy Thumbnails
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Portable Devices
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ___RD C:\windows\PrintDialog
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ___HD C:\windows\ELAMBKUP
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\PolicyDefinitions
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\L2Schemas
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\IME
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\DiagTrack
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\Containers
2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files\Common Files\System
2020-11-22 00:57 - 2019-03-18 22:37 - 000000000 ____D C:\windows\servicing
2020-11-22 00:52 - 2019-03-19 00:19 - 000000000 ____D C:\windows\system32\OpenSSH
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\SysWOW64\F12
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\SysWOW64\DiagSvcs
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\UNP
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\F12
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\dsc
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\DiagSvcs
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\TextInput
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\setup
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\PerceptionSimulation
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\oobe
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\migwiz
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\InstallShield
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\downlevel
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Com
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\AdvancedInstallers
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\WinMetadata
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\WinBioPlugIns
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\SystemResetPlatform
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Sysprep
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\ShellExperiences
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\setup
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\PerceptionSimulation
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\migwiz
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\InputMethod
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\downlevel
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\DDFs
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Com
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\appraiser
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\AdvancedInstallers
2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\ShellComponents
2020-11-22 00:31 - 2019-03-18 22:52 - 000000000 ____D C:\windows\registration
==================== Files in the root of some directories ========
2020-07-10 04:21 - 2020-07-10 04:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by ronny (18-12-2020 20:18:03)
Running from C:\Users\ronny\Downloads
Windows 10 Home Version 1909 18363.1256 (X64) (2020-07-02 03:02:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Dwyco CDC-X version 2.30 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.30 - Dwyco, Inc.)
e2eSoft VCam 6.4 (HKLM-x32\...\VCam_is1) (Version: 6.4 - e2eSoft)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.36.86 - Logitech)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Firefox 43.0 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0 (x64 en-US)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 6.42 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 11.27 - NCH Software)
Packages:
=========
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.0.26.0_x64__0aqw1zw0x2snt [2020-12-02] (韵华软件) [MS Ad]
Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_1.1.0.0_x86__0ah1jqwq7j8nj [2020-12-11] (Ironjaw Studios Private Limited) [MS Ad]
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.50.7.0_x86__kgqvnymyfvs32 [2020-12-16] (king.com)
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.35.0_x64__xsbsxxypt8dh6 [2020-12-16] (eyacker.com)
Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.9.0_x64__q68sgvev02mx6 [2020-11-22] (Swisspix) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Studios) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
==================== Loaded Modules (Whitelisted) =============
2020-10-09 12:56 - 2020-10-09 12:56 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2020-10-09 12:56 - 2020-10-09 12:56 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 22:49 - 2019-03-18 22:49 - 000000824 _____ C:\windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Desktop\Grand-Teton-National-Park-Wyoming.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1EFE4B38-276B-4B44-B0F7-A28E15464D81}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{2811985E-4113-43E9-91BC-9538D7559372}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{59D56F90-F78C-4975-B93B-BC7113E70530}C:\program files (x86)\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files (x86)\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query User{A6C00DBA-BDA5-4E65-9447-C6482AC5F8D8}C:\program files (x86)\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files (x86)\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [{5B55DA72-E057-4E45-BE35-E09C0C0759F7}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [{17E8ABB5-14C9-4C7D-B730-018C58B1E484}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [TCP Query User{2F221377-8491-488A-BDA7-003BE5028821}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{BF8399EB-40A7-4C06-A57B-9477A0FE9ECA}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{2E835BC0-9A0F-4588-9095-605F448A1D05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4419992-6231-4561-885A-8A0DF09DEC6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A57B8224-7F4B-4CE6-AEC1-6CB81CFA8FE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EE4753E1-9862-4FEA-8018-675B60397C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{94A83817-8FB6-4ECB-8CAC-8DBE6A9698EC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
FirewallRules: [TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [{0C212BF3-8492-42EF-9255-0AF5CC41A6CA}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
==================== Restore Points =========================
06-12-2020 17:00:39 Scheduled Checkpoint
14-12-2020 22:39:27 Removed Speedtest by Ookla
==================== Faulty Device Manager Devices ============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Dads.local. Addr 192.168.1.4
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA FE80:0000:0000:0000:088D:D0CD:FD1C:D91F
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Dads.local. Addr 192.168.1.4
Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F
Error: (12/17/2020 08:10:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead
System errors:
=============
Error: (12/18/2020 07:48:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:46:42 PM on 12/18/2020 was unexpected.
Error: (12/17/2020 09:40:16 AM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 4 failed to bind to its provider.
Error: (12/17/2020 09:40:16 AM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv4 TCP/IP interface with index 4 failed to bind to its provider.
Error: (12/17/2020 09:40:16 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Remote NDIS based Internet Sharing Device #3, {1232e081-3ace-4211-9a2a-c7905161ff8c}, had event 74
Error: (12/14/2020 11:49:30 PM) (Source: DCOM) (EventID: 10000) (User: DADS)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (12/14/2020 11:41:17 PM) (Source: DCOM) (EventID: 10000) (User: DADS)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (12/14/2020 11:28:07 PM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: The server Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Error: (12/14/2020 11:01:33 PM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: The server Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2020-12-08 19:38:26.065
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0452B4B1-4213-400E-8B6F-A8FCE041DCC0}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-12-07 15:12:22.939
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A50EFC74-6F1F-494A-9DB6-79E9DED16A40}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-12-06 13:01:24.017
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D28B6F6A-FF82-428C-A00F-3919158CC07A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-07-22 02:55:54.791
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5454A90F-D8A4-4859-9E10-F51C4357ACCA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-07-04 05:00:11.879
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9AC034E9-45EC-48FB-ADE9-F0F335743D33}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-12-08 10:42:24.209
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.2240.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2020-11-07 12:23:10.002
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.510.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2020-11-07 12:23:10.001
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.510.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2020-11-07 12:23:10.001
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.510.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.
Date: 2020-09-01 01:39:39.958
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.319.2097.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17200.2
Error code: 0x80072f8f
Error description: A security error occurred
CodeIntegrity:
===================================
Date: 2020-12-18 20:07:23.677
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-12-18 20:07:23.675
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-12-18 20:07:23.185
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-12-18 20:07:23.184
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2020-12-18 20:07:15.696
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-18 20:07:15.695
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-18 20:06:44.717
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-18 20:06:44.716
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Hewlett-Packard L01 v02.65 07/13/2015
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 8082.33 MB
Available physical RAM: 3643.05 MB
Total Virtual: 9362.33 MB
Available Virtual: 4738.89 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:882.33 GB) NTFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:336.59 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ (Recovery image) (Fixed) (Total:0.73 GB) (Free:0.3 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=749 MB) - (Type=27)
==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2020-12-18 20:20:07
-----------------------------
20:20:07.706 OS Version: Windows x64 6.2.9200
20:20:07.706 Number of processors: 4 586 0x3C03
20:20:07.716 ComputerName: DADS UserName:
20:20:12.465 Initialize success
20:20:12.557 VM: initialized successfully
20:20:12.557 VM: Intel CPU BiosDisabled
20:24:01.674 AVAST engine defs: 17030301
20:24:06.745 The log file has been saved successfully to "C:\Users\ronny\OneDrive\Desktop\aswMBR.txt"