rcb56
2021-04-21, 07:53
i'm back! it seems Edge has picked up something as it will no longer open a new tab but only a new window. some have been repeated and all different sizes. just now FRST64 wouldn't download but finaly did. then aswMBR ran and after starting crashed my pc. i didn't attempt again, advise please directions. thank you!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (20-04-2021 23:32:37)
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Baltic Latvian Universal Electronics LLC -> ) C:\Program Files\Blue Sherpa\sherpa_service.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\MBVPNService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\UI\MBPrivacy.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 2013-11-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [VRS] => C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7991528 2021-04-12] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1941368 2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Samsung DeX] => C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe [10398376 2021-01-28] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162800 2021-03-16] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Malwarebytes Privacy] => C:\Program Files\Malwarebytes\Privacy\UI\mbprivacy.exe [354984 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [30508888 2021-02-14] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-14] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
Task: {36EE3A7E-07D4-4A76-BCE5-42FDCFECFFA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {4A2A0867-EB50-4238-A0F8-87044A268AF2} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2884984 2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {561E6F49-EC06-4A67-AF3C-7321394EE673} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-12-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {63D40B72-C951-4C04-9F37-24EE4D57CCFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {6BEF2E9B-4929-41F0-8B45-35A36E971D33} - System32\Tasks\NCH Software\VideoPadCacheDeleteAll => C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe [9070552 2021-02-23] (NCH Software, Inc. -> NCH Software)
Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
Task: {793F35C6-425D-4ACA-B379-CC823F8FF67B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\Downloads\esetonlinescanner.exe
Task: {7AFFB79E-C869-4BC0-A467-7E1BD74EA127} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\Downloads\esetonlinescanner.exe
Task: {7D14A629-B295-47BB-9607-5A955A6F2FAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8349FE15-8501-4B4B-8463-17C9D0DDCB51} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-03-16] (Garmin International, Inc. -> )
Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-08-20] (HP Inc. -> HP Inc.)
Task: {97604842-DA68-4926-806B-C0861C13882C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe
Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {D1260F1D-B42F-4AC9-BE36-3C4ECCFB20FC} - System32\Tasks\NCH Software\DrawPadLikeSurvey => C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_7.1.4.0_x86__7kedsbyvzns34\DrawPad.exe
Task: {E85E19FD-0C98-4D06-8129-FC4964EDB436} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{38ae83d3-c5f7-44d3-984f-0acfc8cf2da0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6def0928-27be-4f5a-9efa-4f1ac79f2979}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1
Edge:
=======
DownloadDir: C:\Users\ronny\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-20]
Edge DownloadDir: C:\Users\ronny\Downloads
Edge HomePage: Default -> hxxps://www.oann.com/
Edge DefaultSearchURL: Default -> hxxps://images.crazygames.com/games/cannon-balls-3d/thumb-1576755043044.png?auto=format,compress&q=75&cs=strip&ch=DPR&w=192&h=192&fit=fill&fill=blur
Edge Extension: (Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bifnnkpgakamifkjfppdlmmbeojlgdfi [2020-07-28]
Edge Extension: (Featured Songs | SingSnap Karaoke) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hhiajehpjhiangplbhcdmaomkbcjkiok [2020-07-28]
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-04-16]
Edge Extension: ((7) Facebook) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofohkhocbjomniionenjnkmhapjnahmj [2020-07-28]
Edge Extension: (8 Ball Pool - A free Sports Game) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pflldibpeogkdfhedafalghhpnfofnaj [2020-07-28]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 [2021-01-25]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\ntamu3y2.default-1618974619849 [2021-04-20]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-13] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2021-04-20]
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16]
CHR Extension: (Adobe Acrobat) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-13]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-13]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-18]
CHR Extension: (SuperNova SWF Enabler) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2021-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-18]
CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-16] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-16] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-04-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\FileSyncHelper.exe [2218872 2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-21] (Malwarebytes Inc -> Malwarebytes)
R2 MBVpnService; C:\Program Files\Malwarebytes\Privacy\MBVpnService.exe [3276912 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Privacy\MBVpnTunnelService.exe [2239304 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\OneDriveUpdaterService.exe [2603368 2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1337784 2020-09-30] (A.V.M. SOFTWARE, INC. -> AVM Software)
R2 sherpa_service; C:\Program Files\Blue Sherpa\sherpa_service.exe [348080 2020-08-01] (Baltic Latvian Universal Electronics LLC -> )
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [161288 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-21] (Malwarebytes Corporation -> Malwarebytes)
S3 EvoMouseDriverMini; C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [25952 2018-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Evoluent)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-04] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-03-12] (NCH Software Pty Ltd -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-20 23:09 - 2021-04-20 23:09 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (3).exe
2021-04-20 23:09 - 2021-04-20 23:09 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (2).exe
2021-04-18 10:54 - 2021-04-18 10:54 - 000086680 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbtun.sys
2021-04-18 10:54 - 2021-04-18 10:54 - 000002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Privacy (VPN).lnk
2021-04-18 10:54 - 2021-04-18 10:54 - 000002335 _____ C:\Users\Public\Desktop\Malwarebytes Privacy.lnk
2021-04-18 10:54 - 2021-04-18 10:54 - 000002335 _____ C:\ProgramData\Desktop\Malwarebytes Privacy.lnk
2021-04-18 10:54 - 2021-04-18 10:54 - 000000000 ____D C:\Program Files\MBTunnel
2021-04-18 10:52 - 2021-04-18 10:52 - 001266200 _____ (Malwarebytes) C:\Users\ronny\Downloads\MBPrivacySetup.exe
2021-04-14 19:32 - 2021-04-14 19:32 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-14 19:31 - 2021-04-14 19:31 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 19:31 - 2021-04-14 19:31 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-13 18:49 - 2021-04-13 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-04-12 05:51 - 2021-04-12 05:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-04-12 05:51 - 2021-04-12 05:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-04-12 05:51 - 2021-04-12 05:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-04-12 05:51 - 2021-04-12 05:51 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-04-09 22:05 - 2021-04-09 22:05 - 000006713 _____ C:\Users\ronny\Downloads\export.cfg
2021-04-09 12:54 - 2021-04-09 12:54 - 000000000 ____D C:\Users\ronny\.AutoCAD
2021-04-09 12:53 - 2021-04-09 12:53 - 017518592 _____ C:\Users\ronny\Downloads\WebFileOpen-1.0.21.msi
2021-03-29 15:55 - 2021-03-29 15:55 - 000000000 ____D C:\Users\ronny\AppData\Local\Garmin_Ltd._or_its_subsid
2021-03-29 15:54 - 2021-03-29 16:04 - 000000000 ____D C:\ProgramData\Garmin
2021-03-29 15:54 - 2021-03-29 15:55 - 000000000 ____D C:\Users\ronny\AppData\Local\Garmin
2021-03-29 15:54 - 2021-03-29 15:54 - 000003624 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2021-03-29 15:54 - 2021-03-29 15:54 - 000001970 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2021-03-29 15:54 - 2021-03-29 15:54 - 000001970 _____ C:\ProgramData\Desktop\Garmin Express.lnk
2021-03-29 15:54 - 2021-03-29 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2021-03-29 15:54 - 2021-03-29 15:54 - 000000000 ____D C:\Program Files (x86)\Garmin
2021-03-26 21:55 - 2021-03-26 21:55 - 001264088 _____ C:\Users\ronny\Downloads\SuperNovaSetup (5).exe
2021-03-25 23:23 - 2021-03-25 23:23 - 000077672 _____ C:\Users\ronny\Downloads\GRL.gpx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-20 23:33 - 2021-01-22 20:36 - 000000000 ____D C:\FRST
2021-04-20 23:29 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-20 23:10 - 2021-01-22 19:40 - 000034435 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2021-04-20 23:10 - 2020-12-18 21:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2021-04-20 23:10 - 2020-12-18 21:01 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2021-04-20 20:56 - 2021-01-03 02:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-20 20:43 - 2020-12-15 00:35 - 000000000 ____D C:\Program Files\CCleaner
2021-04-20 20:31 - 2021-01-03 02:20 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 20:31 - 2021-01-03 02:20 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 20:31 - 2021-01-03 02:17 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-20 20:31 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-20 20:30 - 2021-01-03 02:20 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
2021-04-20 20:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-20 19:43 - 2021-01-03 02:20 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-20 11:55 - 2021-01-03 02:08 - 000000000 ____D C:\Users\ronny
2021-04-20 11:55 - 2020-07-01 22:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2021-04-20 11:55 - 2020-06-08 11:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-04-20 11:53 - 2021-01-03 02:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-20 11:53 - 2021-01-03 02:02 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-18 23:00 - 2020-07-01 22:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Google
2021-04-18 10:54 - 2020-07-06 23:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-18 10:53 - 2020-07-06 18:11 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-17 09:33 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-16 19:09 - 2020-07-19 08:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 19:09 - 2020-07-19 08:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-04-16 19:09 - 2020-07-19 08:00 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-16 14:33 - 2020-09-16 13:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-16 04:33 - 2021-01-28 05:17 - 082837504 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
2021-04-16 04:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-16 02:51 - 2020-07-02 14:13 - 000000000 ____D C:\Users\ronny\AppData\Local\D3DSCache
2021-04-16 00:17 - 2021-01-03 02:03 - 000444392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-16 00:16 - 2021-02-26 03:43 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-04-16 00:15 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-14 19:37 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-14 19:30 - 2021-01-03 02:06 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-14 19:07 - 2020-07-02 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 19:05 - 2020-07-02 02:27 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 17:29 - 2019-10-23 15:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-14 17:29 - 2019-10-23 15:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-14 17:29 - 2019-10-23 15:40 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-13 18:49 - 2021-01-16 09:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-04-12 12:50 - 2021-02-26 03:43 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-04-12 12:50 - 2021-02-26 03:43 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 12:50 - 2020-07-01 22:15 - 000000000 ___RD C:\Users\ronny\OneDrive
2021-04-11 08:27 - 2021-01-21 04:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\y8-browser
2021-04-11 05:33 - 2021-01-28 05:17 - 082837504 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
2021-04-11 03:49 - 2019-10-23 14:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-09 13:36 - 2021-01-03 02:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-04-09 13:02 - 2020-07-15 23:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\NCH Software
2021-04-09 13:02 - 2020-07-15 23:54 - 000000000 ____D C:\ProgramData\NCH Software
2021-04-09 13:02 - 2020-07-01 22:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2021-04-09 13:02 - 2019-10-23 14:34 - 000000000 ____D C:\ProgramData\Packages
2021-04-09 12:41 - 2020-07-01 22:15 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2021-03-29 15:54 - 2020-12-22 01:36 - 000000000 ____D C:\Program Files\DIFX
2021-03-29 15:54 - 2020-07-09 19:50 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-28 03:27 - 2020-07-12 11:01 - 000000000 ____D C:\ProgramData\Paltalk Update
2021-03-28 02:57 - 2020-07-12 11:00 - 000000000 ____D C:\Program Files (x86)\Paltalk
2021-03-23 04:00 - 2020-07-01 22:12 - 000000000 ___RD C:\Users\ronny\3D Objects
==================== Files in the root of some directories ========
2020-12-27 15:29 - 2020-12-27 15:29 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
2020-12-27 15:29 - 2020-12-27 15:29 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2020-07-10 05:21 - 2020-07-10 05:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by ronny (20-04-2021 23:34:38)
Running from C:\Users\ronny\OneDrive\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2021-01-03 07:21:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20149 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{EE89194D-B4FC-4C28-B76E-A646216D689F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Blue Sherpa (HKLM-x32\...\Blue Sherpa) (Version: 1.4.16 - Blue Microphones)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 120.4.4598 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
Dwyco CDC-X version 2.30 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.30 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Elevated Installer (HKLM-x32\...\{1DEEE496-814A-4747-AF7F-493821C79297}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
Garmin Express (HKLM-x32\...\{2E960C0A-DC54-48F0-A2A8-15CFBE15D980}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{4e81ac57-fa02-490f-aa91-18b44ebae651}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC)
HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D0873D1A-C420-483C-A2B7-08AACD6CAC00}) (Version: 12.18.34.21 - HP Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Java 8 Update 281 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
Malwarebytes Privacy version 2.9.0.563 (HKLM\...\{934873BE-C9BC-4F19-B698-9B3E3F8FF07F}_is1) (Version: 2.9.0.563 - Malwarebytes)
Malwarebytes Privacy VPN Tunnel Driver (HKLM\...\{FEE4A372-663C-47A0-BD08-A6C34320DC52}) (Version: 1.0.0.0 - Malwarebytes)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Maxthon (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Maxthon) (Version: 6.1.0.2000 - Maxthon Ltd.)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.5.1000 - Maxthon International Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 7.10 - NCH Software)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Firefox 78.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 78.6.0 ESR (x64 en-US)) (Version: 78.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.0 - Mozilla)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 6.42 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung DeX (HKLM-x32\...\{24639BA3-44DD-4648-806D-8046771E6722}) (Version: 2.0.0.20 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{51af111f-4665-4995-8982-55e0e02163e7}) (Version: 2.0.0.20 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
SuperNova Player (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\TacticsTechnologySuperNova) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 10.12 - NCH Software)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.16 - NCH Software)
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 12.23 - NCH Software)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Y8 Browser 1.0.8 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.8 - Y8 Games)
Packages:
=========
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.0.31.0_x64__0aqw1zw0x2snt [2021-01-27] (韵华软件)
AutoCAD mobile - DWG Viewer, Editor & CAD Drawing Tools -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_7.16.0.0_x64__tf1gferkr813w [2021-04-09] (Autodesk Inc.)
DrawPad Graphic Design Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_7.1.9.0_x86__7kedsbyvzns34 [2021-04-15] (NCH Software)
Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_1.1.0.0_x86__0ah1jqwq7j8nj [2020-12-11] (Ironjaw Studios Private Limited) [MS Ad]
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.45.0_x64__xsbsxxypt8dh6 [2021-03-11] (eyacker.com)
Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.10.0_x64__q68sgvev02mx6 [2021-01-05] (Swisspix) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Studios) [MS Ad]
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2021-04-09] (Keith Lam)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)
Speech to Text -> C:\Program Files\WindowsApps\49600POONFAMILY.SpeechtoText_1.1.0.2_x86__cjkmrjc535bpe [2021-02-04] (POONFAMILY) [MS Ad]
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.3.0_x64__1722q061jff9j [2021-03-01] (Best Game Studio) [MS Ad]
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2021-02-04] (LSongBee) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\ronny\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\Microsoft.Nucleus.exe" => No File
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\ronny\AppData\Local\Maxthon\Application\6.1.0.2000\notification_helper.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\ronny\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\Microsoft.Nucleus.exe" => No File
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\ronny\Dropbox [2021-01-21 15:24]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000056320 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\bz2.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 001130496 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\cairo.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000117760 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\expat.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000222208 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\fontconfig.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000009728 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\libcharset.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000918016 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\libiconv.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000164864 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\libpng16.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000074752 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\zlib1.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2021-03-16 16:56 - 2021-03-16 16:56 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 031859200 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\avcodec-58.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 010266624 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\avfilter-7.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 010868736 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\avformat-58.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 001006592 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\avutil-56.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000125440 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\postproc-55.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000316416 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\swresample-3.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000524800 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\swscale-5.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000007168 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.Primitives.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000033280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.Registry.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000039936 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.SystemEvents.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000038400 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\mscorlib.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000065536 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\netstandard.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 003405824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationCore.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 005783552 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationFramework.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000034304 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Collections.NonGeneric.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000031744 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Collections.Specialized.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000005120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000013824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.EventBasedAsync.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000020992 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.Primitives.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000258560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.TypeConverter.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000365056 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Configuration.ConfigurationManager.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000104960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Diagnostics.Process.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000403456 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Drawing.Common.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000047104 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Drawing.Primitives.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000085504 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.FileSystem.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000108032 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.Packaging.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000053760 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.Pipes.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000126976 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Linq.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000079360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.Primitives.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000129536 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.Requests.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000056832 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.WebClient.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000025600 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.WebHeaderCollection.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000034816 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ObjectModel.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 003053568 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Private.Xml.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Runtime.CompilerServices.VisualC.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000078336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.AccessControl.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000038400 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Claims.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000224768 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Cryptography.Algorithms.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000059904 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Principal.Windows.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000136192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Text.RegularExpressions.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000046080 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Extensions.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 006714880 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Forms.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000564224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Xaml.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000200192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\UIAutomationTypes.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 001046016 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\WindowsBase.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000055808 _____ (Open Source Software community LGPL) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\pthreadVC2.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 001420800 _____ (Pizzolato Davide - www.xdp.it) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\cximageu.dll
2021-01-28 19:02 - 2021-01-28 19:02 - 004579840 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\NativeSamsungDexFramework.dll
2021-01-28 19:01 - 2021-01-28 19:01 - 002872320 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SCommon.dll
2021-01-28 19:01 - 2021-01-28 19:01 - 006453248 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SLocales.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000126976 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Serilog.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000027648 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Serilog.Sinks.File.dll
2021-03-16 16:54 - 2021-03-16 16:54 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000527872 _____ (The FreeType Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\freetype.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\BASS.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000019008 _____ (Un4seen Developments) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\BASSCD.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000017472 _____ (Un4seen Developments) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\BASSWMA.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBVpnService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBVpnService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll [2021-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-01-20] (Oracle America, Inc. -> Oracle Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2021-01-12 09:13 - 2021-01-12 09:13 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Pictures\Dad's\rose6.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VRS"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{982257A6-2960-4CC5-B218-9C82D0FDF538}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{D878296B-3054-4CB8-AE02-04EDC6D71925}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{AF67BDB6-1C1C-491B-9674-FFF1A21D5947}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{DCD0CA11-52AF-44CB-B55B-190AFA8312BE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{A44ADCAB-F36B-4CE4-8019-BA7CD41B8738}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{67605349-E1B0-4A34-999E-4F40E09F08B8}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{B3A4C66C-2FF9-4A17-8A8C-90D574B68004}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{055DE081-7DF1-49FB-A657-4FE2FC430CC4}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{ED58E4D4-63E1-482D-8836-F4DDA5215099}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{4942BF96-9725-4E37-A256-5B0B2ECB4079}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{80726437-D855-42F0-9567-D7FCAC8B66D1}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{63A43B1B-D2A0-405E-8244-3D4F50143137}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{54A1549B-1042-48EC-9BD7-3F1186C1110B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{C0AC34D7-37A5-4B19-9296-58D831CEF53A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [{EE4753E1-9862-4FEA-8018-675B60397C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A57B8224-7F4B-4CE6-AEC1-6CB81CFA8FE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4419992-6231-4561-885A-8A0DF09DEC6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E835BC0-9A0F-4588-9095-605F448A1D05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CE00FE93-FB6F-4FC8-AAD5-E7581803509A}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{BF3AA785-855A-47BD-8A71-572E874F8095}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{3C5D1C80-FD38-4AED-B27D-C00E6A716047}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{CE29BF32-B78B-4EE6-880A-F4323DA1CDA2}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [TCP Query User{D186F964-CDBE-4556-A7C3-B323D0D4992D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{E92F51C9-4EF6-4FE2-839D-04033893C61D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [{E15CADD8-686C-42EC-B7FF-783DA3FEABF2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{8262D3D6-BC3F-4590-9D8C-BD64BF24B22C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
09-04-2021 10:47:23 Scheduled Checkpoint
14-04-2021 19:07:57 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/20/2021 08:29:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead
Error: (04/20/2021 08:29:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Dads.local. Addr 192.168.1.4
Error: (04/20/2021 08:29:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:B025:13F6:E434:A64F:B5BE:4EF7
Error: (04/20/2021 03:25:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: express.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 56F95D4E
Stack:
Error: (04/19/2021 10:45:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (04/19/2021 10:28:03 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (04/18/2021 10:55:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.1.0.1, time stamp: 0x55cbcce6
Faulting module name: mDNSResponder.exe, version: 3.1.0.1, time stamp: 0x55cbcce6
Exception code: 0xc0000409
Fault offset: 0x00000000000437c3
Faulting process id: 0xd2c
Faulting application start time: 0x01d7327fb087d8d8
Faulting application path: C:\Program Files\Bonjour\mDNSResponder.exe
Faulting module path: C:\Program Files\Bonjour\mDNSResponder.exe
Report Id: a4757292-f15d-4019-a9bb-9b5ad20d9d1f
Faulting package full name:
Faulting package-relative application ID:
Error: (04/17/2021 08:13:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead
System errors:
=============
Error: (04/20/2021 11:53:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:51:49 AM on 4/20/2021 was unexpected.
Error: (04/18/2021 10:55:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/17/2021 02:15:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (04/11/2021 07:29:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:20:19 PM on 4/11/2021 was unexpected.
Error: (04/11/2021 10:30:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:21:52 AM on 4/11/2021 was unexpected.
Error: (04/11/2021 07:20:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:11:01 AM on 4/11/2021 was unexpected.
Error: (04/10/2021 04:07:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (04/08/2021 03:27:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Windows Defender:
================
Date: 2021-04-18 04:28:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-17 04:11:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-15 05:50:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-14 06:49:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-13 04:06:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-08 09:40:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.403.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-04-07 04:17:51
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.314.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-03-29 03:51:21
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042d
Error description: The service did not start due to a logon failure.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.
CodeIntegrity:
===============
Date: 2021-04-20 11:56:19
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-04-04 08:20:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Hewlett-Packard L01 v02.65 07/13/2015
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 51%
Total physical RAM: 8082.33 MB
Available physical RAM: 3955.39 MB
Total Virtual: 12304.1 MB
Available Virtual: 7717.46 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:859.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ () (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=749 MB) - (Type=27)
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (20-04-2021 23:32:37)
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Baltic Latvian Universal Electronics LLC -> ) C:\Program Files\Blue Sherpa\sherpa_service.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\MBVPNService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\UI\MBPrivacy.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 2013-11-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [VRS] => C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7991528 2021-04-12] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1941368 2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Samsung DeX] => C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe [10398376 2021-01-28] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162800 2021-03-16] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Malwarebytes Privacy] => C:\Program Files\Malwarebytes\Privacy\UI\mbprivacy.exe [354984 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [30508888 2021-02-14] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-14] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
Task: {36EE3A7E-07D4-4A76-BCE5-42FDCFECFFA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {4A2A0867-EB50-4238-A0F8-87044A268AF2} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2884984 2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {561E6F49-EC06-4A67-AF3C-7321394EE673} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-12-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {63D40B72-C951-4C04-9F37-24EE4D57CCFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {6BEF2E9B-4929-41F0-8B45-35A36E971D33} - System32\Tasks\NCH Software\VideoPadCacheDeleteAll => C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe [9070552 2021-02-23] (NCH Software, Inc. -> NCH Software)
Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
Task: {793F35C6-425D-4ACA-B379-CC823F8FF67B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\Downloads\esetonlinescanner.exe
Task: {7AFFB79E-C869-4BC0-A467-7E1BD74EA127} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\Downloads\esetonlinescanner.exe
Task: {7D14A629-B295-47BB-9607-5A955A6F2FAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8349FE15-8501-4B4B-8463-17C9D0DDCB51} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-03-16] (Garmin International, Inc. -> )
Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-08-20] (HP Inc. -> HP Inc.)
Task: {97604842-DA68-4926-806B-C0861C13882C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe
Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {D1260F1D-B42F-4AC9-BE36-3C4ECCFB20FC} - System32\Tasks\NCH Software\DrawPadLikeSurvey => C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_7.1.4.0_x86__7kedsbyvzns34\DrawPad.exe
Task: {E85E19FD-0C98-4D06-8129-FC4964EDB436} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-16] (Dropbox, Inc -> Dropbox, Inc.)
Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{38ae83d3-c5f7-44d3-984f-0acfc8cf2da0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6def0928-27be-4f5a-9efa-4f1ac79f2979}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1
Edge:
=======
DownloadDir: C:\Users\ronny\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-20]
Edge DownloadDir: C:\Users\ronny\Downloads
Edge HomePage: Default -> hxxps://www.oann.com/
Edge DefaultSearchURL: Default -> hxxps://images.crazygames.com/games/cannon-balls-3d/thumb-1576755043044.png?auto=format,compress&q=75&cs=strip&ch=DPR&w=192&h=192&fit=fill&fill=blur
Edge Extension: (Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bifnnkpgakamifkjfppdlmmbeojlgdfi [2020-07-28]
Edge Extension: (Featured Songs | SingSnap Karaoke) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hhiajehpjhiangplbhcdmaomkbcjkiok [2020-07-28]
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-04-16]
Edge Extension: ((7) Facebook) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofohkhocbjomniionenjnkmhapjnahmj [2020-07-28]
Edge Extension: (8 Ball Pool - A free Sports Game) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pflldibpeogkdfhedafalghhpnfofnaj [2020-07-28]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 [2021-01-25]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\ntamu3y2.default-1618974619849 [2021-04-20]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-13] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2021-04-20]
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16]
CHR Extension: (Adobe Acrobat) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-13]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-13]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-04-18]
CHR Extension: (SuperNova SWF Enabler) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2021-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-18]
CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-16] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2021-01-16] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-04-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\FileSyncHelper.exe [2218872 2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-21] (Malwarebytes Inc -> Malwarebytes)
R2 MBVpnService; C:\Program Files\Malwarebytes\Privacy\MBVpnService.exe [3276912 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Privacy\MBVpnTunnelService.exe [2239304 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\OneDriveUpdaterService.exe [2603368 2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1337784 2020-09-30] (A.V.M. SOFTWARE, INC. -> AVM Software)
R2 sherpa_service; C:\Program Files\Blue Sherpa\sherpa_service.exe [348080 2020-08-01] (Baltic Latvian Universal Electronics LLC -> )
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [161288 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-21] (Malwarebytes Corporation -> Malwarebytes)
S3 EvoMouseDriverMini; C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [25952 2018-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Evoluent)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-04] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2021-01-29] (Malwarebytes Inc -> Malwarebytes)
R3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-03-12] (NCH Software Pty Ltd -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-20 23:09 - 2021-04-20 23:09 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (3).exe
2021-04-20 23:09 - 2021-04-20 23:09 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (2).exe
2021-04-18 10:54 - 2021-04-18 10:54 - 000086680 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbtun.sys
2021-04-18 10:54 - 2021-04-18 10:54 - 000002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Privacy (VPN).lnk
2021-04-18 10:54 - 2021-04-18 10:54 - 000002335 _____ C:\Users\Public\Desktop\Malwarebytes Privacy.lnk
2021-04-18 10:54 - 2021-04-18 10:54 - 000002335 _____ C:\ProgramData\Desktop\Malwarebytes Privacy.lnk
2021-04-18 10:54 - 2021-04-18 10:54 - 000000000 ____D C:\Program Files\MBTunnel
2021-04-18 10:52 - 2021-04-18 10:52 - 001266200 _____ (Malwarebytes) C:\Users\ronny\Downloads\MBPrivacySetup.exe
2021-04-14 19:32 - 2021-04-14 19:32 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-14 19:31 - 2021-04-14 19:31 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-14 19:31 - 2021-04-14 19:31 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-13 18:49 - 2021-04-13 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-04-12 05:51 - 2021-04-12 05:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-04-12 05:51 - 2021-04-12 05:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-04-12 05:51 - 2021-04-12 05:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-04-12 05:51 - 2021-04-12 05:51 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-04-09 22:05 - 2021-04-09 22:05 - 000006713 _____ C:\Users\ronny\Downloads\export.cfg
2021-04-09 12:54 - 2021-04-09 12:54 - 000000000 ____D C:\Users\ronny\.AutoCAD
2021-04-09 12:53 - 2021-04-09 12:53 - 017518592 _____ C:\Users\ronny\Downloads\WebFileOpen-1.0.21.msi
2021-03-29 15:55 - 2021-03-29 15:55 - 000000000 ____D C:\Users\ronny\AppData\Local\Garmin_Ltd._or_its_subsid
2021-03-29 15:54 - 2021-03-29 16:04 - 000000000 ____D C:\ProgramData\Garmin
2021-03-29 15:54 - 2021-03-29 15:55 - 000000000 ____D C:\Users\ronny\AppData\Local\Garmin
2021-03-29 15:54 - 2021-03-29 15:54 - 000003624 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2021-03-29 15:54 - 2021-03-29 15:54 - 000001970 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2021-03-29 15:54 - 2021-03-29 15:54 - 000001970 _____ C:\ProgramData\Desktop\Garmin Express.lnk
2021-03-29 15:54 - 2021-03-29 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2021-03-29 15:54 - 2021-03-29 15:54 - 000000000 ____D C:\Program Files (x86)\Garmin
2021-03-26 21:55 - 2021-03-26 21:55 - 001264088 _____ C:\Users\ronny\Downloads\SuperNovaSetup (5).exe
2021-03-25 23:23 - 2021-03-25 23:23 - 000077672 _____ C:\Users\ronny\Downloads\GRL.gpx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-20 23:33 - 2021-01-22 20:36 - 000000000 ____D C:\FRST
2021-04-20 23:29 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-20 23:10 - 2021-01-22 19:40 - 000034435 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2021-04-20 23:10 - 2020-12-18 21:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2021-04-20 23:10 - 2020-12-18 21:01 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2021-04-20 20:56 - 2021-01-03 02:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-20 20:43 - 2020-12-15 00:35 - 000000000 ____D C:\Program Files\CCleaner
2021-04-20 20:31 - 2021-01-03 02:20 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 20:31 - 2021-01-03 02:20 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 20:31 - 2021-01-03 02:17 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-20 20:31 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-20 20:30 - 2021-01-03 02:20 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
2021-04-20 20:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-20 19:43 - 2021-01-03 02:20 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-20 11:55 - 2021-01-03 02:08 - 000000000 ____D C:\Users\ronny
2021-04-20 11:55 - 2020-07-01 22:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2021-04-20 11:55 - 2020-06-08 11:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-04-20 11:53 - 2021-01-03 02:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-20 11:53 - 2021-01-03 02:02 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-18 23:00 - 2020-07-01 22:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Google
2021-04-18 10:54 - 2020-07-06 23:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-04-18 10:53 - 2020-07-06 18:11 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-17 09:33 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-16 19:09 - 2020-07-19 08:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 19:09 - 2020-07-19 08:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-04-16 19:09 - 2020-07-19 08:00 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-16 14:33 - 2020-09-16 13:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-16 04:33 - 2021-01-28 05:17 - 082837504 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
2021-04-16 04:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-16 02:51 - 2020-07-02 14:13 - 000000000 ____D C:\Users\ronny\AppData\Local\D3DSCache
2021-04-16 00:17 - 2021-01-03 02:03 - 000444392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-16 00:16 - 2021-02-26 03:43 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-04-16 00:15 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-16 00:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-14 19:37 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-14 19:30 - 2021-01-03 02:06 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-14 19:07 - 2020-07-02 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 19:05 - 2020-07-02 02:27 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 17:29 - 2019-10-23 15:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-14 17:29 - 2019-10-23 15:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-14 17:29 - 2019-10-23 15:40 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-13 18:49 - 2021-01-16 09:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-04-12 12:50 - 2021-02-26 03:43 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-04-12 12:50 - 2021-02-26 03:43 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 12:50 - 2020-07-01 22:15 - 000000000 ___RD C:\Users\ronny\OneDrive
2021-04-11 08:27 - 2021-01-21 04:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\y8-browser
2021-04-11 05:33 - 2021-01-28 05:17 - 082837504 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
2021-04-11 03:49 - 2019-10-23 14:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-09 13:36 - 2021-01-03 02:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-04-09 13:02 - 2020-07-15 23:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\NCH Software
2021-04-09 13:02 - 2020-07-15 23:54 - 000000000 ____D C:\ProgramData\NCH Software
2021-04-09 13:02 - 2020-07-01 22:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2021-04-09 13:02 - 2019-10-23 14:34 - 000000000 ____D C:\ProgramData\Packages
2021-04-09 12:41 - 2020-07-01 22:15 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2021-03-29 15:54 - 2020-12-22 01:36 - 000000000 ____D C:\Program Files\DIFX
2021-03-29 15:54 - 2020-07-09 19:50 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-28 03:27 - 2020-07-12 11:01 - 000000000 ____D C:\ProgramData\Paltalk Update
2021-03-28 02:57 - 2020-07-12 11:00 - 000000000 ____D C:\Program Files (x86)\Paltalk
2021-03-23 04:00 - 2020-07-01 22:12 - 000000000 ___RD C:\Users\ronny\3D Objects
==================== Files in the root of some directories ========
2020-12-27 15:29 - 2020-12-27 15:29 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
2020-12-27 15:29 - 2020-12-27 15:29 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2020-07-10 05:21 - 2020-07-10 05:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by ronny (20-04-2021 23:34:38)
Running from C:\Users\ronny\OneDrive\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2021-01-03 07:21:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20149 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{EE89194D-B4FC-4C28-B76E-A646216D689F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Blue Sherpa (HKLM-x32\...\Blue Sherpa) (Version: 1.4.16 - Blue Microphones)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 120.4.4598 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
Dwyco CDC-X version 2.30 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.30 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Elevated Installer (HKLM-x32\...\{1DEEE496-814A-4747-AF7F-493821C79297}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
Garmin Express (HKLM-x32\...\{2E960C0A-DC54-48F0-A2A8-15CFBE15D980}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{4e81ac57-fa02-490f-aa91-18b44ebae651}) (Version: 7.4.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC)
HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D0873D1A-C420-483C-A2B7-08AACD6CAC00}) (Version: 12.18.34.21 - HP Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Java 8 Update 281 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
Malwarebytes Privacy version 2.9.0.563 (HKLM\...\{934873BE-C9BC-4F19-B698-9B3E3F8FF07F}_is1) (Version: 2.9.0.563 - Malwarebytes)
Malwarebytes Privacy VPN Tunnel Driver (HKLM\...\{FEE4A372-663C-47A0-BD08-A6C34320DC52}) (Version: 1.0.0.0 - Malwarebytes)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Maxthon (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Maxthon) (Version: 6.1.0.2000 - Maxthon Ltd.)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.5.1000 - Maxthon International Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 7.10 - NCH Software)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Firefox 78.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 78.6.0 ESR (x64 en-US)) (Version: 78.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.0 - Mozilla)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 6.42 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung DeX (HKLM-x32\...\{24639BA3-44DD-4648-806D-8046771E6722}) (Version: 2.0.0.20 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{51af111f-4665-4995-8982-55e0e02163e7}) (Version: 2.0.0.20 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
SuperNova Player (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\TacticsTechnologySuperNova) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 10.12 - NCH Software)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.16 - NCH Software)
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 12.23 - NCH Software)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Y8 Browser 1.0.8 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.8 - Y8 Games)
Packages:
=========
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.0.31.0_x64__0aqw1zw0x2snt [2021-01-27] (韵华软件)
AutoCAD mobile - DWG Viewer, Editor & CAD Drawing Tools -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_7.16.0.0_x64__tf1gferkr813w [2021-04-09] (Autodesk Inc.)
DrawPad Graphic Design Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_7.1.9.0_x86__7kedsbyvzns34 [2021-04-15] (NCH Software)
Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_1.1.0.0_x86__0ah1jqwq7j8nj [2020-12-11] (Ironjaw Studios Private Limited) [MS Ad]
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.45.0_x64__xsbsxxypt8dh6 [2021-03-11] (eyacker.com)
Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.10.0_x64__q68sgvev02mx6 [2021-01-05] (Swisspix) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-15] (Microsoft Studios) [MS Ad]
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2021-04-09] (Keith Lam)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)
Speech to Text -> C:\Program Files\WindowsApps\49600POONFAMILY.SpeechtoText_1.1.0.2_x86__cjkmrjc535bpe [2021-02-04] (POONFAMILY) [MS Ad]
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.3.0_x64__1722q061jff9j [2021-03-01] (Best Game Studio) [MS Ad]
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2021-02-04] (LSongBee) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\ronny\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\Microsoft.Nucleus.exe" => No File
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\ronny\AppData\Local\Maxthon\Application\6.1.0.2000\notification_helper.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\ronny\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\Microsoft.Nucleus.exe" => No File
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\ronny\Dropbox [2021-01-21 15:24]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.052.0314.0001\amd64\FileSyncShell64.dll [2021-04-12] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.47.0.dll [2021-03-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000056320 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\bz2.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 001130496 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\cairo.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000117760 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\expat.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000222208 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\fontconfig.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000009728 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\libcharset.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000918016 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\libiconv.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000164864 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\libpng16.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000074752 _____ () [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\zlib1.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2021-03-16 16:56 - 2021-03-16 16:56 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 031859200 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\avcodec-58.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 010266624 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\avfilter-7.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 010868736 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\avformat-58.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 001006592 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\avutil-56.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000125440 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\postproc-55.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000316416 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\swresample-3.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000524800 _____ (FFmpeg Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\swscale-5.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2021-03-16 16:52 - 2021-03-16 16:52 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000007168 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.Primitives.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000033280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.Registry.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000039936 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Microsoft.Win32.SystemEvents.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000038400 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\mscorlib.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000065536 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\netstandard.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 003405824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationCore.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 005783552 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\PresentationFramework.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000034304 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Collections.NonGeneric.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000031744 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Collections.Specialized.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000005120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000013824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.EventBasedAsync.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000020992 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.Primitives.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000258560 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ComponentModel.TypeConverter.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000365056 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Configuration.ConfigurationManager.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000104960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Diagnostics.Process.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000403456 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Drawing.Common.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000047104 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Drawing.Primitives.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000085504 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.FileSystem.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000108032 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.Packaging.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000053760 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.IO.Pipes.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000126976 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Linq.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000079360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.Primitives.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000129536 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.Requests.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000056832 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.WebClient.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000025600 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Net.WebHeaderCollection.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000034816 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.ObjectModel.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 003053568 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Private.Xml.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Runtime.CompilerServices.VisualC.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000078336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.AccessControl.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000038400 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Claims.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000224768 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Cryptography.Algorithms.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000059904 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Security.Principal.Windows.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000136192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Text.RegularExpressions.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000046080 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Extensions.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 006714880 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Windows.Forms.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000564224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\System.Xaml.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000200192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\UIAutomationTypes.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 001046016 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\WindowsBase.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000055808 _____ (Open Source Software community LGPL) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\pthreadVC2.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 001420800 _____ (Pizzolato Davide - www.xdp.it) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\cximageu.dll
2021-01-28 19:02 - 2021-01-28 19:02 - 004579840 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\NativeSamsungDexFramework.dll
2021-01-28 19:01 - 2021-01-28 19:01 - 002872320 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SCommon.dll
2021-01-28 19:01 - 2021-01-28 19:01 - 006453248 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SLocales.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000126976 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Serilog.dll
2021-04-18 10:54 - 2021-04-18 10:54 - 000027648 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Program Files\Malwarebytes\Privacy\UI\Serilog.Sinks.File.dll
2021-03-16 16:54 - 2021-03-16 16:54 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000527872 _____ (The FreeType Project) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\freetype.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\BASS.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000019008 _____ (Un4seen Developments) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\BASSCD.dll
2020-11-23 16:52 - 2020-11-23 16:52 - 000017472 _____ (Un4seen Developments) [File not signed] C:\Users\ronny\OneDrive\Desktop\Samsung DeX\BASSWMA.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBVpnService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBVpnService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\ssv.dll [2021-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-01-20] (Oracle America, Inc. -> Oracle Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2021-01-12 09:13 - 2021-01-12 09:13 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Pictures\Dad's\rose6.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VRS"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{982257A6-2960-4CC5-B218-9C82D0FDF538}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{D878296B-3054-4CB8-AE02-04EDC6D71925}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{AF67BDB6-1C1C-491B-9674-FFF1A21D5947}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{DCD0CA11-52AF-44CB-B55B-190AFA8312BE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{A44ADCAB-F36B-4CE4-8019-BA7CD41B8738}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{67605349-E1B0-4A34-999E-4F40E09F08B8}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{B3A4C66C-2FF9-4A17-8A8C-90D574B68004}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{055DE081-7DF1-49FB-A657-4FE2FC430CC4}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{ED58E4D4-63E1-482D-8836-F4DDA5215099}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{4942BF96-9725-4E37-A256-5B0B2ECB4079}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{80726437-D855-42F0-9567-D7FCAC8B66D1}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{63A43B1B-D2A0-405E-8244-3D4F50143137}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{54A1549B-1042-48EC-9BD7-3F1186C1110B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{C0AC34D7-37A5-4B19-9296-58D831CEF53A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [{EE4753E1-9862-4FEA-8018-675B60397C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A57B8224-7F4B-4CE6-AEC1-6CB81CFA8FE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4419992-6231-4561-885A-8A0DF09DEC6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E835BC0-9A0F-4588-9095-605F448A1D05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CE00FE93-FB6F-4FC8-AAD5-E7581803509A}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{BF3AA785-855A-47BD-8A71-572E874F8095}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{3C5D1C80-FD38-4AED-B27D-C00E6A716047}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{CE29BF32-B78B-4EE6-880A-F4323DA1CDA2}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [TCP Query User{D186F964-CDBE-4556-A7C3-B323D0D4992D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{E92F51C9-4EF6-4FE2-839D-04033893C61D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [{E15CADD8-686C-42EC-B7FF-783DA3FEABF2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{8262D3D6-BC3F-4590-9D8C-BD64BF24B22C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
09-04-2021 10:47:23 Scheduled Checkpoint
14-04-2021 19:07:57 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/20/2021 08:29:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead
Error: (04/20/2021 08:29:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Dads.local. Addr 192.168.1.4
Error: (04/20/2021 08:29:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:B025:13F6:E434:A64F:B5BE:4EF7
Error: (04/20/2021 03:25:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: express.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 56F95D4E
Stack:
Error: (04/19/2021 10:45:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (04/19/2021 10:28:03 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (04/18/2021 10:55:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.1.0.1, time stamp: 0x55cbcce6
Faulting module name: mDNSResponder.exe, version: 3.1.0.1, time stamp: 0x55cbcce6
Exception code: 0xc0000409
Fault offset: 0x00000000000437c3
Faulting process id: 0xd2c
Faulting application start time: 0x01d7327fb087d8d8
Faulting application path: C:\Program Files\Bonjour\mDNSResponder.exe
Faulting module path: C:\Program Files\Bonjour\mDNSResponder.exe
Report Id: a4757292-f15d-4019-a9bb-9b5ad20d9d1f
Faulting package full name:
Faulting package-relative application ID:
Error: (04/17/2021 08:13:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead
System errors:
=============
Error: (04/20/2021 11:53:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:51:49 AM on 4/20/2021 was unexpected.
Error: (04/18/2021 10:55:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/17/2021 02:15:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (04/11/2021 07:29:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:20:19 PM on 4/11/2021 was unexpected.
Error: (04/11/2021 10:30:19 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:21:52 AM on 4/11/2021 was unexpected.
Error: (04/11/2021 07:20:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:11:01 AM on 4/11/2021 was unexpected.
Error: (04/10/2021 04:07:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (04/08/2021 03:27:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Windows Defender:
================
Date: 2021-04-18 04:28:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-17 04:11:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-15 05:50:10
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-14 06:49:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-13 04:06:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-04-08 09:40:35
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.403.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-04-07 04:17:51
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.314.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2021-03-29 03:51:21
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007042d
Error description: The service did not start due to a logon failure.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.
CodeIntegrity:
===============
Date: 2021-04-20 11:56:19
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-04-04 08:20:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Hewlett-Packard L01 v02.65 07/13/2015
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 51%
Total physical RAM: 8082.33 MB
Available physical RAM: 3955.39 MB
Total Virtual: 12304.1 MB
Available Virtual: 7717.46 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:859.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ () (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=749 MB) - (Type=27)
==================== End of Addition.txt =======================