Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: back so soon under attack...

  1. #1
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    267

    Default back so soon under attack...

    i swear! i was on amazon andi didn't click on anything but my browser went nuts and mouse too. no matter what my mouse even just hovered on it did it. if i went over the red x poof. it downloaded about 25 frst installers. the aswMBR killed my pc so it didn't scan. it started opening so many windows finally the browser just shut down. i hate to be back bothering again but please help!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
    Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (06-10-2019 22:10:24)
    Running from C:\Users\ronny\Desktop
    Loaded Profiles: ronny (Available Profiles: ronny)
    Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
    Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
    (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (SweetLabs Inc. -> SweetLabs, Inc) C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe
    (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [4222824 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
    Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-04]
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {1224E798-3D98-4167-9210-57D0A608D115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
    Task: {2F69E2B5-998C-4BE3-B8C1-F4C17A832F81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
    Task: {56459180-EFEE-41F5-A5DE-1AAC75A3848F} - System32\Tasks\App Explorer => C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7399080 2019-06-03] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
    Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
    Task: {CE593E85-91CA-4FC6-9123-B03726458666} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {EAF67D8F-5CB1-4E4B-9409-6A9A6E49888B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
    Task: {ED066DF5-E55B-4A40-B888-00144190843A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-03-06] (Lenovo -> Lenovo Group Ltd.)
    Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
    Tcpip\..\Interfaces\{a7d8a2cf-4df1-462b-8c04-296901f5dbce}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{e9912264-f036-4b2d-a7b6-0265d6053904}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\ronny\Desktop\New folder\bin\ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\ronny\Desktop\New folder\bin\jp2ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)

    Edge:
    ======
    DownloadDir: C:\Users\ronny\Downloads
    Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02]
    Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02]

    FireFox:
    ========
    FF DefaultProfile: fningdqf.default
    FF DefaultProfile: maib197h.default
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-02]
    FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2019-09-26]
    FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-09-23]
    FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\dtplugin\npDeployJava1.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\plugin2\npjp2.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2019-08-30]
    CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
    CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
    CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
    CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
    CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
    CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-30]
    CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-30]
    CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
    CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [178024 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
    R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
    R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89600 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
    S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
    R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
    R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
    R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
    S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
    S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
    S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
    R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
    R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-06 22:10 - 2019-10-06 22:13 - 000026550 _____ C:\Users\ronny\Desktop\FRST.txt
    2019-10-06 22:08 - 2019-10-06 22:11 - 000000000 ____D C:\FRST
    2019-10-06 22:05 - 2019-10-06 22:05 - 005198336 _____ (AVAST Software) C:\Users\ronny\Desktop\aswMBR.exe
    2019-10-06 22:04 - 2019-10-06 22:04 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64(1).exe
    2019-10-06 22:03 - 2019-10-06 22:03 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
    2019-10-06 22:02 - 2019-10-06 22:02 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-4HPCQJEC-Windows-10-Home-(64-bit).dat
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\RegBackup
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2019-10-06 22:01 - 2019-10-06 22:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
    2019-10-06 18:38 - 2019-10-06 18:38 - 001864748 _____ C:\Users\ronny\Desktop\image1.jpeg
    2019-10-04 21:47 - 2019-10-04 21:47 - 000000000 ____D C:\Users\ronny\AppData\Local\Logitech® Webcam Software
    2019-10-04 21:44 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
    2019-10-04 21:43 - 2019-10-04 21:43 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Leadertech
    2019-10-04 21:40 - 2019-10-04 21:43 - 000000000 ____D C:\Program Files (x86)\Logitech
    2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\ProgramData\Desktop\Logitech Webcam Software .lnk
    2019-10-04 21:40 - 2019-10-04 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2019-10-02 12:18 - 2019-10-02 12:18 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-10-02 12:18 - 2019-10-02 12:18 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2019-10-02 12:18 - 2019-10-02 12:18 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2019-10-02 12:18 - 2019-10-02 12:18 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2019-10-02 11:10 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
    2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
    2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\ProgramData\Desktop\SeaMonkey.lnk
    2019-10-02 11:09 - 2019-10-02 12:14 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
    2019-10-02 11:08 - 2019-10-02 11:08 - 044820438 _____ (Mozilla) C:\Users\ronny\Desktop\seamonkey-2.49.5.installer.exe
    2019-10-02 10:58 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
    2019-10-02 10:57 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2019-10-02 10:57 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\Desktop\New folder
    2019-10-02 10:57 - 2019-10-02 10:57 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2019-10-02 10:49 - 2019-10-02 10:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Oracle
    2019-09-28 02:49 - 2019-10-06 21:21 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
    2019-09-27 23:41 - 2019-09-27 23:41 - 000470308 _____ C:\Users\ronny\Desktop\Resized_Screenshot_20190927-104343.jpeg
    2019-09-27 08:54 - 2019-09-27 08:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Adguard Software Ltd
    2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Local\Adguard_Software_Ltd
    2019-09-26 21:24 - 2019-09-18 05:05 - 000089600 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
    2019-09-26 21:23 - 2019-10-06 21:38 - 000000000 ____D C:\ProgramData\Adguard
    2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\Users\Public\Desktop\Adguard.lnk
    2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\ProgramData\Desktop\Adguard.lnk
    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\ProgramData\fontcacheev1.dat
    2019-09-26 21:22 - 2019-10-02 12:18 - 000000000 ____D C:\Program Files (x86)\Adguard
    2019-09-26 21:22 - 2019-09-26 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
    2019-09-21 23:22 - 2019-09-27 13:35 - 000000000 ____D C:\Users\ronny\AppData\Local\Unity
    2019-09-21 23:22 - 2019-09-22 19:47 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Unity
    2019-09-21 00:00 - 2019-09-21 00:00 - 000374961 _____ C:\Users\ronny\Desktop\ronald_bridges_nvrf.pdf
    2019-09-19 12:34 - 2019-10-04 21:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
    2019-09-19 11:18 - 2019-09-19 11:18 - 000000000 ___HD C:\OneDriveTemp
    2019-09-18 10:53 - 2019-09-18 11:08 - 000000000 ____D C:\Users\ronny\Desktop\Sounds
    2019-09-07 02:06 - 2019-09-08 05:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-06 21:47 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-10-06 18:36 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-10-06 08:45 - 2019-08-24 16:09 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
    2019-10-05 22:02 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny\AppData\Local\Host App Service
    2019-10-05 12:54 - 2019-08-30 01:36 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Maxthon5
    2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-10-04 21:56 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
    2019-10-04 21:43 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
    2019-10-04 21:43 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
    2019-10-02 12:25 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2019-10-02 12:17 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-10-02 12:15 - 2019-08-23 15:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2019-10-02 11:47 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\registration
    2019-10-02 11:43 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
    2019-10-02 11:20 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
    2019-10-02 11:16 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Local\Mozilla
    2019-10-02 11:10 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Mozilla
    2019-10-02 10:21 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-09-29 12:33 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
    2019-09-28 02:44 - 2019-08-23 19:28 - 000000000 ___RD C:\Users\ronny\OneDrive
    2019-09-28 02:33 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-09-28 00:45 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
    2019-09-27 08:53 - 2019-09-01 17:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-09-26 21:21 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
    2019-09-24 14:12 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2019-09-24 01:26 - 2019-09-03 23:06 - 000000000 ____D C:\WINDOWS\Net
    2019-09-23 21:03 - 2019-08-26 16:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2019-09-23 21:02 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-09-21 03:48 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
    2019-09-19 11:17 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
    2019-09-19 11:17 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-09-13 03:11 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.old.sql
    2019-09-09 03:16 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports

    ==================== Files in the root of some directories ================

    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
    Ran by ronny (06-10-2019 22:14:48)
    Running from C:\Users\ronny\Desktop
    Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
    Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
    ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.2.2936.0 - Adguard Software Ltd) Hidden
    AdGuard (HKLM-x32\...\{bc242975-00ab-4e62-ad42-31de9242d781}) (Version: 7.2.2936.0 - Adguard Software Ltd)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
    Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
    Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
    Dwyco CDC-X version 2.19 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
    Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
    Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
    Lenovo App Explorer (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Host App Service) (Version: 0.273.3.522 - SweetLabs for Lenovo) <==== ATTENTION
    Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
    Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
    Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
    MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
    SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
    Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

    Packages:
    =========
    Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02] (Fillr)
    Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-03] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1600.3.0_x86__kgqvnymyfvs32 [2019-10-02] (king.com)
    Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1908.42.0_x64__k1h2ywk1493x8 [2019-10-02] (LENOVO INC.)
    LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-10-02] (LENOVO INC)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Studios) [MS Ad]
    Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0 [2019-10-02] (Spotify AB)
    uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02] (Nik Rolls)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2019-08-23 19:13 - 2018-08-12 23:33 - 001564160 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoContextEnginePlugin\x64\x64\SQLite.Interop.dll
    2015-10-09 07:42 - 2003-01-26 15:41 - 000040960 _____ (vbAccelerator) [File not signed] C:\Program Files (x86)\Tweaking.com\Registry Backup\SSubTmr6.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
    FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{0635B29F-2632-4637-8F71-27A8A139037E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{99B17194-18D2-4791-99E0-75B78A616468}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
    FirewallRules: [{A8CD29F5-7DD5-4078-98B5-08A068340E28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{67A9CC3A-842F-477C-8F5A-D5400EF41ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F0083959-183D-40B8-ACE3-BF7BF4129EAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8006475F-37EE-4BF6-979B-985DDFA4689F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{3802570B-363B-441D-8C64-020D14D5CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1008D5D4-8314-4373-874E-534C3E93BC55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5692BE70-F61F-463C-831C-00E767D45BAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{972054F6-3AB3-4F1D-A5B3-43F551FA4298}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{7693F2D9-9301-417B-8CD1-F7B3302A2853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5243A6B1-8F19-4E60-BE3F-18890A09AFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{9AD62D3D-D3DA-4ABD-B97F-45071A5CA045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{118302F7-B6F5-4893-BD18-8CD7766C3229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{4AA7B009-46A4-47B2-BE4B-2A6BB2620864}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{AAE44F32-B9E6-48D4-ACEE-C0A733CEDBBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B0D8EF3F-26C3-4B2B-A70D-852B25C613E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{9D44185D-45EE-4E85-B252-9945F49A2BAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B7784072-0EF8-4F91-BD3B-FE64D28B4961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Codecs (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

    ==================== Restore Points =========================

    21-09-2019 06:26:23 Scheduled Checkpoint
    29-09-2019 14:21:44 Windows Update
    02-10-2019 11:38:49 Restore Operation

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/06/2019 09:58:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 3d78

    Start Time: 01d57cbae873d16b

    Termination Time: 0

    Application Path: C:\WINDOWS\System32\MicrosoftEdgeCP.exe

    Report Id: f5a1e8ac-ce81-413e-a0de-3705ffc03c9c

    Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe

    Faulting package-relative application ID: MicrosoftEdge

    Hang type: Unknown

    Error: (10/06/2019 09:51:46 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

    Error: (10/06/2019 09:51:46 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/06/2019 08:51:04 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/05/2019 08:55:04 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

    Error: (10/05/2019 08:55:03 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/05/2019 08:50:55 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/03/2019 02:04:43 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).


    System errors:
    =============
    Error: (10/06/2019 08:45:14 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
    Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74

    Error: (10/05/2019 08:45:22 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
    Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74

    Error: (10/03/2019 11:37:55 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
    Description: Miniport Remote NDIS based Internet Sharing Device, {40819c4a-134a-456a-863f-af0c92d95b2b}, had event 74

    Error: (10/02/2019 12:33:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070057: 9NCGJX5QLP9M-AppUp.IntelMediaSDKDFP.

    Error: (10/02/2019 12:32:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80246013: 9NCGJX5QLP9M-AppUp.IntelMediaSDKDFP.

    Error: (10/02/2019 12:25:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/02/2019 12:25:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/02/2019 12:19:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscDataProtection
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2019-10-06 22:14:45.790
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...6&enterprise=0
    Name: Trojan:Win32/Tiggre!plock
    ID: 2147723626
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\ronny\Downloads\FRSTEnglish.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0
    Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

    Date: 2019-10-03 13:52:01.957
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {595EC542-D413-417E-9623-207FF9200C55}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-10-03 13:39:02.366
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {E1EB5BFE-C4AB-4C53-864E-0B62D7A12C91}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-10-03 13:28:57.452
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {CC7CCFAB-08BD-460F-8389-CFE707DD98D0}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-10-03 13:20:23.207
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {5AD5FCCE-D023-47E3-BA8E-27DF2FA5B7D1}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-09-28 02:42:21.947
    Description:
    Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted: Current
    Error Code: 0x80070002
    Error description: The system cannot find the file specified.
    Signature version: 0.0.0.0;0.0.0.0
    Engine version: 0.0.0.0

    Date: 2019-09-11 11:22:10.912
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2019-09-11 10:25:43.237
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2019-09-11 10:25:43.237
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2019-09-10 20:09:06.651
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ===================================

    Date: 2019-10-06 21:57:17.750
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:57:08.824
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:57:08.380
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:57.549
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:36.134
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:28.616
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:28.251
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:28.016
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    BIOS: LENOVO 8TCN53WW 05/17/2019
    Motherboard: LENOVO LNVNB161216
    Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
    Percentage of memory in use: 70%
    Total physical RAM: 4005.22 MB
    Available physical RAM: 1195.96 MB
    Total Virtual: 8929.92 MB
    Available Virtual: 4394.14 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:882.58 GB) NTFS

    \\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
    \\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  2. #2
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    267

    Default

    also when i scroll over a page it highlights everything, then i pull away but before i can it catches part of the text and copies it to clipboard. i can't tell what all it's doing but it does it.

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    It all sounds very odd, and I really can't say whats happened.

    We need to remove an item out of your add/remove programs list.
    Open the Start menu.
    Click Settings.
    Click System on the Settings menu.
    Select Apps & features from the left pane. ...
    Select an app you wish to uninstall.
    Lenovo App Explorer (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Host App Service) (Version: 0.273.3.522 - SweetLabs for Lenovo) <==== ATTENTION
    Click the Uninstall button that appears.



    News is coming in about failed/bad windows updates, so be on the lookout for that.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    I'm not sure but the version of Farbar Recovery Scan Tool looks to be outdated?
    Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
    We can attempt to download a tool to remove this version and all folders and download a more current one.
    ~~~~~

    KpRm

    Download KpRm by kernel-panik and save it to your desktop.
    • Right-click kprm_(version).exe and select Run as Administrator.
    • When the tool opens, ensure all boxes are checked, and select Run.
    • Once complete, click OK.
    • A log will open in Notepad titled kprm-(date).txt.
    • Please copy and paste its contents in your next reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Next, let's try a newer version of FRST
    Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    267

    Default

    ok juliet, thanks. i did as you posted and the file to erase the other frst ran fine and it's report came up when it finished. before i could do anything my entire screen went black and there was nothing except my cursor. it would move but seemed to have no functions. i had to eventually kill the power by holding the power button down and then restart. when i did it opened as normal but the frst was gone from my desktop but so was the other program that deleted it. posting these new frst reports and i will look on my pc for that program.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
    Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (07-10-2019 10:15:27)
    Running from C:\Users\ronny\Desktop
    Loaded Profiles: ronny (Available Profiles: ronny)
    Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
    Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
    (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
    (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\YourPhone.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [4222824 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
    Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-06]
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {1224E798-3D98-4167-9210-57D0A608D115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
    Task: {2F69E2B5-998C-4BE3-B8C1-F4C17A832F81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
    Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
    Task: {CE593E85-91CA-4FC6-9123-B03726458666} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {EAF67D8F-5CB1-4E4B-9409-6A9A6E49888B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
    Task: {ED066DF5-E55B-4A40-B888-00144190843A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-03-06] (Lenovo -> Lenovo Group Ltd.)
    Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
    Tcpip\..\Interfaces\{a7d8a2cf-4df1-462b-8c04-296901f5dbce}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{e9912264-f036-4b2d-a7b6-0265d6053904}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\ronny\Desktop\New folder\bin\ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\ronny\Desktop\New folder\bin\jp2ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)

    Edge:
    ======
    DownloadDir: C:\Users\ronny\Downloads
    Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02]
    Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02]

    FireFox:
    ========
    FF DefaultProfile: fningdqf.default
    FF DefaultProfile: maib197h.default
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-07]
    FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2019-10-07]
    FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-10-07]
    FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\dtplugin\npDeployJava1.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\plugin2\npjp2.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-08-30] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2019-08-30]
    CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
    CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
    CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
    CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
    CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
    CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-30]
    CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-30]
    CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
    CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [178024 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
    R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
    R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89600 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
    S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
    R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-10-02] (Malwarebytes Corporation -> Malwarebytes)
    R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
    R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
    S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
    S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
    S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
    R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
    R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-07 10:15 - 2019-10-07 10:17 - 000027149 _____ C:\Users\ronny\Desktop\FRST.txt
    2019-10-07 10:14 - 2019-10-07 10:16 - 000000000 ____D C:\FRST
    2019-10-07 10:14 - 2019-10-07 10:14 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
    2019-10-07 09:05 - 2019-10-07 09:08 - 000003238 _____ C:\Users\ronny\Desktop\kprm-201910070904.txt
    2019-10-07 09:05 - 2019-10-07 09:05 - 000000000 ____D C:\KPRM
    2019-10-06 22:24 - 2019-10-06 22:29 - 001557804 _____ C:\WINDOWS\Minidump\100619-46203-01.dmp
    2019-10-06 22:24 - 2019-10-06 22:24 - 869951544 _____ C:\WINDOWS\MEMORY.DMP
    2019-10-06 22:24 - 2019-10-06 22:24 - 000000000 ____D C:\WINDOWS\Minidump
    2019-10-06 22:02 - 2019-10-06 22:02 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-4HPCQJEC-Windows-10-Home-(64-bit).dat
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\RegBackup
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2019-10-06 22:01 - 2019-10-06 22:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
    2019-10-04 21:47 - 2019-10-04 21:47 - 000000000 ____D C:\Users\ronny\AppData\Local\Logitech® Webcam Software
    2019-10-04 21:44 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
    2019-10-04 21:43 - 2019-10-04 21:43 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Leadertech
    2019-10-04 21:40 - 2019-10-04 21:43 - 000000000 ____D C:\Program Files (x86)\Logitech
    2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\ProgramData\Desktop\Logitech Webcam Software .lnk
    2019-10-04 21:40 - 2019-10-04 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2019-10-02 12:18 - 2019-10-07 10:09 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2019-10-02 12:18 - 2019-10-07 10:08 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-10-02 12:18 - 2019-10-02 12:18 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2019-10-02 12:18 - 2019-10-02 12:18 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2019-10-02 11:10 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
    2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
    2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\ProgramData\Desktop\SeaMonkey.lnk
    2019-10-02 11:09 - 2019-10-02 12:14 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
    2019-10-02 11:08 - 2019-10-02 11:08 - 044820438 _____ (Mozilla) C:\Users\ronny\Desktop\seamonkey-2.49.5.installer.exe
    2019-10-02 10:58 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
    2019-10-02 10:57 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2019-10-02 10:57 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\Desktop\New folder
    2019-10-02 10:57 - 2019-10-02 10:57 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2019-10-02 10:49 - 2019-10-02 10:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Oracle
    2019-09-28 02:49 - 2019-10-07 10:13 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
    2019-09-27 23:41 - 2019-09-27 23:41 - 000470308 _____ C:\Users\ronny\Desktop\Resized_Screenshot_20190927-104343.jpeg
    2019-09-27 08:54 - 2019-09-27 08:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Adguard Software Ltd
    2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Local\Adguard_Software_Ltd
    2019-09-26 21:24 - 2019-09-18 05:05 - 000089600 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
    2019-09-26 21:23 - 2019-10-07 10:18 - 000000000 ____D C:\ProgramData\Adguard
    2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\Users\Public\Desktop\Adguard.lnk
    2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\ProgramData\Desktop\Adguard.lnk
    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\ProgramData\fontcacheev1.dat
    2019-09-26 21:22 - 2019-10-07 10:09 - 000000000 ____D C:\Program Files (x86)\Adguard
    2019-09-26 21:22 - 2019-09-26 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
    2019-09-21 23:22 - 2019-09-27 13:35 - 000000000 ____D C:\Users\ronny\AppData\Local\Unity
    2019-09-21 23:22 - 2019-09-22 19:47 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Unity
    2019-09-21 00:00 - 2019-09-21 00:00 - 000374961 _____ C:\Users\ronny\Desktop\ronald_bridges_nvrf.pdf
    2019-09-19 12:34 - 2019-10-04 21:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
    2019-09-19 11:18 - 2019-09-19 11:18 - 000000000 ___HD C:\OneDriveTemp
    2019-09-18 10:53 - 2019-09-18 11:08 - 000000000 ____D C:\Users\ronny\Desktop\Sounds
    2019-09-07 02:06 - 2019-09-08 05:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-07 10:11 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-10-07 10:09 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2019-10-07 10:08 - 2019-08-24 16:09 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
    2019-10-07 10:08 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-10-07 10:08 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-10-07 08:56 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
    2019-10-07 04:11 - 2019-08-26 16:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2019-10-06 22:32 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-10-06 22:25 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
    2019-10-05 12:54 - 2019-08-30 01:36 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Maxthon5
    2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-10-04 21:56 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
    2019-10-04 21:43 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
    2019-10-04 21:43 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
    2019-10-02 12:15 - 2019-08-23 15:35 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2019-10-02 11:47 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\registration
    2019-10-02 11:16 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Local\Mozilla
    2019-10-02 11:10 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Mozilla
    2019-10-02 10:21 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-09-29 12:33 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
    2019-09-28 02:44 - 2019-08-23 19:28 - 000000000 ___RD C:\Users\ronny\OneDrive
    2019-09-28 02:33 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-09-28 00:45 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
    2019-09-27 08:53 - 2019-09-01 17:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-09-26 21:21 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
    2019-09-24 14:12 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2019-09-24 01:26 - 2019-09-03 23:06 - 000000000 ____D C:\WINDOWS\Net
    2019-09-23 21:02 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-09-21 03:48 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
    2019-09-19 11:17 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
    2019-09-19 11:17 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-09-13 03:11 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.old.sql
    2019-09-09 03:16 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports

    ==================== Files in the root of some directories ================

    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
    Ran by ronny (07-10-2019 10:19:49)
    Running from C:\Users\ronny\Desktop
    Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
    Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
    ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.2.2936.0 - Adguard Software Ltd) Hidden
    AdGuard (HKLM-x32\...\{bc242975-00ab-4e62-ad42-31de9242d781}) (Version: 7.2.2936.0 - Adguard Software Ltd)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
    Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
    Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
    Dwyco CDC-X version 2.19 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
    Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
    Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.2.542 - SweetLabs for Lenovo) <==== ATTENTION
    Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
    Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
    Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
    MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
    SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
    Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

    Packages:
    =========
    Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02] (Fillr)
    Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-03] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1600.3.0_x86__kgqvnymyfvs32 [2019-10-02] (king.com)
    Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1908.42.0_x64__k1h2ywk1493x8 [2019-10-02] (LENOVO INC.)
    LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-10-02] (LENOVO INC)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Studios) [MS Ad]
    Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0 [2019-10-02] (Spotify AB)
    uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02] (Nik Rolls)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2019-09-02 18:09 - 2019-05-28 15:06 - 001021440 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
    2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll
    2019-09-21 08:50 - 2019-06-08 16:48 - 001257472 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
    2019-08-23 19:13 - 2018-08-12 23:33 - 001564160 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoContextEnginePlugin\x64\x64\SQLite.Interop.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
    FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{0635B29F-2632-4637-8F71-27A8A139037E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{99B17194-18D2-4791-99E0-75B78A616468}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
    FirewallRules: [{A8CD29F5-7DD5-4078-98B5-08A068340E28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{67A9CC3A-842F-477C-8F5A-D5400EF41ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F0083959-183D-40B8-ACE3-BF7BF4129EAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8006475F-37EE-4BF6-979B-985DDFA4689F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{3802570B-363B-441D-8C64-020D14D5CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1008D5D4-8314-4373-874E-534C3E93BC55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5692BE70-F61F-463C-831C-00E767D45BAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{972054F6-3AB3-4F1D-A5B3-43F551FA4298}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{7693F2D9-9301-417B-8CD1-F7B3302A2853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5243A6B1-8F19-4E60-BE3F-18890A09AFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{9AD62D3D-D3DA-4ABD-B97F-45071A5CA045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{118302F7-B6F5-4893-BD18-8CD7766C3229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{4AA7B009-46A4-47B2-BE4B-2A6BB2620864}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{AAE44F32-B9E6-48D4-ACEE-C0A733CEDBBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B0D8EF3F-26C3-4B2B-A70D-852B25C613E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{9D44185D-45EE-4E85-B252-9945F49A2BAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B7784072-0EF8-4F91-BD3B-FE64D28B4961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Codecs (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

    ==================== Restore Points =========================

    07-10-2019 09:06:16 Windows Update
    07-10-2019 09:07:19 KpRm

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/07/2019 10:15:50 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

    Error: (10/07/2019 10:15:49 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/07/2019 10:15:38 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/06/2019 10:34:28 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

    Error: (10/06/2019 10:34:28 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/06/2019 10:31:40 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/06/2019 09:58:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 3d78

    Start Time: 01d57cbae873d16b

    Termination Time: 0

    Application Path: C:\WINDOWS\System32\MicrosoftEdgeCP.exe

    Report Id: f5a1e8ac-ce81-413e-a0de-3705ffc03c9c

    Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe

    Faulting package-relative application ID: MicrosoftEdge

    Hang type: Unknown

    Error: (10/06/2019 09:51:46 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).


    System errors:
    =============
    Error: (10/07/2019 10:11:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscDataProtection
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/07/2019 10:11:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.SecurityAppBroker
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/07/2019 10:11:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/07/2019 10:09:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/07/2019 10:09:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/07/2019 10:08:26 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:35:36 AM on ‎10/‎7/‎2019 was unexpected.

    Error: (10/07/2019 09:39:45 AM) (Source: DCOM) (EventID: 10001) (User: LAPTOP-4HPCQJEC)
    Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXynb3eakad12451rv00qxextfnce9sxb8.mca as Unavailable/Unavailable. The error:
    "0"
    Happened while starting this command:
    "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

    Error: (10/07/2019 09:12:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80004002: 2019-08 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB4512192).


    Windows Defender:
    ===================================
    Date: 2019-10-06 22:14:45.790
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...6&enterprise=0
    Name: Trojan:Win32/Tiggre!plock
    ID: 2147723626
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\ronny\Downloads\FRSTEnglish.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0
    Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

    Date: 2019-10-03 13:52:01.957
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {595EC542-D413-417E-9623-207FF9200C55}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-10-03 13:39:02.366
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {E1EB5BFE-C4AB-4C53-864E-0B62D7A12C91}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-10-03 13:28:57.452
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {CC7CCFAB-08BD-460F-8389-CFE707DD98D0}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-10-03 13:20:23.207
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {5AD5FCCE-D023-47E3-BA8E-27DF2FA5B7D1}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-09-28 02:42:21.947
    Description:
    Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted: Current
    Error Code: 0x80070002
    Error description: The system cannot find the file specified.
    Signature version: 0.0.0.0;0.0.0.0
    Engine version: 0.0.0.0

    Date: 2019-09-11 11:22:10.912
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2019-09-11 10:25:43.237
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2019-09-11 10:25:43.237
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2019-09-10 20:09:06.651
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ===================================

    Date: 2019-10-06 22:41:58.032
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:57:17.750
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:57:08.824
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:57:08.380
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:57.549
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:36.134
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:28.616
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:28.251
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    BIOS: LENOVO 8TCN53WW 05/17/2019
    Motherboard: LENOVO LNVNB161216
    Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
    Percentage of memory in use: 82%
    Total physical RAM: 4005.22 MB
    Available physical RAM: 687.71 MB
    Total Virtual: 8101.22 MB
    Available Virtual: 4275.52 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:890.27 GB) NTFS
    Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:434.43 GB) NTFS

    \\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
    \\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

    Partition: GPT.

    ========================================================
    Disk: 3 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  5. #5
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    267

    Default

    ok the file was saved but not sure where the program is. also there is a failed update and i try to run it and it keep's failing


    2019-08 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB4512192) - Error 0x80004002


    2019-09 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4512578) - Error 0x80004002


    Microsoft .NET Framework 4.8 for Windows 10 Version 1809 for x64 (KB4486153) - Error 0x80004002


    # Run at 10/7/2019 9:05:42 AM
    # KpRm (Kernel-panik) version 1.12
    # Website https://kernel-panik.me/tool/kprm/
    # Run by ronny from C:\Users\ronny\Desktop
    # Computer Name: LAPTOP-4HPCQJEC
    # OS: Windows 10 X64 (17763)

    - Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point

    - Create Registry Backup -

    ~ [OK] Hive C:\WINDOWS\System32\config\SAM backed up
    ~ [OK] Hive C:\WINDOWS\System32\config\SECURITY backed up
    ~ [OK] Hive C:\WINDOWS\System32\config\DEFAULT backed up
    ~ [OK] Hive C:\WINDOWS\System32\config\SYSTEM backed up
    ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
    ~ [OK] Hive C:\WINDOWS\ServiceProfiles\LocalService\NTUSER.DAT backed up
    ~ [OK] Hive C:\WINDOWS\ServiceProfiles\NetworkService\NTUSER.DAT backed up
    ~ [OK] Hive C:\Users\ronny\NTUSER.DAT backed up
    ~ [OK] Hive C:\Users\ronny\AppData\Local\Microsoft\Windows\UsrClass.dat backed up
    ~ [OK] Hive C:\WINDOWS\System32\config\DRIVERS backed up

    [OK] Registry Backup: C:\KPRM\backup\2019-10-07-09-04

    -- Backup Registry finished in 44.84s --


    - Remove Tools -


    ## AswMBR
    [OK] C:\Users\ronny\Desktop\aswMBR(1).exe deleted (1)
    [OK] C:\Users\ronny\Desktop\aswMBR.exe deleted (1)

    ## FRST
    [OK] C:\Users\ronny\Desktop\Addition.txt deleted (1)
    [OK] C:\Users\ronny\Desktop\FRST.txt deleted (1)
    [OK] C:\Users\ronny\Desktop\FRST64(1).exe deleted (1)
    [OK] C:\FRST deleted (1)

    -- Remove tools finished in 14.74s --


    - Restore System Settings -

    [OK] Flush DNS
    [OK] Reset WinSock
    [OK] Hide Hidden file.
    [OK] Show Extensions for known file types
    [OK] Hide protected operating system files

    -- Restore System Settings finished in 11.18s --


    - Restore UAC -

    [OK] Set ConsentPromptBehaviorAdmin with default (5) value
    [OK] Set ConsentPromptBehaviorUser with default (3) value
    [OK] Set EnableInstallerDetection with default (0) value
    [OK] Set EnableLUA with default (1) value
    [OK] Set EnableSecureUIAPaths with default (1) value
    [OK] Set EnableUIADesktopToggle with default (0) value
    [OK] Set EnableVirtualization with default (1) value
    [OK] Set FilterAdministratorToken with default (0) value
    [OK] Set PromptOnSecureDesktop with default (1) value
    [OK] Set ValidateAdminCodeSignatures with default (0) value

    -- Restore UAC finished in 0.48s --


    - Clear Restore Points -

    ~ [OK] RP named Scheduled Checkpoint created at 09/21/2019 11:26:23 deleted
    ~ [OK] RP named Windows Update created at 09/29/2019 19:21:44 deleted
    ~ [OK] RP named Restore Operation created at 10/02/2019 16:38:49 deleted

    [OK] All system restore points have been successfully deleted

    -- Clear Restore Points finished in 21.96s --


    - Create Restore Point -

    [OK] Enable System Restore
    [OK] System Restore Point created

    - Display System Restore Point -

    ~ [I] RP named Windows Update created at 10/07/2019 14:06:16 found
    ~ [I] RP named KpRm created at 10/07/2019 14:07:19 found

    -- Create Restore Point finished in 66.35s --


    -- KPRM finished in 162.42s --

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    OK, sounds like the graphics driver is acting up on the computer. Thats just my guess I dont have anything to back me on that.
    How old is this computer?

    ~~~~~~~~~~~~~~~~~~~~~~~~`
    I want you to re-download Farbar Recovery Scan Tool to desktop
    Farbar Recovery Scan Tool (FRST) Scan

    Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
    Don't click on anything to scan or run, we'll do that at another time.


    Now we'll work on a script.

    ****
    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    Task: {56459180-EFEE-41F5-A5DE-1AAC75A3848F} - System32\Tasks\App Explorer => C:\Users\ronny\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7399080 2019-06-03] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    Post these 3 logs when finished.

    Read over the below Microsoft links for failed windows updates.
    https://support.microsoft.com/en-us/...troubleshooter
    https://support.microsoft.com/en-us/...-update-errors
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    267

    Default

    ok juliet, sorry to be so long. hope i did this right...i notice when using my mouse the cursor moves about on it's own, it just jumps about a little at a time but very noticably


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
    Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (07-10-2019 21:29:33)
    Running from C:\Users\ronny\Desktop
    Loaded Profiles: ronny (Available Profiles: ronny)
    Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
    Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\Adguard.exe
    (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
    (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
    (Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Users\ronny\Desktop\AdwCleaner.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11909.1002.3.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19091.313.0_x64__8wekyb3d8bbwe\YourPhone.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [4222824 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
    Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-06]
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {1224E798-3D98-4167-9210-57D0A608D115} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
    Task: {2F69E2B5-998C-4BE3-B8C1-F4C17A832F81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - \Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 -> No File <==== ATTENTION
    Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
    Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - \Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 -> No File <==== ATTENTION
    Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - \Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 -> No File <==== ATTENTION
    Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {A2734AF0-B86B-49CF-B849-B3D9E28A4DE3} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [35070520 2019-10-07] (Adlice -> )
    Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
    Task: {CE593E85-91CA-4FC6-9123-B03726458666} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {EAF67D8F-5CB1-4E4B-9409-6A9A6E49888B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MpCmdRun.exe [468120 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
    Task: {ED066DF5-E55B-4A40-B888-00144190843A} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
    Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
    Tcpip\..\Interfaces\{a7d8a2cf-4df1-462b-8c04-296901f5dbce}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{e9912264-f036-4b2d-a7b6-0265d6053904}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\ronny\Desktop\New folder\bin\ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\ronny\Desktop\New folder\bin\jp2ssv.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)

    Edge:
    ======
    DownloadDir: C:\Users\ronny\Downloads
    Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02]
    Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02]

    FireFox:
    ========
    FF DefaultProfile: fningdqf.default
    FF DefaultProfile: maib197h.default
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-07]
    FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2019-10-07]
    FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2019-10-07]
    FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\dtplugin\npDeployJava1.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Users\ronny\Desktop\New folder\bin\plugin2\npjp2.dll [2019-10-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
    FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.msn.com/
    CHR StartupUrls: Default -> "hxxps://www.google.com/"
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2019-08-30]
    CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
    CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
    CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
    CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
    CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
    CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-30]
    CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-30]
    CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
    CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [178024 2019-09-19] (Adguard Software Limited -> Adguard Software Ltd)
    R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
    R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
    S2 ImControllerService; "%SystemDrive%\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [89600 2019-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
    S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
    R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-27] (Malwarebytes Corporation -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2019-10-07] (Malwarebytes Corporation -> Malwarebytes)
    R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
    R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
    S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
    S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
    S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
    R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
    R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    U3 TrueSight; C:\WINDOWS\System32\drivers\truesight.sys [28272 2019-10-07] (Adlice -> )
    R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-07 21:25 - 2019-10-07 21:25 - 000002058 _____ C:\Users\ronny\Desktop\rogue.txt
    2019-10-07 21:06 - 2019-10-07 21:06 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2019-10-07 21:04 - 2019-10-07 21:06 - 000000000 ____D C:\ProgramData\RogueKiller
    2019-10-07 21:04 - 2019-10-07 21:04 - 000003156 _____ C:\WINDOWS\system32\Tasks\RogueKiller Anti-Malware
    2019-10-07 21:04 - 2019-10-07 21:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-10-07 21:04 - 2019-10-07 21:04 - 000000000 ____D C:\Program Files\RogueKiller
    2019-10-07 21:02 - 2019-10-07 21:02 - 033051136 _____ (Adlice Software ) C:\Users\ronny\Desktop\RogueKiller_setup.exe
    2019-10-07 15:21 - 2019-10-07 15:21 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-10-07 15:21 - 2019-10-07 15:21 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2019-10-07 15:21 - 2019-10-07 15:21 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2019-10-07 15:21 - 2019-10-07 15:21 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2019-10-07 15:09 - 2019-10-07 15:18 - 000000000 ____D C:\AdwCleaner
    2019-10-07 15:08 - 2019-10-07 15:08 - 007622344 _____ (Malwarebytes) C:\Users\ronny\Desktop\AdwCleaner.exe
    2019-10-07 10:19 - 2019-10-07 10:21 - 000032349 _____ C:\Users\ronny\Desktop\Addition.txt
    2019-10-07 10:15 - 2019-10-07 21:31 - 000026730 _____ C:\Users\ronny\Desktop\FRST.txt
    2019-10-07 10:14 - 2019-10-07 21:30 - 000000000 ____D C:\FRST
    2019-10-07 10:14 - 2019-10-07 10:14 - 001615872 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
    2019-10-07 09:05 - 2019-10-07 09:08 - 000003238 _____ C:\Users\ronny\Desktop\kprm-201910070904.txt
    2019-10-07 09:05 - 2019-10-07 09:05 - 000000000 ____D C:\KPRM
    2019-10-06 22:24 - 2019-10-07 18:05 - 000000000 ____D C:\WINDOWS\Minidump
    2019-10-06 22:02 - 2019-10-06 22:02 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2019-10-06 22:02 - 2019-10-06 22:02 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-4HPCQJEC-Windows-10-Home-(64-bit).dat
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\RegBackup
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2019-10-06 22:02 - 2019-10-06 22:02 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2019-10-06 22:01 - 2019-10-06 22:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
    2019-10-04 21:47 - 2019-10-04 21:47 - 000000000 ____D C:\Users\ronny\AppData\Local\Logitech® Webcam Software
    2019-10-04 21:44 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
    2019-10-04 21:43 - 2019-10-04 21:43 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Leadertech
    2019-10-04 21:40 - 2019-10-04 21:43 - 000000000 ____D C:\Program Files (x86)\Logitech
    2019-10-04 21:40 - 2019-10-04 21:40 - 000001720 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    2019-10-04 21:40 - 2019-10-04 21:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2019-10-02 11:10 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
    2019-10-02 11:10 - 2019-10-02 11:10 - 000002058 _____ C:\Users\Public\Desktop\SeaMonkey.lnk
    2019-10-02 11:09 - 2019-10-02 12:14 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
    2019-10-02 11:08 - 2019-10-02 11:08 - 044820438 _____ (Mozilla) C:\Users\ronny\Desktop\seamonkey-2.49.5.installer.exe
    2019-10-02 10:58 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
    2019-10-02 10:57 - 2019-10-02 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2019-10-02 10:57 - 2019-10-02 10:58 - 000000000 ____D C:\Users\ronny\Desktop\New folder
    2019-10-02 10:57 - 2019-10-02 10:57 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2019-10-02 10:49 - 2019-10-02 10:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Oracle
    2019-09-28 02:49 - 2019-10-07 16:40 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
    2019-09-27 23:41 - 2019-09-27 23:41 - 000470308 _____ C:\Users\ronny\Desktop\Resized_Screenshot_20190927-104343.jpeg
    2019-09-27 08:54 - 2019-09-27 08:54 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Adguard Software Ltd
    2019-09-26 21:24 - 2019-09-26 21:24 - 000000000 ____D C:\Users\ronny\AppData\Local\Adguard_Software_Ltd
    2019-09-26 21:24 - 2019-09-18 05:05 - 000089600 _____ () C:\WINDOWS\system32\Drivers\adgnetworkwfpdrv.sys
    2019-09-26 21:23 - 2019-10-07 21:32 - 000000000 ____D C:\ProgramData\Adguard
    2019-09-26 21:23 - 2019-09-26 21:23 - 000001005 _____ C:\Users\Public\Desktop\Adguard.lnk
    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ C:\ProgramData\fontcacheev1.dat
    2019-09-26 21:22 - 2019-10-07 15:21 - 000000000 ____D C:\Program Files (x86)\Adguard
    2019-09-26 21:22 - 2019-09-26 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard
    2019-09-21 23:22 - 2019-09-27 13:35 - 000000000 ____D C:\Users\ronny\AppData\Local\Unity
    2019-09-21 23:22 - 2019-09-22 19:47 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Unity
    2019-09-21 00:00 - 2019-09-21 00:00 - 000374961 _____ C:\Users\ronny\Desktop\ronald_bridges_nvrf.pdf
    2019-09-19 12:34 - 2019-10-04 21:29 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
    2019-09-19 11:18 - 2019-09-19 11:18 - 000000000 ___HD C:\OneDriveTemp
    2019-09-18 10:53 - 2019-09-18 11:08 - 000000000 ____D C:\Users\ronny\Desktop\Sounds
    2019-09-07 02:06 - 2019-09-08 05:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-10-07 18:14 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-10-07 18:03 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-10-07 15:25 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2019-10-07 15:20 - 2019-08-24 16:09 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
    2019-10-07 15:20 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-10-07 15:19 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
    2019-10-07 15:19 - 2019-08-23 15:35 - 001048576 _____ C:\WINDOWS\system32\config\BBI
    2019-10-07 15:18 - 2019-08-23 21:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
    2019-10-07 15:18 - 2019-08-23 20:40 - 000000000 ____D C:\ProgramData\Lenovo
    2019-10-07 15:18 - 2019-08-23 20:40 - 000000000 ____D C:\Program Files (x86)\Lenovo
    2019-10-07 15:18 - 2019-08-23 20:39 - 000000000 ____D C:\Program Files\Lenovo
    2019-10-07 15:18 - 2019-08-23 19:28 - 000000000 ____D C:\Users\ronny\AppData\Local\Lenovo
    2019-10-07 15:18 - 2019-08-23 16:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
    2019-10-07 15:18 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2019-10-07 15:06 - 2019-08-30 02:04 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2019-10-07 15:06 - 2019-08-30 02:04 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2019-10-07 15:06 - 2019-08-30 02:04 - 000000000 ____D C:\Program Files (x86)\Google
    2019-10-07 08:56 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
    2019-10-07 04:11 - 2019-08-26 16:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2019-10-06 22:32 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-10-05 12:54 - 2019-08-30 01:36 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Maxthon5
    2019-10-05 09:25 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-10-04 21:56 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
    2019-10-04 21:43 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
    2019-10-04 21:43 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
    2019-10-02 11:47 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\registration
    2019-10-02 11:16 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Local\Mozilla
    2019-10-02 11:10 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Mozilla
    2019-10-02 10:21 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-09-29 12:33 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
    2019-09-28 02:44 - 2019-08-23 19:28 - 000000000 ___RD C:\Users\ronny\OneDrive
    2019-09-28 02:33 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-09-28 00:45 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
    2019-09-27 08:53 - 2019-09-01 17:00 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-09-26 21:21 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
    2019-09-24 14:12 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-09-24 14:12 - 2019-08-30 02:04 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-09-24 01:26 - 2019-09-03 23:06 - 000000000 ____D C:\WINDOWS\Net
    2019-09-23 21:02 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-09-21 03:48 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
    2019-09-19 11:17 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
    2019-09-19 11:17 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-09-13 03:11 - 2019-08-24 16:10 - 002233344 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.old.sql
    2019-09-09 03:16 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports

    ==================== Files in the root of some directories ================

    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
    Ran by ronny (07-10-2019 21:33:05)
    Running from C:\Users\ronny\Desktop
    Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
    Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
    ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.2.2936.0 - Adguard Software Ltd) Hidden
    AdGuard (HKLM-x32\...\{bc242975-00ab-4e62-ad42-31de9242d781}) (Version: 7.2.2936.0 - Adguard Software Ltd)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
    Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
    Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
    Dwyco CDC-X version 2.19 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
    Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
    Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
    Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0009 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 68.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-US)) (Version: 68.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
    MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
    RogueKiller version 13.5.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.2.0 - Adlice Software)
    SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
    Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

    Packages:
    =========
    Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-02] (Fillr)
    Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.22.7.0_x86__kgqvnymyfvs32 [2019-10-03] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1600.3.0_x86__kgqvnymyfvs32 [2019-10-02] (king.com)
    Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1908.42.0_x64__k1h2ywk1493x8 [2019-10-02] (LENOVO INC.)
    LenovoUtility -> C:\Program Files\WindowsApps\e0469640.lenovoutility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-10-02] (LENOVO INC)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Studios) [MS Ad]
    Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12026.20264.0_x86__8wekyb3d8bbwe [2019-10-05] (Microsoft Corporation)
    MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation) [MS Ad]
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0 [2019-10-02] (Spotify AB)
    uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-02] (Nik Rolls)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-11-01 21:58 - 2017-11-01 21:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
    FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{0635B29F-2632-4637-8F71-27A8A139037E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{99B17194-18D2-4791-99E0-75B78A616468}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe (Adguard Software Limited -> Adguard Software Ltd)
    FirewallRules: [{A8CD29F5-7DD5-4078-98B5-08A068340E28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{67A9CC3A-842F-477C-8F5A-D5400EF41ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{F0083959-183D-40B8-ACE3-BF7BF4129EAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8006475F-37EE-4BF6-979B-985DDFA4689F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{3802570B-363B-441D-8C64-020D14D5CC49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1008D5D4-8314-4373-874E-534C3E93BC55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5692BE70-F61F-463C-831C-00E767D45BAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{972054F6-3AB3-4F1D-A5B3-43F551FA4298}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{7693F2D9-9301-417B-8CD1-F7B3302A2853}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{5243A6B1-8F19-4E60-BE3F-18890A09AFF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{9AD62D3D-D3DA-4ABD-B97F-45071A5CA045}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{118302F7-B6F5-4893-BD18-8CD7766C3229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{4AA7B009-46A4-47B2-BE4B-2A6BB2620864}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{AAE44F32-B9E6-48D4-ACEE-C0A733CEDBBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B0D8EF3F-26C3-4B2B-A70D-852B25C613E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{9D44185D-45EE-4E85-B252-9945F49A2BAB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.116.522.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{B7784072-0EF8-4F91-BD3B-FE64D28B4961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12026.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

    ==================== Codecs (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

    ==================== Restore Points =========================

    07-10-2019 09:06:16 Windows Update
    07-10-2019 09:07:19 KpRm

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/07/2019 03:14:16 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

    Error: (10/07/2019 03:14:16 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/07/2019 03:11:39 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/07/2019 10:15:50 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

    Error: (10/07/2019 10:15:49 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/07/2019 10:15:38 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (10/06/2019 10:34:28 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-4HPCQJEC)
    Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

    Error: (10/06/2019 10:34:28 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


    System errors:
    =============
    Error: (10/07/2019 03:40:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The System Interface Foundation Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (10/07/2019 03:26:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The System Interface Foundation Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (10/07/2019 03:25:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The System Interface Foundation Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (10/07/2019 03:25:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/07/2019 03:25:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/07/2019 03:25:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The System Interface Foundation Service service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (10/07/2019 03:23:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscDataProtection
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (10/07/2019 03:23:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The System Interface Foundation Service service failed to start due to the following error:
    The system cannot find the file specified.


    Windows Defender:
    ===================================
    Date: 2019-10-06 22:14:45.790
    Description:
    Windows Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...6&enterprise=0
    Name: Trojan:Win32/Tiggre!plock
    ID: 2147723626
    Severity: Severe
    Category: Trojan
    Path: file:_C:\Users\ronny\Downloads\FRSTEnglish.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0
    Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2

    Date: 2019-10-03 13:52:01.957
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {595EC542-D413-417E-9623-207FF9200C55}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-10-03 13:39:02.366
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {E1EB5BFE-C4AB-4C53-864E-0B62D7A12C91}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-10-03 13:28:57.452
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {CC7CCFAB-08BD-460F-8389-CFE707DD98D0}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-10-03 13:20:23.207
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {5AD5FCCE-D023-47E3-BA8E-27DF2FA5B7D1}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-09-28 02:42:21.947
    Description:
    Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
    Signatures Attempted: Current
    Error Code: 0x80070002
    Error description: The system cannot find the file specified.
    Signature version: 0.0.0.0;0.0.0.0
    Engine version: 0.0.0.0

    Date: 2019-09-11 11:22:10.912
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2019-09-11 10:25:43.237
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2019-09-11 10:25:43.237
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x80070102
    Error description: The wait operation timed out.

    Date: 2019-09-10 20:09:06.651
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.301.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16300.1
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ===================================

    Date: 2019-10-07 21:24:34.838
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-07 15:40:28.155
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-07 10:40:57.274
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 22:41:58.032
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:57:17.750
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:57:08.824
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:57:08.380
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2019-10-06 21:56:57.549
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    BIOS: LENOVO 8TCN53WW 05/17/2019
    Motherboard: LENOVO LNVNB161216
    Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
    Percentage of memory in use: 82%
    Total physical RAM: 4005.22 MB
    Available physical RAM: 709.12 MB
    Total Virtual: 8101.22 MB
    Available Virtual: 3367.84 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:890.23 GB) NTFS
    Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:434.43 GB) NTFS

    \\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
    \\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

    Partition: GPT.

    ========================================================
    Disk: 2 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    # -------------------------------
    # Malwarebytes AdwCleaner 7.4.1.0
    # -------------------------------
    # Build: 09-04-2019
    # Database: 2019-10-03.2 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 10-07-2019
    # Duration: 00:00:15
    # OS: Windows 10 Home
    # Cleaned: 14
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
    Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service

    ***** [ Files ] *****

    Deleted C:\Windows\System32\Tasks_Migrated\App Explorer

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKU\S-1-5-19\Software\Host App Service
    Deleted HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
    Deleted HKU\S-1-5-20\Software\Host App Service
    Deleted HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Preinstalled Software ] *****

    Deleted Preinstalled.LenovoIMController Folder C:\Program Files (x86)\LENOVO\IMCONTROLLER
    Deleted Preinstalled.LenovoIMController Folder C:\Program Files\LENOVO\IMCONTROLLER
    Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
    Deleted Preinstalled.LenovoIMController Folder C:\Users\ronny\AppData\Local\LENOVO\IMCONTROLLER
    Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
    Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\drivers\LENOVO\IMCONTROLLER
    Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner_Debug.log - [15021 octets] - [07/10/2019 15:09:50]
    AdwCleaner[S00].txt - [2602 octets] - [07/10/2019 15:11:32]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    RogueKiller Anti-Malware V13.5.2.0 (x64) [Oct 7 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17763) 64 bits
    Started in : Normal mode
    User : ronny [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20191007_082013, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2019/10/07 21:06:15 (Duration : 00:17:55)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

  8. #8
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    267

    Default

    is the 4th try at typing .mice are all very erratic

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    Please don't forget this next step.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    Task: {14D92110-62E1-4DFC-AF69-90B8267352A3} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
    Task: {31473F18-652A-46FE-AD09-70FC2DD2193D} - \Lenovo\ImController\TimeBasedEvents\aba76a82-dd41-4e86-8c43-f9ecab7da124 -> No File <==== ATTENTION
    Task: {56C52AC1-4093-48BD-BD1F-0EE5C79A2134} - \Lenovo\ImController\TimeBasedEvents\c8a3cf5c-bef0-47a7-9ea8-7391dfba9ff0 -> No File <==== ATTENTION
    Task: {72AFA575-B5B7-4F9E-A73A-DEF06AD8224D} - \Lenovo\ImController\TimeBasedEvents\ea2167a5-22e8-49e1-8ea8-62af4fe7cb97 -> No File <==== ATTENTION
    Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
    Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
    Task: {ED066DF5-E55B-4A40-B888-00144190843A} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-30]
    S2 ImControllerService; "%SystemDrive%\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]
    FirewallRules: [{9ED2A87C-9EC4-413C-AF33-32D93891E375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{5A6D8FE2-0692-4E73-B43F-F3BD38CCD56F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
    FirewallRules: [{68A18C2B-DA57-474E-87B7-4F1B95611589}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    **
    I want you to try this next**
    System File Checker tool to repair missing or corrupted system files
    https://support.microsoft.com/en-us/...rrupted-system


    Whats the name of your computer?
    Reason I ask, this isn't pointing to malware but rather system malfunctions. Might have to send you to the manufacturer forum to get some type of diagnostics.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    267

    Default

    ok juliet, thanks...you asked and i forgot this lenovo is nearing 1 year old

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •