Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Malwarbytes is missing...

  1. #1
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    318

    Default Malwarbytes is missing...

    i just noticed. gone, paid version i had for awhile now and it's just an empty folder now. plus this laptop thoughnot the fastest does seem to be running terribly slow so i thought i'd check in here and see if there was a real problem. i realize i'll need to contact malwarebytes about their program, but i thought if something got it then maybe this should be my first step. the aswMBR as the last time i attempted to run crashedmy pc. thanks!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02
    Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (02-02-2020 20:34:56)
    Running from C:\Users\ronny\Desktop
    Loaded Profiles: ronny (Available Profiles: ronny)
    Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
    Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
    (Acrox) [File not signed] C:\Blackweb Gaming AP\Blackweb Gaming AP.exe
    (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
    (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
    (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.mspaint_6.1907.18017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19122.138.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20011.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.649_none_220d598194935132\TiWorker.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\drivers\AdminService.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\WINDOWS\System32\SynTPEnhService.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM\...\Run: [Blackweb Gaming AP] => C:\Blackweb Gaming AP\Blackweb Gaming AP.exe [4572160 2018-12-03] (Acrox) [File not signed]
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech, Inc. -> Logitech Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27530616 2020-01-07] (A.V.M. SOFTWARE, INC. -> AVM Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\79.1.2.43\Installer\chrmstp.exe [2020-01-17] (Brave Software, Inc.) [File not signed]
    Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-06]
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03DECDDE-F4B1-44F3-9409-39BF17651149} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {0C25F01C-2626-4E63-9C4A-C1B0D1A0F5A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {0DC837F4-B0A7-4D92-BBC2-208778FABD04} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-11] (Adobe Inc. -> Adobe Systems)
    Task: {112CBE13-520D-4DCF-993C-30FAF813B393} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
    Task: {2FD0F9A8-C83D-4FCC-BD4C-839960DC14AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {31FD8A2F-9D5E-4525-AFCF-2D4B03D890EF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
    Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    Task: {38FAD77F-6D48-4035-BF92-011D322C5647} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-25] (Adobe Inc. -> Adobe)
    Task: {3BEB2327-EE69-4E8B-B89A-DB4ECDABEE48} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {4981CF69-42E6-4140-B62A-D15905D49575} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-01-25] (Adobe Inc. -> Adobe)
    Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
    Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {913DEC7B-6404-4696-8410-CBAD196D382C} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
    Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0bcac531-5d49-47cd-83a9-fde31a860b63}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{3c4cf5c5-956d-414c-aa7f-b1f6f0c46421}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{4127e473-dfe3-4b25-bc2c-0156f88a971e}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{8def4e12-00e5-41e9-8a5a-38726c85de90}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{911b4540-8355-45a8-a572-9d59dc506868}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{9160b299-4de8-46a3-89d4-bf9551ab42a3}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2

    Internet Explorer:
    ==================
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)

    Edge:
    ======
    DownloadDir: C:\Users\ronny\Downloads
    Edge Notifications: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> hxxps://www.facebook.com
    Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-08]
    Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-08]

    FireFox:
    ========
    FF DefaultProfile: fningdqf.default
    FF DefaultProfile: maib197h.default
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-07]
    FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2019-08-26]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2020-02-01]
    FF Notifications: Mozilla\Firefox\Profiles\g2q5qzsk.default-release -> hxxps://www.facebook.com
    FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-01-28]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-01-15] (Solware IT Ltd -> Solware)
    FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
    FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

    Chrome:
    =======
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2020-01-23]
    CHR HomePage: Default -> hxxp://www.msn.com/
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3324319&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCB0F839A-04A4-4A4D-ADAD-AD1A6A976444&SSPV=","hxxps://www.google.com/"
    CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
    CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
    CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
    CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
    CHR Extension: (File Converter Extension) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blppeofoijnlbofllclklacdlfckbkok [2020-01-23]
    CHR Extension: (Adobe Acrobat) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-12-29]
    CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
    CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-17]
    CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-13]
    CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
    CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-17]
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-17]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
    S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-19] (Brave Software, Inc. -> BraveSoftware Inc.)
    R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
    R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-24] (Lenovo -> Lenovo Group Ltd.)
    S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-22] (A.V.M. SOFTWARE, INC. -> AVM Software)
    R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-09-23] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
    R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [780328 2019-09-23] (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.)
    R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
    R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [136040 2019-09-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
    R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
    R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
    S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
    R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    U3 TrueSight; C:\WINDOWS\System32\drivers\truesight.sys [28272 2019-10-07] (Adlice -> )
    R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-02-02 20:34 - 2020-02-02 20:37 - 000028621 _____ C:\Users\ronny\Desktop\FRST.txt
    2020-02-02 20:33 - 2020-02-02 20:36 - 000000000 ____D C:\FRST
    2020-02-02 20:32 - 2020-02-02 20:32 - 002279424 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
    2020-02-02 20:30 - 2020-02-02 20:30 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2020-02-02 20:30 - 2020-02-02 20:30 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
    2020-02-02 20:28 - 2020-02-02 20:28 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup(1).exe
    2020-02-01 02:06 - 2020-02-01 02:06 - 001483907 _____ C:\Users\ronny\Desktop\MCC9043_IB.PDF
    2020-01-29 14:02 - 2020-01-29 14:07 - 000000000 ____D C:\Blackweb Gaming AP
    2020-01-29 14:02 - 2020-01-29 14:02 - 000000770 _____ C:\Users\ronny\Desktop\Blackweb Gaming AP.lnk
    2020-01-29 14:02 - 2020-01-29 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackweb Gaming AP
    2020-01-29 05:44 - 2020-01-29 05:44 - 033108558 _____ C:\Users\ronny\Desktop\. I Wish My Baby Was Born.wav
    2020-01-28 23:50 - 2020-01-28 23:50 - 046524077 _____ C:\Users\ronny\Desktop\output%2F442374760742842%2Fmoises--allfiles.zip
    2020-01-25 20:57 - 2020-01-25 20:57 - 000004548 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
    2020-01-25 20:57 - 2020-01-25 20:57 - 000004370 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
    2020-01-24 19:37 - 2020-01-24 19:37 - 028721742 _____ C:\Users\ronny\Desktop\Closer To The Bone.wav
    2020-01-23 02:17 - 2020-01-28 23:48 - 000000000 ____D C:\Users\ronny\Desktop\converts
    2020-01-23 02:07 - 2020-01-23 02:07 - 000001366 _____ C:\Users\Public\Desktop\NCH Suite.lnk
    2020-01-23 02:07 - 2020-01-23 02:07 - 000001366 _____ C:\ProgramData\Desktop\NCH Suite.lnk
    2020-01-23 02:07 - 2020-01-23 02:07 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
    2020-01-23 02:07 - 2020-01-23 02:07 - 000001214 _____ C:\Users\Public\Desktop\PhotoPad Image Editor.lnk
    2020-01-23 02:07 - 2020-01-23 02:07 - 000001214 _____ C:\ProgramData\Desktop\PhotoPad Image Editor.lnk
    2020-01-23 02:07 - 2020-01-23 02:07 - 000000000 ____D C:\Users\ronny\NCH Software Suite
    2020-01-23 02:06 - 2020-01-23 02:06 - 001847864 _____ (NCH Software) C:\Users\ronny\Desktop\PhotoPadPhotoEditingSoftware.exe
    2020-01-23 01:54 - 2020-01-23 01:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\FastStone
    2020-01-23 01:53 - 2020-01-23 01:53 - 000001199 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk
    2020-01-23 01:53 - 2020-01-23 01:53 - 000001199 _____ C:\ProgramData\Desktop\FastStone Image Viewer.lnk
    2020-01-23 01:53 - 2020-01-23 01:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
    2020-01-23 01:53 - 2020-01-23 01:53 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
    2020-01-23 01:52 - 2020-01-23 01:52 - 007059871 _____ (FastStone Soft) C:\Users\ronny\Desktop\FSViewerSetup74.exe
    2020-01-20 00:46 - 2020-01-20 00:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2020-01-18 17:38 - 2020-01-18 17:39 - 000004608 _____ C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2020-01-16 22:53 - 2020-01-16 22:53 - 000000000 ____D C:\ProgramData\mb3migration
    2020-01-16 22:50 - 2020-01-16 22:50 - 002573312 _____ (Farbar) C:\Users\ronny\Downloads\FRSTEnglish.exe
    2020-01-15 10:37 - 2020-01-15 10:37 - 000000000 ____D C:\Program Files (x86)\Flyordie Plugin
    2020-01-15 10:28 - 2020-01-15 10:28 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sun
    2020-01-15 10:27 - 2020-01-15 10:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2020-01-15 10:27 - 2020-01-15 10:27 - 000114232 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2020-01-15 10:26 - 2020-01-15 10:39 - 000000000 ____D C:\Program Files (x86)\Java
    2020-01-12 02:16 - 2020-01-12 02:16 - 000001039 _____ C:\Users\ronny\Downloads\Galaxy Note9 - Shortcut.lnk
    2020-01-11 22:12 - 2020-01-24 14:02 - 000000000 ____D C:\Users\ronny\Desktop\Moises Remakes
    2020-01-07 09:57 - 2020-01-31 16:11 - 000000000 ____D C:\Users\ronny\Desktop\Karaoke
    2020-01-06 20:24 - 2020-01-06 20:24 - 000002320 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
    2020-01-06 20:24 - 2020-01-06 20:24 - 000002112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
    2020-01-06 20:24 - 2020-01-06 20:24 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
    2020-01-06 20:24 - 2020-01-06 20:24 - 000001198 _____ C:\Users\Public\Desktop\WavePad Sound Editor.lnk
    2020-01-06 20:24 - 2020-01-06 20:24 - 000001198 _____ C:\ProgramData\Desktop\WavePad Sound Editor.lnk
    2020-01-06 20:22 - 2020-01-06 20:22 - 000001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RecordPad Sound Recorder.lnk
    2020-01-06 20:22 - 2020-01-06 20:22 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Recordpad

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-02-02 20:30 - 2019-10-06 21:02 - 000034355 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2020-02-02 20:25 - 2019-08-23 15:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-02-02 18:04 - 2019-08-23 19:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2020-02-02 14:53 - 2019-09-28 01:49 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
    2020-02-02 14:53 - 2019-08-23 18:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2020-02-02 14:53 - 2019-08-23 15:06 - 000000000 ____D C:\WINDOWS\INF
    2020-02-02 14:52 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\system32\NDF
    2020-02-01 05:07 - 2019-08-26 15:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
    2020-01-31 18:28 - 2019-08-23 15:08 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-01-31 18:28 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\AppReadiness
    2020-01-31 04:16 - 2019-11-18 08:55 - 000000000 ____D C:\ProgramData\Paltalk Update
    2020-01-30 14:08 - 2019-08-23 18:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
    2020-01-30 02:07 - 2019-08-24 14:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
    2020-01-29 16:52 - 2019-10-06 21:24 - 000000000 ____D C:\WINDOWS\Minidump
    2020-01-29 14:06 - 2019-08-23 18:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2020-01-29 14:04 - 2019-08-23 20:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2020-01-29 14:03 - 2019-08-23 14:35 - 001310720 _____ C:\WINDOWS\system32\config\BBI
    2020-01-29 14:02 - 2019-08-23 18:14 - 000000000 ____D C:\Users\ronny
    2020-01-29 04:47 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2020-01-29 04:44 - 2020-01-01 16:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2020-01-29 04:44 - 2019-08-26 15:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2020-01-28 23:10 - 2019-10-07 23:23 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
    2020-01-28 05:20 - 2019-08-26 15:20 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2020-01-25 20:58 - 2019-11-28 23:09 - 000000000 ____D C:\Users\ronny\AppData\Local\Adobe
    2020-01-25 20:56 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2020-01-25 20:56 - 2019-08-23 15:08 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2020-01-24 14:04 - 2019-11-14 10:55 - 000000000 ____D C:\Users\ronny\Desktop\Recordings
    2020-01-23 02:07 - 2019-08-24 14:37 - 000000000 ____D C:\Users\ronny\AppData\Roaming\NCH Software
    2020-01-23 02:07 - 2019-08-24 14:37 - 000000000 ____D C:\ProgramData\NCH Software
    2020-01-23 02:07 - 2019-08-24 14:37 - 000000000 ____D C:\Program Files (x86)\NCH Software
    2020-01-22 13:24 - 2019-08-30 01:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-01-19 01:08 - 2018-10-09 08:54 - 000000000 ____D C:\ProgramData\Package Cache
    2020-01-18 21:14 - 2019-08-23 18:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
    2020-01-18 21:14 - 2019-08-23 18:28 - 000000000 ___RD C:\Users\ronny\OneDrive
    2020-01-18 21:14 - 2019-08-23 18:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-01-17 19:19 - 2019-12-19 15:14 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
    2020-01-17 01:58 - 2019-11-18 08:55 - 000000000 ____D C:\Program Files (x86)\Paltalk
    2020-01-16 23:04 - 2019-09-01 15:26 - 000000000 ____D C:\Program Files\Malwarebytes
    2020-01-16 22:55 - 2019-08-23 15:08 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2020-01-15 01:27 - 2019-08-23 20:00 - 000000000 ____D C:\ProgramData\Oracle
    2020-01-14 22:06 - 2019-08-23 20:49 - 000000000 ____D C:\WINDOWS\system32\MRT
    2020-01-14 22:00 - 2019-08-23 20:49 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2020-01-14 15:10 - 2019-08-23 18:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
    2020-01-11 08:42 - 2019-09-07 01:06 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
    2020-01-08 13:35 - 2019-08-24 15:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
    2020-01-08 13:34 - 2019-10-04 20:44 - 000000000 ____D C:\ProgramData\LogiShrd
    2020-01-08 13:32 - 2019-10-16 18:00 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
    2020-01-08 13:23 - 2019-08-23 15:08 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2020-01-08 10:55 - 2019-09-19 11:34 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
    2020-01-07 22:56 - 2020-01-02 04:49 - 000000000 ____D C:\Users\Public\Logi
    2020-01-06 19:49 - 2019-09-08 06:29 - 000000000 ____D C:\Users\ronny\Desktop\Email attachments
    2020-01-03 23:12 - 2020-01-02 03:01 - 000000000 ____D C:\ProgramData\boost_interprocess

    ==================== Files in the root of some directories ========

    2019-09-26 20:23 - 2019-09-26 20:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat
    2020-01-18 17:38 - 2020-01-18 17:39 - 000004608 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2019-12-21 10:11 - 2019-12-21 10:11 - 000007606 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
    Ran by ronny (02-02-2020 20:39:35)
    Running from C:\Users\ronny\Desktop
    Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
    Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
    ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.321 - Adobe)
    Blackweb Gaming AP version 1.0.9.9 (HKLM\...\Blackweb Gaming AP_is1) (Version: 1.0.9.9 - )
    Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.2.43 - Brave Software Inc)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
    Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
    Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
    Dwyco CDC-X version 2.20 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.20 - Dwyco, Inc.)
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    FastStone Image Viewer 7.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.4 - FastStone Soft)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
    Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
    KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.6.1.1 - Recisio)
    Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
    Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
    MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
    Paltalk (HKLM-x32\...\Paltalk) (Version: - )
    PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 5.50 - NCH Software)
    RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 8.01 - NCH Software)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.17.0 - Samsung Electronics Co., Ltd.)
    SeaMonkey 2.49.5 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.49.5 (x86 en-US)) (Version: 2.49.5 - Mozilla)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
    Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 9.79 - NCH Software)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)

    Packages:
    =========
    Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-08] (Fillr)
    Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.29.4.0_x86__kgqvnymyfvs32 [2020-01-25] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1690.1.0_x86__kgqvnymyfvs32 [2020-01-29] (king.com)
    Cloud Drive! -> C:\Program Files\WindowsApps\5913DefineStudio.CloudDrive_4.9.0.0_x64__jj4r3mnwe2ey2 [2020-01-01] (Define Studio) [MS Ad]
    Geek app-Wish -> C:\Program Files\WindowsApps\25912WinPhoneTotalApps.Geekapp-Wish_1.0.0.1_neutral__rdnsa2fnwy8xy [2020-01-12] (Wonderful World Apps (WWA))
    iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa [2020-01-29] (Apple Inc.) [Startup Task]
    Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.1910.41.0_x64__k1h2ywk1493x8 [2019-12-30] (LENOVO INC.)
    LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4 [2020-01-03] (LENOVO INC) [Startup Task]
    Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
    Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-13] (Microsoft Corporation) [MS Ad]
    Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
    Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
    Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
    Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
    Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12325.20344.0_x86__8wekyb3d8bbwe [2020-01-27] (Microsoft Corporation)
    Movie Maker : Video Editor With Photo Slideshow -> C:\Program Files\WindowsApps\13941FunAppsMaker.MovieMakerVideoEditorWithPhotoSl_1.0.16.0_x64__yg31wsae9kk16 [2020-01-16] (FunAppsMaker) [MS Ad]
    MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) [MS Ad]
    MultiRec -> C:\Program Files\WindowsApps\davidtanzer.net.MultiRec_1.0.2.0_x64__8k66xfnpkzez6 [2019-10-14] (David Tanzer)
    OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.22.5.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)
    Sketchpads -> C:\Program Files\WindowsApps\48791Untoldlies.Sketchpads_1.1.0.1_neutral__8yj6wf32v5cte [2019-12-29] (LiKZ)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0 [2020-01-30] (Spotify AB) [Startup Task]
    uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-08] (Nik Rolls)
    Ultra Paint -> C:\Program Files\WindowsApps\D5BE6627.UltraPaint_2.0.2.0_x86__9pm2v9747qaaa [2019-11-07] (CompuClever Systems Inc.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat ()

    ==================== Loaded Modules (Whitelisted) =============


    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\ronny\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-04-11 17:38 - 2018-04-11 17:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    2019-10-23 21:31 - 2019-10-23 21:36 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "EvtMgr6"
    HKLM\...\StartupApproved\Run32: => "LWS"
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{E955BADC-DF2B-47FB-BE7D-EDD81425FC1F}] => (Allow) %systemroot%\system32\alg.exe No File
    FirewallRules: [{F850B365-54C0-4904-BFE8-3BFA9131EF8C}] => (Allow) %systemroot%\system32\alg.exe No File
    FirewallRules: [{504637E0-AA81-4A4E-B46F-C0E05C5F2A3A}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
    FirewallRules: [{34AE96D9-E476-415C-991A-2BE79EF9283E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{F2F739EC-FE16-4AAB-AE9E-93754A25E2BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12325.20344.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{AA0C68E5-8F3D-4F7A-A2CA-74D5875ECA92}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{8D290D7F-B51E-440A-9C69-C43F5AFFFB1E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A5EBA336-D986-4597-95D2-1FD9ACA8E84E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{AF73B399-A155-4B55-A474-8616E9F030E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{218F3333-5012-4BA0-836E-6A9F51C39D4D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{5F087B9C-F52A-46F2-888C-987D66701220}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{53F7BA74-C0B0-4649-85B9-CE5753F7F3EA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{8C2F5129-16B2-4DBA-A8E0-AC574DBB8C85}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{1B951595-69B9-44CD-B944-FF7131C1C9A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{74555956-CF20-43E4-AF0C-0D033D244B12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{9672B3FE-5EA7-42F5-B24D-3A812DAC9977}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{D19C51B7-FFD9-49E8-A6DC-AC8779C29B2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{65ADEC78-7014-45A1-ABAA-134CB2615634}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{8AC0834B-1BB3-4082-AEA9-F54AD6B432F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{A2E686FD-EAFD-4E93-8147-7D359B4EB541}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{D6F2EADC-CC10-400A-8457-B98B4BD7CF10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

    ==================== Restore Points =========================

    15-01-2020 09:54:16 Removed Java 8 Update 241
    24-01-2020 03:54:21 Windows Update

    ==================== Faulty Device Manager Devices ============

    Name: Unknown USB Device (Port Reset Failed)
    Description: Unknown USB Device (Port Reset Failed)
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service:
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (02/02/2020 02:27:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Maxthon.exe version 5.2.7.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 4c8

    Start Time: 01d5d8e71589d96a

    Termination Time: 629

    Application Path: C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe

    Report Id: 96a1c812-a212-4b5d-a0f3-7f76fb48aa26

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Unknown

    Error: (01/30/2020 03:02:56 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_smphost, version: 10.0.17763.1, time stamp: 0xb900eeff
    Faulting module name: ntdll.dll, version: 10.0.17763.592, time stamp: 0x0f1b8afd
    Exception code: 0xc0000005
    Fault offset: 0x000000000004df23
    Faulting process id: 0x2fb8
    Faulting application start time: 0x01d5d74c0f7b33be
    Faulting application path: C:\WINDOWS\System32\svchost.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 6c1fc899-d5c0-4ec3-b189-e4e22fea7be7
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/28/2020 11:10:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
    Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
    Exception code: 0xe0434352
    Fault offset: 0x0000000000039129
    Faulting process id: 0x2ec0
    Faulting application start time: 0x01d5d6626c80b832
    Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: b3b3f6ea-73fd-4c62-9091-b67030303a24
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/28/2020 11:10:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
    Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
    Exception code: 0xe0434352
    Fault offset: 0x0000000000039129
    Faulting process id: 0x35e4
    Faulting application start time: 0x01d5d6626d0a525f
    Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 3d29dc5f-b75c-4b78-800a-1cc956d61038
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/28/2020 11:10:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: GfxDownloadWrapper.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.IOException
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
    at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
    at GfxGameSettingsDownload.Program.Main(System.String[])

    Error: (01/28/2020 11:10:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: GfxDownloadWrapper.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.IOException
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
    at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
    at GfxGameSettingsDownload.Program.Main(System.String[])

    Error: (01/26/2020 11:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
    Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
    Exception code: 0xe0434352
    Fault offset: 0x0000000000039129
    Faulting process id: 0x3a18
    Faulting application start time: 0x01d5d4d0037545ed
    Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 835abf9c-b264-4f6c-b04a-d4b2d93b1e85
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (01/26/2020 11:09:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: GfxDownloadWrapper.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.DirectoryNotFoundException
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
    at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
    at GfxGameSettingsDownload.Program.Main(System.String[])


    System errors:
    =============
    Error: (02/02/2020 05:00:54 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
    Description: Miniport Remote NDIS based Internet Sharing Device #3, {9160b299-4de8-46a3-89d4-bf9551ab42a3}, had event 74

    Error: (02/01/2020 03:19:30 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-4HPCQJEC)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user LAPTOP-4HPCQJEC\ronny SID (S-1-5-21-4109447768-91167649-2371174200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/01/2020 03:19:30 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-4HPCQJEC)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user LAPTOP-4HPCQJEC\ronny SID (S-1-5-21-4109447768-91167649-2371174200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/01/2020 03:14:33 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-4HPCQJEC)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user LAPTOP-4HPCQJEC\ronny SID (S-1-5-21-4109447768-91167649-2371174200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/01/2020 03:14:32 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-4HPCQJEC)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    and APPID
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}
    to the user LAPTOP-4HPCQJEC\ronny SID (S-1-5-21-4109447768-91167649-2371174200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/01/2020 02:46:41 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR52.

    Error: (02/01/2020 02:46:41 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR52.

    Error: (02/01/2020 02:46:39 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR52.


    Windows Defender:
    ===================================
    Date: 2020-01-29 12:10:15.282
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {396DB32F-329D-4CA1-B855-88898DACEE7D}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-29 12:00:20.346
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {1432EAAB-C3BC-4099-BFB2-4BF8C948F140}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-26 01:20:29.453
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {1D46E386-20CC-4C51-9A04-6479414C8A63}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-17 01:22:26.603
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {BE924E9C-C209-4E3A-A140-1F77F13EEA40}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-11 12:14:21.755
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {705343EE-9386-47F2-9305-DD4037B960A3}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-29 14:14:28.932
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.307.3203.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16600.7
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2020-01-29 04:55:13.481
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.307.3203.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16600.7
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2020-01-28 19:40:01.886
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.307.3203.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16600.7
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2020-01-21 20:36:52.957
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.307.2762.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16600.7
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2020-01-19 03:20:39.734
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.307.2608.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16600.7
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ===================================

    Date: 2020-01-11 08:51:46.998
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-01-11 01:19:02.236
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-01-11 01:08:31.850
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-01-11 01:08:21.492
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-01-11 01:08:11.555
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-01-11 01:07:57.109
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-01-11 01:06:26.727
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-01-08 22:29:47.492
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    BIOS: LENOVO 8TCN53WW 05/17/2019
    Motherboard: LENOVO LNVNB161216
    Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
    Percentage of memory in use: 83%
    Total physical RAM: 4005.22 MB
    Available physical RAM: 654.88 MB
    Total Virtual: 10262.96 MB
    Available Virtual: 3155.1 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:869.69 GB) NTFS

    \\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
    \\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,925

    Default

    I found
    C:\Program Files\Malwarebytes <==folder but not really seeing other items that would be related.

    Then, several errors related to MalwareBytes
    Date: 2020-01-08 22:29:47.492
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    You will need to post/followup at the MBAM forum to see what goes there.
    ~~~

    We can run a fix script using FRST


    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3324319&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCB0F839A-04A4-4A4D-ADAD-AD1A6A976444&SSPV=","hxxps://www.google.com/"
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    AlternateDataStreams: C:\Users\ronny\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    FirewallRules: [{E955BADC-DF2B-47FB-BE7D-EDD81425FC1F}] => (Allow) %systemroot%\system32\alg.exe No File
    FirewallRules: [{F850B365-54C0-4904-BFE8-3BFA9131EF8C}] => (Allow) %systemroot%\system32\alg.exe No File
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.

    ~~~~~~~~~~~~~

    Please download AdwCleaner and move it to your Desktop by Malwarebytes and save the file to your Desktop.

    Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
    Accept the Terms of use.
    Wait until the database is updated.
    Click Scan Now.
    When finished, please click Clean & Repair.
    Your PC should reboot now if any items were found.
    After reboot, a log file will be opened. Attach or Copy its content into your next reply.

    Please post these 2 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    318

    Default

    ok juliet thanks, here's the two reports. now in hindsight i may have erred but last night in learning m-bytes was missing i was worried about it paid for and all i d'loaded a new copy and used my license to reinstall and ran it. it detected 17 items that weren't a serious threat but i quarrentined them. i tried to get a copy of that report to post also but in my software i don't see where that report is. it was all the same location in an appdata file.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
    Ran by ronny (03-02-2020 09:45:37) Run:1
    Running from C:\Users\ronny\Desktop
    Loaded Profiles: ronny (Available Profiles: ronny)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3324319&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPCB0F839A-04A4-4A4D-ADAD-AD1A6A976444&SSPV=","hxxps://www.google.com/"
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    SearchScopes: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
    AlternateDataStreams: C:\Users\ronny\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
    FirewallRules: [{E955BADC-DF2B-47FB-BE7D-EDD81425FC1F}] => (Allow) %systemroot%\system32\alg.exe No File
    FirewallRules: [{F850B365-54C0-4904-BFE8-3BFA9131EF8C}] => (Allow) %systemroot%\system32\alg.exe No File
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "Chrome StartupUrls" => removed successfully
    "HKU\S-1-5-21-4109447768-91167649-2371174200-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DE58705-3063-4F2A-835E-EB8A8011C103} => removed successfully
    C:\Users\ronny\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E955BADC-DF2B-47FB-BE7D-EDD81425FC1F}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F850B365-54C0-4904-BFE8-3BFA9131EF8C}" => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\mbamiservice.log => moved successfully
    C:\Windows\Temp\mb_errors2220.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\sa.9NCGJX5QLP9M_0__.Public.InstallAgent.dat => moved successfully
    C:\Windows\Temp\WER8C6C.tmp.WERDataCollectionStatus.txt => moved successfully
    C:\Windows\Temp\WERFC4C.tmp.WERDataCollectionStatus.txt => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 9199616 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 193030797 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 0 B
    Edge => 1899090 B
    Chrome => 465476632 B
    Firefox => 181480543 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 256 B
    LocalService => 1222 B
    NetworkService => 329534 B
    ronny => 470565467 B

    RecycleBin => 0 B
    EmptyTemp: => 1.2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 09:48:40 ====

    ----
    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.2.0
    # -------------------------------
    # Build: 01-27-2020
    # Database: 2020-01-24.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 02-03-2020
    # Duration: 00:01:13
    # OS: Windows 10 Home
    # Scanned: 34824
    # Detected: 0


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  4. #4
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    318

    Default

    i spoke too soon, here is a copy of the scan last night. sorry.

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/2/20
    Scan Time: 11:54 PM
    Log File: a2001496-4649-11ea-92ea-00f48ddc7000.json

    -Software Information-
    Version: 4.0.4.49
    Components Version: 1.0.810
    Update Package Version: 1.0.18620
    License: Premium

    -System Information-
    OS: Windows 10 (Build 17763.678)
    CPU: x64
    File System: NTFS
    User: LAPTOP-4HPCQJEC\ronny

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 281355
    Threats Detected: 17
    Threats Quarantined: 17
    Time Elapsed: 5 min, 6 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 3
    PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 199, 454832, , , ,

    File: 14
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000025.ldb, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000027.ldb, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000029.ldb, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000030.log, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000031.ldb, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 199, 454832, , , ,
    PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 199, 454832, 1.0.18620, , ame,
    PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 199, 454832, 1.0.18620, , ame,
    PUP.Optional.Conduit, C:\USERS\RONNY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 199, 454832, 1.0.18620, , ame,

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,925

    Default

    I think you did fine.
    What MalwareBytes found had also been listed in Google
    CHR StartupUrls: Default
    All of it was taken out.

    Let's just do an online scan now because there really doesnt appear to be any malware.

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    318

    Default

    ok juliet thanks. i thought those looked similar to what m-bytes usually finds quite often. i knew tho after running it and putting those into quarrentine the new report would show nothing and i'd rather you see it did come up with something. glad to hear that on the malware. waiting now on the d'load and scans.

  7. #7
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    318

    Default

    ok juliet, not much to that!

    Emsisoft Emergency Kit 2020.1.0.9909 stable [en-us]
    OS: Windows 10 (Version 10.0, Build 17763, 64-bit Edition)

    Forensics log

    Date Component Action Details
    2/3/2020 7:11:06 PM User LAPTOP-4HPCQJEC\ronny Setting modified "Detect PUPs" has been changed to "Enabled".
    2/3/2020 7:09:43 PM User LAPTOP-4HPCQJEC\ronny Setting modified "Recommended readings & news" has been changed to "Enabled".
    2/3/2020 7:09:41 PM User Update Downloaded and installed 101 files (15286 kb) (2 min. 37 sec.).
    2/3/2020 7:07:13 PM User LAPTOP-4HPCQJEC\ronny Setting modified "Recommended readings & news" has been changed to "Disabled".
    2/3/2020 7:07:05 PM Core Notification "Recommended Reading:Ransomware data exfiltration detection and mitigation strategies".

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,925

    Default

    Looking good.

    Ready to remove tools and quarantine folders?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    318

    Default

    ok, i think you've done it again let's clean up this mess you made

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,925

    Default

    Hey now Arkansas ...Tennessee girl didn't do it!.....LOL


    Please download KpRm by Kernel-panik and save to your Desktop.
    • Click on KpRm.exe to run the tool.

      Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Put a check mark next to these items:

      - Delete tools
    • Click the "Run" button.
    • When the tool has finished, it will create and open a log report and delete itself.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •