Results 1 to 10 of 16

Thread: grrrrrrr! i've tried other tools before trying farbar...

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    285

    Default grrrrrrr! i've tried other tools before trying farbar...

    and farbar has stopped responding in 6 tries. the other as before shut my pc down upon opening it. don't know if it's anything but it has slowed x3 i'd bet after the other day it was like the dpi on my mouse was turned way up, i couldn't catch it, and everything it touched it did. red x and it closed, over a program and it opened. browsers opened up until it crashed!

  2. #2
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    285

    Default

    well i deleted farbar and downloaded again new and ran as admin, it got to scanning other areas and became unresponsive. i don't know what to do. feel like i ought to get a room here!

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,872

    Default

    How long did you let it sit?, was it running with task manager open?
    Very possible it's your antivirus. happens to me too.

    Or, you could attempt to run it in safe mode?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    285

    Default

    ok...some folks, just sooo smart. i ran in safe mode and thank you!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
    Ran by ronny (administrator) on LAPTOP-4HPCQJEC (LENOVO 81DE) (09-03-2020 20:29:52)
    Running from C:\Users\ronny\Desktop
    Loaded Profiles: ronny (Available Profiles: ronny)
    Platform: Windows 10 Home Version 1809 17763.678 (X64) Language: English (United States)
    Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.)
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27585400 2020-01-28] (A.V.M. SOFTWARE, INC. -> AVM Software)
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73256 2018-07-01] (Polyclef Software LLC -> Mobile Stream)
    HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27585400 2020-01-28] (A.V.M. SOFTWARE, INC. -> AVM Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.132\Installer\chrmstp.exe [2020-03-05] (Google LLC -> Google LLC)
    Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-10-06]
    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02395C77-4ADC-4C1C-AAD4-E4F6DA3BFA2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {0DC837F4-B0A7-4D92-BBC2-208778FABD04} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-11] (Adobe Inc. -> Adobe Systems)
    Task: {11637F67-0922-426F-84FF-FA70FBA1FF4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {31FD8A2F-9D5E-4525-AFCF-2D4B03D890EF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
    Task: {32A0F6A1-AC7F-44BD-AA4E-E35787A61D78} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170784 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    Task: {38FAD77F-6D48-4035-BF92-011D322C5647} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-14] (Adobe Inc. -> Adobe)
    Task: {3CD617F7-DFF3-4924-A894-31B33EE3B680} - System32\Tasks\NCH Software\WavePadDowngrade => C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe [4285496 2019-12-18] (NCH Software, Inc. -> NCH Software)
    Task: {4981CF69-42E6-4140-B62A-D15905D49575} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_pepper.exe [1453624 2020-02-14] (Adobe Inc. -> Adobe)
    Task: {4CC26219-5974-4334-A597-B6CAE981AA23} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe
    Task: {6D4F6831-4DFD-40E6-AA86-B9E2D0B78B5C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\ronny\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {B2ACB566-981E-4486-89E7-15432568B5E9} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001 => C:\Users\ronny\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
    Task: {D8C30AAD-88BE-464B-9998-1CAD53EE81F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {E08247A7-2E4E-46DE-BA0B-ED3A2B7B3D52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-30] (Google Inc -> Google LLC)
    Task: {E4E5FF1A-9C2C-4845-969B-599F416D55B1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-12] (Adobe Inc. -> Adobe)
    Task: {F81F0636-106C-44EF-B47C-C0716C4AA000} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [411136 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {FAB2F3B6-5DCD-4DE1-B5FA-797DE294E5DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0bcac531-5d49-47cd-83a9-fde31a860b63}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{3c4cf5c5-956d-414c-aa7f-b1f6f0c46421}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{40819c4a-134a-456a-863f-af0c92d95b2b}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{4127e473-dfe3-4b25-bc2c-0156f88a971e}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{41bf5d2c-1448-4cf2-b637-856c4c61d320}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{8def4e12-00e5-41e9-8a5a-38726c85de90}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{911b4540-8355-45a8-a572-9d59dc506868}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{95b16433-0be1-43d3-a9ce-053d12f5f22c}: [DhcpNameServer] 150.208.1.2
    Tcpip\..\Interfaces\{ad325e77-a627-4f2a-83dc-8d6f3d4c4890}: [DhcpNameServer] 192.168.117.1
    Tcpip\..\Interfaces\{d221ac92-401c-49f0-9a27-5deb15c13aad}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)

    Edge:
    ======
    DownloadDir: C:\Users\ronny\Downloads
    Edge Notifications: HKU\S-1-5-21-4109447768-91167649-2371174200-1001 -> hxxps://www.facebook.com
    Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-08]
    Edge Extension: (Autofill for Microsoft Edge by Fillr) -> EdgeExtension_FillrFillrAutofillforEdge_wmnk5xzcp70cp => C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-08]

    FireFox:
    ========
    FF DefaultProfile: fningdqf.default
    FF DefaultProfile: maib197h.default
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default [2019-10-07]
    FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\inspector@mozilla.org.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2019-10-02] [Legacy] [not signed]
    FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\fningdqf.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2019-10-02] [Legacy] [not signed]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\maib197h.default [2020-02-03]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release [2020-03-06]
    FF Notifications: Mozilla\Firefox\Profiles\g2q5qzsk.default-release -> hxxps://www.facebook.com
    FF Extension: (uBlock Origin) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\g2q5qzsk.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-03-06]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-12] (Adobe Inc. -> )
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-12] (Adobe Inc. -> )
    FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-01-15] (Solware IT Ltd -> Solware)
    FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4109447768-91167649-2371174200-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ronny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)

    Chrome:
    =======
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2020-02-09]
    CHR HomePage: Default -> hxxp://www.msn.com/
    CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-08-30]
    CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-08-30]
    CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-08-30]
    CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-08-30]
    CHR Extension: (File Converter Extension) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blppeofoijnlbofllclklacdlfckbkok [2020-01-23]
    CHR Extension: (Adobe Acrobat) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-12-29]
    CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-08-30]
    CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-17]
    CHR Extension: (Glossy Blue) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml [2019-08-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-13]
    CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-30]
    CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-08]
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-03]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    S2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
    S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [195536 2018-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel)
    S2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [18200 2019-07-25] (Lenovo -> Lenovo Group Ltd.)
    S2 MBAMInstallerService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe [5235520 2020-03-09] (Malwarebytes Inc -> Malwarebytes)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-02-03] (Malwarebytes Inc -> Malwarebytes)
    S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178976 2019-08-30] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    S2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-22] (A.V.M. SOFTWARE, INC. -> AVM Software)
    S2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
    S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-09-23] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
    S2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [780328 2019-09-23] (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.)
    S2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [353320 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [136040 2019-09-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 easytether; C:\WINDOWS\System32\drivers\easytthrx.sys [22728 2015-11-22] (Polyclef Software -> Mobile Stream)
    R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    R3 JmUsbCcgp; C:\WINDOWS\System32\drivers\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
    S2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-15] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-02-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-03-06] (Malwarebytes Inc -> Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [119960 2020-02-15] (Malwarebytes Inc -> Malwarebytes)
    S3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
    S3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
    S3 rdacpi; C:\WINDOWS\System32\drivers\rdacpi.sys [41784 2017-07-13] (EA Excelsior Hang Tong Computer Technology Limited -> )
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-08-24] (NCH Software Pty Ltd -> )
    R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-10-29] (Synaptics Incorporated -> Synaptics Incorporated)
    U3 TrueSight; C:\WINDOWS\System32\drivers\truesight.sys [28272 2019-10-07] (Adlice -> )
    S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-03-08 18:50 - 2020-03-08 18:50 - 002279936 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
    2020-03-08 11:41 - 2020-03-08 19:05 - 000014538 _____ C:\Users\ronny\Desktop\Addition.txt
    2020-03-08 11:38 - 2020-03-09 20:31 - 000022703 _____ C:\Users\ronny\Desktop\FRST.txt
    2020-03-08 11:34 - 2020-03-08 11:34 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup.exe
    2020-03-08 11:34 - 2020-03-08 11:34 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2020-03-08 03:24 - 2020-03-08 03:24 - 030248394 _____ C:\Users\ronny\Desktop\Years.wav
    2020-03-07 21:25 - 2020-03-07 21:25 - 046784773 _____ C:\Users\ronny\Desktop\output%2F443996435059966%2Fmoises--allfiles.zip
    2020-03-07 21:09 - 2020-03-07 23:41 - 000000000 ____D C:\Users\ronny\AppData\Roaming\ocenaudio
    2020-03-07 21:08 - 2020-03-07 21:08 - 000000832 _____ C:\Users\Public\Desktop\ocenaudio.lnk
    2020-03-07 21:08 - 2020-03-07 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ocenaudio
    2020-03-07 21:08 - 2020-03-07 21:08 - 000000000 ____D C:\Program Files\ocenaudio
    2020-02-19 12:30 - 2020-02-19 12:31 - 000000000 ____D C:\Users\ronny\AppData\Local\TeamViewer
    2020-02-19 12:30 - 2020-02-19 12:30 - 000000000 ____D C:\Users\ronny\AppData\Roaming\TeamViewer
    2020-02-19 12:29 - 2020-02-26 16:42 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2020-02-19 12:24 - 2020-02-19 12:25 - 000000000 ____D C:\ProgramData\SupremoRemoteDesktop
    2020-02-17 22:02 - 2020-02-17 22:02 - 002835343 _____ C:\Users\ronny\Desktop\(5) Facebook.html
    2020-02-17 22:02 - 2020-02-17 22:02 - 000000000 ____D C:\Users\ronny\Desktop\(5) Facebook_files
    2020-02-15 13:40 - 2020-03-06 22:10 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2020-02-15 13:40 - 2020-02-15 13:40 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2020-02-15 13:40 - 2020-02-15 13:40 - 000119960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2020-02-14 13:26 - 2020-02-14 13:26 - 000044544 _____ C:\Users\ronny\Desktop\NarrowsDamGeneration2-10-20thru02-16-20Rev2.xls
    2020-02-14 13:19 - 2020-02-14 13:19 - 000044544 _____ C:\Users\ronny\Desktop\NarrowsDamGeneration2-17-20thru02-23-20.xls
    2020-02-13 13:39 - 2020-02-13 13:40 - 000000000 ____D C:\Users\ronny\Desktop\New folder
    2020-02-13 13:38 - 2020-02-13 13:38 - 000130234 _____ C:\Users\ronny\Downloads\ResetWUEng.zip
    2020-02-11 19:44 - 2020-02-11 19:44 - 204486112 _____ (Logitech Inc.) C:\Users\ronny\Desktop\Options_8.10.84.exe.mxdl
    2020-02-11 18:00 - 2020-02-11 18:03 - 204486112 _____ (Logitech Inc.) C:\Users\ronny\Desktop\Options_8.10.84(1).exe.mxdl
    2020-02-08 23:22 - 2020-02-08 23:22 - 000000000 ____D C:\Program Files\Logitech
    2020-02-08 23:15 - 2020-02-08 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2020-02-08 04:24 - 2020-02-08 04:24 - 000000000 ____D C:\Users\ronny\.android
    2020-02-08 04:14 - 2020-02-08 04:14 - 000002549 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
    2020-02-08 04:14 - 2020-02-08 04:14 - 000000000 ____D C:\Program Files\Mobile Stream
    2020-02-08 04:11 - 2020-02-08 04:09 - 006133328 _____ (Mobile Stream) C:\Users\ronny\Desktop\easytether (1).exe

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-03-09 20:30 - 2020-02-02 21:33 - 000000000 ____D C:\FRST
    2020-03-09 20:30 - 2019-08-23 19:10 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2020-03-09 20:30 - 2019-08-23 16:06 - 000000000 ____D C:\WINDOWS\INF
    2020-03-09 20:27 - 2020-02-06 12:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2020-03-09 20:25 - 2019-08-23 21:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2020-03-09 20:25 - 2019-08-23 15:35 - 001310720 _____ C:\WINDOWS\system32\config\BBI
    2020-03-09 20:24 - 2019-08-23 19:14 - 000000000 ____D C:\Users\ronny
    2020-03-09 19:55 - 2019-10-08 00:23 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
    2020-03-09 19:54 - 2019-08-23 20:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2020-03-09 19:41 - 2019-09-28 02:49 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{253E348A-5B90-498C-8E33-9D9478C11A9F}
    2020-03-09 19:12 - 2019-08-23 16:08 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-03-09 19:12 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\AppReadiness
    2020-03-09 16:18 - 2019-08-23 16:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-03-08 17:05 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2020-03-08 11:35 - 2019-10-06 22:02 - 000050616 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2020-03-08 10:53 - 2020-02-03 20:04 - 000000000 ____D C:\EEK
    2020-03-07 21:01 - 2019-08-24 15:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
    2020-03-06 23:43 - 2019-08-26 16:20 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
    2020-03-06 22:10 - 2019-08-23 19:21 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2020-03-06 22:07 - 2020-01-01 17:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2020-03-05 17:30 - 2019-08-30 02:04 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-03-05 07:55 - 2020-01-07 10:57 - 000000000 ____D C:\Users\ronny\Desktop\Karaoke
    2020-03-05 07:54 - 2019-11-14 11:55 - 000000000 ____D C:\Users\ronny\Desktop\Recordings
    2020-03-04 22:45 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\NDF
    2020-02-26 16:44 - 2019-08-23 20:38 - 000258768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2020-02-26 16:43 - 2019-12-19 16:12 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
    2020-02-26 16:43 - 2019-10-02 11:09 - 000000000 ____D C:\Program Files (x86)\SeaMonkey
    2020-02-26 16:41 - 2020-01-29 15:02 - 000000000 ____D C:\Blackweb Gaming AP
    2020-02-21 20:37 - 2019-08-23 19:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
    2020-02-19 12:45 - 2019-12-19 16:14 - 000000000 ____D C:\Users\ronny\AppData\Local\BraveSoftware
    2020-02-17 17:49 - 2019-09-07 02:06 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
    2020-02-15 13:40 - 2020-02-03 00:51 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2020-02-14 13:21 - 2019-08-23 19:27 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
    2020-02-14 10:00 - 2020-01-25 21:57 - 000004558 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
    2020-02-14 10:00 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2020-02-14 10:00 - 2019-08-23 16:08 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2020-02-12 10:16 - 2019-08-23 21:49 - 000000000 ____D C:\WINDOWS\system32\MRT
    2020-02-12 10:13 - 2019-08-23 21:49 - 120407888 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2020-02-12 00:45 - 2020-02-06 16:56 - 000004546 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
    2020-02-11 12:52 - 2019-11-29 00:17 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2020-02-10 01:21 - 2019-08-23 19:28 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4109447768-91167649-2371174200-1001
    2020-02-10 01:21 - 2019-08-23 19:28 - 000000000 __RDL C:\Users\ronny\OneDrive
    2020-02-10 01:20 - 2019-08-23 19:14 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-02-08 23:23 - 2019-10-16 19:00 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
    2020-02-08 23:22 - 2019-10-04 21:44 - 000000000 ____D C:\ProgramData\LogiShrd
    2020-02-08 23:15 - 2019-08-24 16:08 - 000000000 ____D C:\Program Files\Common Files\logishrd
    2020-02-08 18:26 - 2020-02-07 23:56 - 000000000 ____D C:\Users\ronny\Desktop\recipes
    2020-02-08 10:53 - 2019-08-24 16:10 - 015546368 _____ C:\Users\ronny\Documents\dwyco-backup-diff-20e539782c8f4581a8e0.sql
    2020-02-08 04:14 - 2018-10-09 09:54 - 000000000 ____D C:\ProgramData\Package Cache
    2020-02-08 04:07 - 2019-08-26 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

    ==================== Files in the root of some directories ========

    2019-09-26 21:23 - 2019-09-26 21:23 - 000000287 _____ () C:\ProgramData\fontcacheev1.dat
    2020-01-18 18:38 - 2020-01-18 18:39 - 000004608 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2019-12-21 11:11 - 2019-12-21 11:11 - 000007606 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)



    safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION
    ==================== End of FRST.txt ========================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
    Ran by ronny (09-03-2020 20:32:42)
    Running from C:\Users\ronny\Desktop
    Windows 10 Home Version 1809 17763.678 (X64) (2019-08-24 00:08:39)
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4109447768-91167649-2371174200-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-4109447768-91167649-2371174200-503 - Limited - Disabled)
    Guest (S-1-5-21-4109447768-91167649-2371174200-501 - Limited - Disabled)
    ronny (S-1-5-21-4109447768-91167649-2371174200-1001 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-4109447768-91167649-2371174200-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.330 - Adobe)
    CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
    Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
    Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
    Dwyco CDC-X version 2.20 (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\Dwyco CDC-X_is1) (Version: 2.20 - Dwyco, Inc.)
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    EasyTether (HKLM\...\{BE94EA52-041A-4643-A192-9481EDBFA73F}) (Version: 1.3.4 - Mobile Stream) Hidden
    EasyTether (HKLM-x32\...\{11e8bc09-c842-4244-bf90-2bea82be07c5}) (Version: 1.3.4 - Mobile Stream)
    EasyTether ADB USB driver (HKLM\...\{428D980B-9D77-4AAB-A4FC-00248C1882C8}) (Version: 1.3.4 - Mobile Stream)
    erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
    FastStone Image Viewer 7.4 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.4 - FastStone Soft)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.132 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
    Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
    Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
    KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.6.1.1 - Recisio)
    Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 2.0.7.0 - Lenovo Group Ltd.)
    Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
    Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
    Microsoft OneDrive (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
    MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.5000 - Maxthon International Limited)
    ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.7.10 - Ocenaudio Team)
    Paltalk (HKLM-x32\...\Paltalk) (Version: - )
    PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 5.50 - NCH Software)
    RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 8.01 - NCH Software)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.17.0 - Samsung Electronics Co., Ltd.)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\UnityWebPlayer) (Version: 5.3.8f2 - Unity Technologies ApS)
    Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 9.79 - NCH Software)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)

    Packages:
    =========
    Autofill for Microsoft Edge by Fillr -> C:\Program Files\WindowsApps\Fillr.FillrAutofillforEdge_0.2.13.0_neutral__wmnk5xzcp70cp [2019-10-08] (Fillr)
    Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.32.4.0_x86__kgqvnymyfvs32 [2020-03-05] (king.com)
    Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1710.1.0_x86__kgqvnymyfvs32 [2020-02-28] (king.com)
    Cloud Drive! -> C:\Program Files\WindowsApps\5913DefineStudio.CloudDrive_4.9.0.0_x64__jj4r3mnwe2ey2 [2020-01-01] (Define Studio) [MS Ad]
    Geek app-Wish -> C:\Program Files\WindowsApps\25912WinPhoneTotalApps.Geekapp-Wish_1.0.0.1_neutral__rdnsa2fnwy8xy [2020-01-12] (Wonderful World Apps (WWA))
    iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa [2020-01-29] (Apple Inc.) [Startup Task]
    Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2001.12.0_x64__k1h2ywk1493x8 [2020-02-28] (LENOVO INC.)
    LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4 [2020-01-03] (LENOVO INC) [Startup Task]
    Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
    Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20583.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad]
    Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
    Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
    Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
    Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-02-28] (Microsoft Studios) [MS Ad]
    Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
    Movie Maker : Video Editor With Photo Slideshow -> C:\Program Files\WindowsApps\13941FunAppsMaker.MovieMakerVideoEditorWithPhotoSl_1.0.16.0_x64__yg31wsae9kk16 [2020-01-16] (FunAppsMaker) [MS Ad]
    MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad]
    MultiRec -> C:\Program Files\WindowsApps\davidtanzer.net.MultiRec_1.0.2.0_x64__8k66xfnpkzez6 [2019-10-14] (David Tanzer)
    OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.9.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation)
    Sketchpads -> C:\Program Files\WindowsApps\48791Untoldlies.Sketchpads_1.1.0.1_neutral__8yj6wf32v5cte [2019-12-29] (LiKZ)
    Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0 [2020-03-05] (Spotify AB) [Startup Task]
    uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-10-08] (Nik Rolls)
    Ultra Paint -> C:\Program Files\WindowsApps\D5BE6627.UltraPaint_2.0.3.0_x86__9pm2v9747qaaa [2020-02-13] (CompuClever Systems Inc.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-03] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-03] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)

    ==================== Loaded Modules (Whitelisted) =============

    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\ronny\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    2019-10-23 22:31 - 2019-10-23 22:36 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20180524_101516.gif
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "EvtMgr6"
    HKLM\...\StartupApproved\Run: => "LogiOptions"
    HKLM\...\StartupApproved\Run: => "Blackweb Gaming AP"
    HKLM\...\StartupApproved\Run32: => "LWS"
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "EasyTether"
    HKU\S-1-5-21-4109447768-91167649-2371174200-1001\...\StartupApproved\Run: => "Paltalk"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{BAFE3480-AEB5-4800-9E2D-8E61E183CD3D}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{C0ADCAA4-DF8A-4292-9D89-A7D6ACEB34A5}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [{18993CBE-DAD3-4CA6-B611-E6C9F2C517C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{9E6AC93C-08F1-4BF8-AC63-8068E9CC5EA2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{128B5960-7AFA-41F4-B56B-ADAC6413F6C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{6DBA228B-5816-4BB6-8B69-28D3B15980B0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{AA0C68E5-8F3D-4F7A-A2CA-74D5875ECA92}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{8D290D7F-B51E-440A-9C69-C43F5AFFFB1E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A5EBA336-D986-4597-95D2-1FD9ACA8E84E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{AF73B399-A155-4B55-A474-8616E9F030E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{218F3333-5012-4BA0-836E-6A9F51C39D4D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{5F087B9C-F52A-46F2-888C-987D66701220}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{53F7BA74-C0B0-4649-85B9-CE5753F7F3EA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{8C2F5129-16B2-4DBA-A8E0-AC574DBB8C85}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{716C029D-9851-4BAB-BB78-EA426DDDBD9D}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
    FirewallRules: [{C93ADECC-7050-42FC-A3D6-2DE856BF88F9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12527.20242.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{3414BFAD-21A1-4832-9DDB-9C51ADBAAD92}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{AFD5B04D-19D9-4A38-8637-11B96764123E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{15CE8858-939B-414C-9C78-B6561499B58D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{78567BEC-C13B-44EB-B950-609C4AEE6053}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{9495D1FD-10BE-4BC5-A3CF-49E5304CC41B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{49C8C205-1866-49FF-AF8D-63B1EF4B85CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{E85F60CC-1D02-41DD-BA2B-1BE68D658ED2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{7B4BA752-099B-4352-9340-69407657BA62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.127.472.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
    FirewallRules: [{1E635050-C8BB-44F8-AFC0-983F22D6ED09}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    19-02-2020 12:45:21 Removed Java 8 Update 231
    01-03-2020 14:14:18 Scheduled Checkpoint
    08-03-2020 15:21:59 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============

    Name: USB Audio CODEC
    Description: USB Audio Device
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Generic USB Audio)
    Service: usbaudio
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Intel(R) Display Audio
    Description: Intel(R) Display Audio
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Intel(R) Corporation
    Service: IntcDAud
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft Hyper-V Virtualization Infrastructure Driver
    Description: Microsoft Hyper-V Virtualization Infrastructure Driver
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: Vid
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Qualcomm Atheros QCA9377 Wireless Network Adapter #2
    Description: Qualcomm Atheros QCA9377 Wireless Network Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Qualcomm Atheros Communications Inc.
    Service: Qcamain10x64
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: Realtek High Definition Audio
    Description: Realtek High Definition Audio
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: IntcAzAudAddService
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: System Interface Foundation V2 Device
    Description: System Interface Foundation V2 Device
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: Lenovo
    Service: WUDFRd
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (03/09/2020 07:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 4.0.0.553, time stamp: 0x5e3e03ac
    Faulting module name: ntdll.dll, version: 10.0.17763.592, time stamp: 0x0f1b8afd
    Exception code: 0xc0000374
    Fault offset: 0x00000000000fb049
    Faulting process id: 0x20d8
    Faulting application start time: 0x01d5f67689f3b246
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 51606a6e-d185-4bbf-9679-8b185243fceb
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/09/2020 02:40:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 4.0.0.553, time stamp: 0x5e3e03ac
    Faulting module name: ntdll.dll, version: 10.0.17763.592, time stamp: 0x0f1b8afd
    Exception code: 0xc0000374
    Fault offset: 0x00000000000fb049
    Faulting process id: 0x290c
    Faulting application start time: 0x01d5f64a89377881
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: a25c934c-4e01-4d9b-a64f-c757fc190ce6
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/08/2020 10:14:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
    Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
    Exception code: 0xe0434352
    Fault offset: 0x0000000000039129
    Faulting process id: 0x2424
    Faulting application start time: 0x01d5f5c0db883abb
    Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 671dcc32-21f5-4a89-9077-22f44473e8d7
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/08/2020 10:14:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: GfxDownloadWrapper.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.DirectoryNotFoundException
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
    at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
    at GfxGameSettingsDownload.Program.Main(System.String[])

    Error: (03/08/2020 01:13:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 8.3.2020.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 6ac

    Start Time: 01d5f5726507b678

    Termination Time: 5

    Application Path: C:\Users\ronny\Desktop\FRST64.exe

    Report Id: 3823e4db-d596-44c5-88dc-9e88996f3fd1

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Cross-process

    Error: (03/08/2020 11:55:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 8.3.2020.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 14f8

    Start Time: 01d5f567e02bc8fe

    Termination Time: 0

    Application Path: C:\Users\ronny\Desktop\FRST64.exe

    Report Id: 060b5f83-96a5-4db9-b4e4-56d67a0907a6

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Cross-process

    Error: (03/07/2020 10:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6577, time stamp: 0x5c5c547b
    Faulting module name: KERNELBASE.dll, version: 10.0.17763.652, time stamp: 0x598c4711
    Exception code: 0xe0434352
    Fault offset: 0x0000000000039129
    Faulting process id: 0x36e4
    Faulting application start time: 0x01d5f4f77ba27a6d
    Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
    Report Id: 3f6ad8d2-07da-4681-a1f8-e7c664c4ea20
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/07/2020 10:13:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: GfxDownloadWrapper.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.DirectoryNotFoundException
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
    at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
    at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
    at GfxGameSettingsDownload.Program.Main(System.String[])


    System errors:
    =============
    Error: (03/09/2020 08:33:49 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (03/09/2020 08:32:52 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {E48EDA45-43C6-48E0-9323-A7B2067D9CD5}

    Error: (03/09/2020 08:32:52 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {E48EDA45-43C6-48E0-9323-A7B2067D9CD5}

    Error: (03/09/2020 08:32:41 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (03/09/2020 08:31:30 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (03/09/2020 08:30:41 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (03/09/2020 08:30:41 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
    Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
    {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (03/09/2020 08:30:41 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-4HPCQJEC)
    Description: DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server:
    {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}


    Windows Defender:
    ===================================
    Date: 2020-01-29 12:10:15.282
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {396DB32F-329D-4CA1-B855-88898DACEE7D}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-29 12:00:20.346
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {1432EAAB-C3BC-4099-BFB2-4BF8C948F140}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-26 01:20:29.453
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {1D46E386-20CC-4C51-9A04-6479414C8A63}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-17 01:22:26.603
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {BE924E9C-C209-4E3A-A140-1F77F13EEA40}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-01-11 12:14:21.755
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {705343EE-9386-47F2-9305-DD4037B960A3}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-03-09 20:26:23.265
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.309.903.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16700.3
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2020-03-09 20:26:23.265
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.309.903.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16700.3
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2020-03-09 20:26:23.264
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.309.903.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16700.3
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2020-03-09 20:26:23.256
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.309.903.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16700.3
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2020-03-09 20:26:23.256
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.309.903.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16700.3
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2020-03-08 09:45:06.581
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-03-08 09:44:15.064
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-03-08 09:44:06.029
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-03-08 09:43:54.346
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-03-08 09:43:42.308
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-03-08 09:43:42.178
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-03-08 09:43:42.009
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    Date: 2020-03-07 20:13:04.476
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    BIOS: LENOVO 8TCN53WW 05/17/2019
    Motherboard: LENOVO LNVNB161216
    Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
    Percentage of memory in use: 38%
    Total physical RAM: 4005.22 MB
    Available physical RAM: 2482 MB
    Total Virtual: 8357.22 MB
    Available Virtual: 7099.63 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:872.02 GB) NTFS

    \\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
    \\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,872

    Default

    No problems showing as infected, can remove a couple of things that are not malicious.

    I want you to read over articles and see if maybe you have these windows updates on your computer.

    https://www.techradar.com/news/yet-a...-how-to-fix-it
    https://www.techradar.com/news/the-l...d-uninstall-it

    Also
    How to Run Troubleshooters to Find and Fix Common Problems in Windows 10
    https://www.tenforums.com/tutorials/...eshooters.html

    Also remember your in safe mode and you will need to reverse that back.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    285

    Default

    ok juliet thanks. sorry i had to leave town. i'll read that as i still believe my updates don't all get through. i knew just these initial scans and anything usually pops up. i feel better getting checked and knowing it's not an infection. i can just delete farbar right?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •