Page 4 of 4 FirstFirst 1234
Results 31 to 38 of 38

Thread: i don't know what to do, this pc seems to be badly infected...

  1. #31
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    313

    Default

    ok juliet did delete the update and can go back and read up on it to see if microsoft doctored it any. one thing is the typing is way better earlier it would first show it was non responsive, then it'd have to catch up and would always leave words and letters out. it's doing the job now. also the scrolling, if i go right and click the arrow in the bottom right it will move the screen, before it wouldn't do anything. same for the mouse, the scroll would go dead. i did a screenshot of task mgr. so you could see at startup the numbers on the tabs. and what it said when i tried to start windef. i guess i'll go click on some things and see what i get for it...i'll bbl!
    Attached Images Attached Images

  2. #32
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,899

    Default

    I think the issue regarding Windows Defender is due to having MalwareBytes onboard, especially if it's the premium version and it's no big deal really.

    read over the the below link, it describes what it does and how to adjust a setting.
    https://forums.malwarebytes.com/topi...dows-defender/

    Also, I would like for you to delete the version of Farbar Recovery Scan Tool you have now and download a fresh copy.

    Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

    (Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #33
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    313

    Default

    okie dokie!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2020 01
    Ran by ronny (administrator) on DESKTOP-5LGTG7U (LENOVO 81DE) (01-06-2020 21:00:08)
    Running from C:\Users\ronny\OneDrive\Desktop
    Loaded Profiles: ronny
    Platform: Windows 10 Home Version 1909 18363.815 (X64) Language: English (United States)
    Default browser: "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe" -- "%1"
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
    (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\FileCoAuth.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2003.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.7.913.0\CCleanerBrowserCrashHandler.exe
    (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.7.913.0\CCleanerBrowserCrashHandler64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Tim Grabinat) C:\Program Files\WindowsApps\61545TimGrabinat.wAPPerforGmail_3.0.32.0_x64__rcb0qdgx4z9ca\EasyMail.UwpApp.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391120 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-21-3225645889-90737514-4092726810-1002\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27473240 2020-03-11] (A.V.M. SOFTWARE, INC. -> AVM Software)
    HKU\S-1-5-21-3225645889-90737514-4092726810-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [27775672 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-3225645889-90737514-4092726810-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session -- microsoft-edge:?launchContext1=Microsof (the data entry has 507 more characters).
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\81.0.4133.132\Installer\chrmstp.exe [2020-05-19] (Piriform Software Ltd -> Piriform Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.61\Installer\chrmstp.exe [2020-05-21] (Google LLC -> Google LLC)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\83.0.478.37\Installer\setup.exe [2020-05-23] (Microsoft Corporation -> Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {04E20578-184F-4611-B814-57A0441D6153} - System32\Tasks\NCH Software\VideoPadCacheDeleteAll => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [7338552 2020-04-07] (NCH Software, Inc. -> NCH Software)
    Task: {13CC37BA-6BBC-4276-84F4-C4462383A48B} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-27] (Microsoft Corporation -> Microsoft Corporation)
    Task: {1D0552C1-7102-4F1F-9A23-37B0C3168F59} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-27] (Microsoft Corporation -> Microsoft Corporation)
    Task: {2340E7AE-324C-473A-860C-8AC1F2CB9EAD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-05-12] (Adobe Inc. -> Adobe)
    Task: {2EB47585-44E6-44F8-B192-95D8DF400741} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-07] (Google LLC -> Google LLC)
    Task: {3B5C61B6-6CFE-4504-A0F2-7804700E2E32} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2019736 2020-04-19] (Piriform Software Ltd -> Piriform Software)
    Task: {59E9848C-9E5A-4982-B9E5-C596687878EC} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200416 2020-05-09] (Piriform Software Ltd -> Piriform Software)
    Task: {635D3CCD-7496-4B0F-B3CD-FEF653BD9F41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [23571128 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {65929EDE-57AA-4E15-BC76-5DCE116B1DAC} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2019736 2020-04-19] (Piriform Software Ltd -> Piriform Software)
    Task: {7831C6A0-EFB3-4C4D-8F5E-B7D5E0450621} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-05-12] (Adobe Inc. -> Adobe)
    Task: {7983BAC4-7163-45E0-B9CD-F9F2A441CD87} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {81C8E21D-A26B-4535-9856-FA27D5445C2D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
    Task: {8B25EE1E-6812-4947-AAEB-1F4E2977A349} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_pepper.exe [1454136 2020-05-12] (Adobe Inc. -> Adobe)
    Task: {8E76701E-42FD-45E9-9D18-E2152757AFD3} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200416 2020-05-09] (Piriform Software Ltd -> Piriform Software)
    Task: {933C7996-40C6-4E5C-AD76-676BAA23A976} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [126152 2020-04-03] (Mozilla Corporation -> Mozilla Foundation)
    Task: {B4040A37-DA80-49D0-B497-63DEE7CA8D26} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170776 2020-04-09] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    Task: {FCCFE790-5DE0-42BD-8229-6672C6EC1A87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-07] (Google LLC -> Google LLC)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{77f06c39-02b7-4703-b769-96db13033acb}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{c0d9cf53-d314-436e-9b38-6d73da5c1034}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{d8f4043a-a57f-4f29-bc05-2e008521c949}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3225645889-90737514-4092726810-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    HKU\S-1-5-21-3225645889-90737514-4092726810-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-04-14] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-14] (Oracle America, Inc. -> Oracle Corporation)

    Edge:
    ======
    DownloadDir: C:\Users\ronny\Downloads
    Edge Notifications: HKU\S-1-5-21-3225645889-90737514-4092726810-1002 -> hxxps://www.facebook.com
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-01]
    Edge DownloadDir: C:\Users\ronny\Downloads
    Edge Notifications: Default -> hxxps://geek.wish.com; hxxps://www.facebook.com; hxxps://www.xtube.com; hxxps://www.xvideos.com
    Edge HomePage: Default -> hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    Edge Extension: (Wikibuy from Capital One) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-05-25]
    Edge Extension: (#1 Web & PDF Highlighter - LINER) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kmhegedbanhfblnoboomoeafpmojfdlp [2020-05-28]

    FireFox:
    ========
    FF DefaultProfile: zv1bqjk9.default
    FF DefaultProfile: 8qrrb5j2.default
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\zv1bqjk9.default [2020-05-17]
    FF Extension: (DOM Inspector) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\zv1bqjk9.default\Extensions\inspector@mozilla.org.xpi [2020-04-09] [Legacy] [not signed]
    FF Extension: (ChatZilla) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\zv1bqjk9.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2020-04-09] [Legacy] [not signed]
    FF Extension: (Lightning) - C:\Users\ronny\AppData\Roaming\Mozilla\SeaMonkey\Profiles\zv1bqjk9.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}.xpi [2020-04-09] [Legacy] [not signed]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\8qrrb5j2.default [2020-06-01]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\4guxqopg.default-release [2020-05-17]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_371.dll [2020-05-12] (Adobe Inc. -> )
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_371.dll [2020-05-12] (Adobe Inc. -> )
    FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-14] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-14] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.7.913.0\npCCleanerBrowserUpdate3.dll [2020-05-09] (Piriform Software Ltd -> Piriform Software)
    FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.7.913.0\npCCleanerBrowserUpdate3.dll [2020-05-09] (Piriform Software Ltd -> Piriform Software)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2010-04-05]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2010-04-05]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2010-04-05]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2010-04-05]

    Chrome:
    =======
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2020-05-30]
    CHR HomePage: Default -> hxxp://www.msn.com/
    CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
    CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-07]
    CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-07]
    CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-05-07]
    CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-07]
    CHR Extension: (Adobe Acrobat) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-05-07]
    CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-07]
    CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-07]
    CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-05-07]
    CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-22]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AtherosSvc; C:\Windows\System32\drivers\AdminService.exe [386976 2019-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200416 2020-05-09] (Piriform Software Ltd -> Piriform Software)
    S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\81.0.4054.116\elevation_service.exe [1106528 2020-04-19] (Piriform Software Ltd -> Piriform Software)
    S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200416 2020-05-09] (Piriform Software Ltd -> Piriform Software)
    R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
    S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-27] (Microsoft Corporation -> Microsoft Corporation)
    S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-27] (Microsoft Corporation -> Microsoft Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-09] (Malwarebytes Inc -> Malwarebytes)
    S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\83.0.478.37\elevation_service.exe [1507224 2020-05-23] (Microsoft Corporation -> Microsoft Corporation)
    S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [178464 2020-04-09] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-22] (A.V.M. SOFTWARE, INC. -> AVM Software)
    S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13048888 2020-04-30] (Adlice -> )
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267760 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BtFilter; C:\Windows\System32\drivers\btfilter.sys [82712 2019-09-22] (Qualcomm Atheros -> Qualcomm)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-04-23] (Malwarebytes Corporation -> Malwarebytes)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-05-25] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2020-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [195432 2020-05-25] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-05-31] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-05-25] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [125088 2020-05-31] (Malwarebytes Inc -> Malwarebytes)
    R3 stdriver; C:\Windows\system32\DRIVERS\stdriverx64.sys [54664 2020-05-22] (NCH Software Pty Ltd -> )
    R3 SynRMIHID; C:\Windows\System32\drivers\SynRMIHID.sys [62520 2019-05-23] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2020-05-05] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-05-31 21:45 - 2020-05-31 21:45 - 000125088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2020-05-31 21:45 - 2020-05-31 21:45 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2020-05-31 21:44 - 2020-05-31 21:44 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys
    2020-05-30 09:01 - 2020-05-30 09:01 - 000000000 ____D C:\Program Files\UNP
    2020-05-30 08:45 - 2020-05-30 08:45 - 043322896 _____ C:\Users\ronny\Downloads\Firefox Setup 42.0.exe
    2020-05-28 12:23 - 2020-05-28 12:23 - 000046682 _____ C:\Users\ronny\Downloads\wushowhide.diagcab
    2020-05-28 12:23 - 2020-05-28 12:23 - 000046682 _____ C:\Users\ronny\Downloads\wushowhide (2).diagcab
    2020-05-28 12:23 - 2020-05-28 12:23 - 000046682 _____ C:\Users\ronny\Downloads\wushowhide (1).diagcab
    2020-05-28 10:59 - 2020-05-28 10:59 - 000063466 _____ C:\Windows\dxdiag.txt
    2020-05-28 10:57 - 2020-05-28 10:57 - 000000000 ____D C:\Users\Default\AppData\Local\D3DSCache
    2020-05-28 10:57 - 2020-05-28 10:57 - 000000000 ____D C:\Users\Default User\AppData\Local\D3DSCache
    2020-05-28 10:55 - 2020-05-28 10:55 - 000000000 ____D C:\Users\ronny\OneDrive\Documents\FeedbackHub
    2020-05-25 09:04 - 2020-05-25 09:04 - 000195432 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2020-05-25 09:03 - 2020-05-25 09:03 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2020-05-25 09:03 - 2020-05-25 09:03 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2020-05-23 11:19 - 2020-05-28 13:00 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
    2020-05-22 21:50 - 2020-05-22 21:50 - 000000000 ____D C:\Users\ronny\NCH Software Suite
    2020-05-22 13:33 - 2020-05-28 21:59 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
    2020-05-21 22:15 - 2020-05-21 22:15 - 000002108 _____ C:\Users\ronny\Desktop\RKreport.txt
    2020-05-21 21:55 - 2020-05-21 21:55 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2020-05-21 21:55 - 2020-05-21 21:55 - 000000906 _____ C:\ProgramData\Desktop\RogueKiller.lnk
    2020-05-21 21:55 - 2020-05-21 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2020-05-21 21:55 - 2020-05-21 21:55 - 000000000 ____D C:\Program Files\RogueKiller
    2020-05-21 21:54 - 2020-05-21 22:00 - 000000000 ____D C:\ProgramData\RogueKiller
    2020-05-20 09:01 - 2020-05-20 09:03 - 000000000 ____D C:\AdwCleaner
    2020-05-19 08:14 - 2020-05-19 08:14 - 000000000 ____D C:\RegBackup
    2020-05-19 08:13 - 2020-05-19 08:14 - 000016293 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2020-05-19 08:11 - 2020-05-19 08:12 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup(1).exe
    2020-05-17 05:03 - 2020-05-17 05:05 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\ronny\Downloads\rkill.exe
    2020-05-17 04:40 - 2020-06-01 21:00 - 000000000 ____D C:\FRST
    2020-05-17 04:18 - 2020-05-17 04:18 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\ronny\Downloads\spybotsd-2.8.68.0.exe
    2020-05-16 08:17 - 2020-05-16 08:17 - 000003472 _____ C:\Users\ronny\OneDrive\Documents\cc_20200516_081658.reg
    2020-05-15 21:43 - 2020-05-15 21:43 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Easy Thumbnails
    2020-05-15 21:43 - 2020-05-15 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Thumbnails
    2020-05-15 21:43 - 2020-05-15 21:43 - 000000000 ____D C:\Program Files (x86)\Easy Thumbnails
    2020-05-15 21:42 - 2020-05-15 21:42 - 001069960 _____ (Fookes Software ) C:\Users\ronny\Downloads\EzThmb_Setup.exe
    2020-05-12 20:40 - 2020-05-12 20:40 - 000000000 ____D C:\Users\ronny\AppData\Roaming\assguard
    2020-05-12 20:36 - 2020-05-12 20:36 - 000000000 ____D C:\Users\ronny\AppData\Local\MacPaw_Networks_LLC
    2020-05-09 10:35 - 2020-05-09 10:35 - 000012826 _____ C:\Users\ronny\OneDrive\Documents\cc_20200509_103512.reg
    2020-05-09 10:14 - 2020-05-20 09:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CCleaner Browser
    2020-05-09 10:14 - 2020-05-09 10:14 - 000000000 ____D C:\ProgramData\CCleaner Browser
    2020-05-09 10:13 - 2020-05-09 10:13 - 000003842 _____ C:\Windows\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
    2020-05-09 10:13 - 2020-05-09 10:13 - 000003258 _____ C:\Windows\system32\Tasks\CCleaner Browser Heartbeat Task (Logon)
    2020-05-09 10:13 - 2020-05-09 10:13 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
    2020-05-09 10:13 - 2020-05-09 10:13 - 000002431 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
    2020-05-09 10:13 - 2020-05-09 10:13 - 000002431 _____ C:\ProgramData\Desktop\CCleaner Browser.lnk
    2020-05-09 10:12 - 2020-05-19 08:20 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
    2020-05-09 10:12 - 2020-05-09 10:12 - 000003472 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachineUA
    2020-05-09 10:12 - 2020-05-09 10:12 - 000003348 _____ C:\Windows\system32\Tasks\CCleanerUpdateTaskMachineCore
    2020-05-09 10:11 - 2020-05-09 10:11 - 025306104 _____ (Piriform Software Ltd) C:\Users\ronny\Downloads\ccsetup566.exe
    2020-05-07 13:11 - 2020-05-21 21:52 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-05-07 13:11 - 2020-05-21 21:52 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2020-05-07 13:11 - 2020-05-21 21:52 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2020-05-07 13:11 - 2020-05-07 13:11 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
    2020-05-07 13:11 - 2020-05-07 13:11 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
    2020-05-07 13:11 - 2020-05-07 13:11 - 000000000 ____D C:\Program Files (x86)\Google
    2020-05-07 13:10 - 2020-05-07 13:13 - 000000000 ____D C:\Users\ronny\AppData\Local\Google
    2020-05-07 13:10 - 2020-05-07 13:10 - 001295576 _____ (Google LLC) C:\Users\ronny\Downloads\ChromeSetup.exe
    2020-05-05 13:01 - 2020-05-05 13:01 - 000039920 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
    2020-05-05 12:45 - 2020-05-12 21:28 - 000004558 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
    2020-05-02 16:19 - 2020-05-02 16:19 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
    2020-05-02 16:19 - 2020-05-02 16:19 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Adobe
    2020-05-02 16:18 - 2020-05-24 22:05 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2020-05-02 16:18 - 2020-05-02 16:18 - 000002131 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2020-05-02 16:18 - 2020-05-02 16:18 - 000002131 _____ C:\ProgramData\Desktop\Acrobat Reader DC.lnk
    2020-05-02 16:17 - 2020-05-02 16:20 - 000000000 ____D C:\ProgramData\Adobe
    2020-05-02 16:17 - 2020-05-02 16:17 - 000000000 ____D C:\Program Files (x86)\Adobe
    2020-05-02 16:12 - 2020-05-02 16:12 - 000125768 _____ C:\Users\ronny\Downloads\Account e-Statement - April 2020.pdf

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-06-01 21:00 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-06-01 20:19 - 2020-04-09 01:02 - 000000000 ____D C:\Windows\system32\SleepStudy
    2020-06-01 11:43 - 2019-03-18 23:37 - 000000000 ____D C:\Windows\CbsTemp
    2020-06-01 00:15 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\AppReadiness
    2020-05-31 21:49 - 2020-04-09 02:04 - 000795992 _____ C:\Windows\system32\PerfStringBackup.INI
    2020-05-31 21:49 - 2019-03-18 23:50 - 000000000 ____D C:\Windows\INF
    2020-05-31 21:48 - 2020-04-09 10:34 - 000000000 ___RD C:\Users\ronny\OneDrive
    2020-05-31 21:46 - 2020-04-09 10:09 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2020-05-31 21:44 - 2020-04-09 01:03 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2020-05-31 21:43 - 2019-03-18 23:37 - 000786432 _____ C:\Windows\system32\config\BBI
    2020-05-31 21:41 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\SystemResources
    2020-05-31 21:41 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\oobe
    2020-05-31 21:41 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\ShellExperiences
    2020-05-31 21:41 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\bcastdvr
    2020-05-30 17:45 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-05-30 17:25 - 2020-04-17 06:46 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
    2020-05-30 17:22 - 2020-04-09 01:02 - 000257824 _____ C:\Windows\system32\FNTCACHE.DAT
    2020-05-30 17:21 - 2020-04-09 00:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2020-05-30 08:47 - 2020-04-12 10:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2020-05-30 08:47 - 2020-04-09 15:52 - 000001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2020-05-30 08:47 - 2020-04-09 15:52 - 000001223 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
    2020-05-30 08:47 - 2020-04-09 13:34 - 000001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2020-05-30 08:29 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\LiveKernelReports
    2020-05-28 09:38 - 2020-04-09 00:19 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
    2020-05-25 21:52 - 2020-04-09 00:22 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
    2020-05-24 21:12 - 2020-04-12 08:24 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software
    2020-05-23 04:33 - 2020-04-27 10:21 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2020-05-23 04:33 - 2020-04-27 10:21 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2020-05-23 04:33 - 2020-04-27 10:21 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
    2020-05-23 03:55 - 2020-04-27 07:08 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2020-05-23 03:55 - 2020-04-27 07:08 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2020-05-22 21:50 - 2020-04-12 08:24 - 000054664 _____ C:\Windows\system32\Drivers\stdriverx64.sys
    2020-05-22 21:50 - 2020-04-12 08:24 - 000001366 _____ C:\Users\Public\Desktop\NCH Suite.lnk
    2020-05-22 21:50 - 2020-04-12 08:24 - 000001366 _____ C:\ProgramData\Desktop\NCH Suite.lnk
    2020-05-22 21:50 - 2020-04-12 08:24 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
    2020-05-22 21:50 - 2020-04-12 08:24 - 000001238 _____ C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
    2020-05-22 21:50 - 2020-04-12 08:24 - 000001238 _____ C:\ProgramData\Desktop\SoundTap Streaming Audio Recorder.lnk
    2020-05-22 21:50 - 2020-04-09 00:15 - 000000000 ____D C:\Users\ronny
    2020-05-20 18:37 - 2020-04-09 00:19 - 000000000 ____D C:\Users\ronny\AppData\Local\Publishers
    2020-05-20 08:50 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\NDF
    2020-05-19 15:02 - 2020-04-09 10:34 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3225645889-90737514-4092726810-1002
    2020-05-19 15:02 - 2020-04-09 00:15 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-05-19 08:13 - 2020-04-17 14:35 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2020-05-19 08:13 - 2020-04-17 14:35 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
    2020-05-13 12:24 - 2020-04-09 04:02 - 000000000 ____D C:\Windows\system32\MRT
    2020-05-13 12:20 - 2020-04-09 04:01 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2020-05-12 21:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2020-05-12 21:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\Macromed
    2020-05-12 20:48 - 2020-04-09 14:01 - 000004546 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
    2020-05-09 10:20 - 2020-04-09 02:03 - 000000000 ____D C:\Windows\minidump
    2020-05-09 10:12 - 2020-04-17 06:46 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2020-05-09 10:12 - 2020-04-17 06:46 - 000000870 _____ C:\ProgramData\Desktop\CCleaner.lnk
    2020-05-05 12:44 - 2020-04-09 14:00 - 000000000 ____D C:\Users\ronny\AppData\Local\Adobe
    2020-05-02 16:19 - 2020-04-09 00:19 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Adobe

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-05-2020 01
    Ran by ronny (01-06-2020 21:02:07)
    Running from C:\Users\ronny\OneDrive\Desktop
    Windows 10 Home Version 1909 18363.815 (X64) (2020-04-09 07:00:28)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3225645889-90737514-4092726810-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3225645889-90737514-4092726810-503 - Limited - Disabled)
    Guest (S-1-5-21-3225645889-90737514-4092726810-501 - Limited - Disabled)
    ronny (S-1-5-21-3225645889-90737514-4092726810-1002 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-3225645889-90737514-4092726810-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20065 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.371 - Adobe)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.371 - Adobe)
    CCleaner (HKLM\...\CCleaner) (Version: 5.66 - Piriform)
    CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 81.0.4133.132 - Piriform Software)
    CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.7.913.0 - Piriform Software) Hidden
    Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.61 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
    Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.37 - Microsoft Corporation)
    Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
    Microsoft OneDrive (HKU\S-1-5-21-3225645889-90737514-4092726810-1002\...\OneDriveSetup.exe) (Version: 20.064.0329.0008 - Microsoft Corporation)
    Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 75.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
    MX5 (HKLM-x32\...\Maxthon5) (Version: 5.3.8.2000 - Maxthon International Limited)
    Paltalk (HKLM-x32\...\Paltalk) (Version: - )
    RogueKiller version 14.4.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.4.2.0 - Adlice Software)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 8.28 - NCH Software)

    Packages:
    =========
    Adobe Photoshop Express: Image Editor, Adjustments, Filters, Effects, Borders -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.0.316.0_x64__ynb6jyjzte8ga [2020-05-02] (Adobe Inc.)
    EasyMail for Gmail -> C:\Program Files\WindowsApps\61545TimGrabinat.wAPPerforGmail_3.0.32.0_x64__rcb0qdgx4z9ca [2020-05-28] (Tim Grabinat) [MS Ad]
    Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-04-09] (INTEL CORP)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-04-09] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-09] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-09] (Microsoft Corporation) [MS Ad]
    Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-05-04] (MAGIX)
    Photo Editor- -> C:\Program Files\WindowsApps\10414Kingloft.PhotoEditor-_1.1.11.0_x64__hwg4vmr4pnwdp [2020-05-02] (Kingloft) [MS Ad]
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-25] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-09] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-09] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

    ==================== Loaded Modules (Whitelisted) =============

    2020-05-14 14:35 - 2020-05-14 14:35 - 000948736 _____ () [File not signed] C:\Program Files\WindowsApps\61545TimGrabinat.wAPPerforGmail_3.0.32.0_x64__rcb0qdgx4z9ca\e_sqlite3.dll
    2020-05-28 03:52 - 2020-05-28 03:52 - 027698688 _____ () [File not signed] C:\Program Files\WindowsApps\61545TimGrabinat.wAPPerforGmail_3.0.32.0_x64__rcb0qdgx4z9ca\EasyMail.UwpApp.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-3225645889-90737514-4092726810-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20180524_101516.gif
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKU\S-1-5-21-3225645889-90737514-4092726810-1002\...\StartupApproved\Run: => "Paltalk"
    HKU\S-1-5-21-3225645889-90737514-4092726810-1002\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{312D6DD8-A1FB-4817-A9BD-0B27E5904839}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{9CC0ABB5-B9EB-4A68-AE3D-F832F35BC8AF}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
    FirewallRules: [{CB5E0EDB-BEAB-4E24-A982-6E27403A9557}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{A458D4A1-F52D-4C74-81F1-14AFDEF000D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{2C571F8F-0F53-4241-ADE9-D821DD6A25DE}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
    FirewallRules: [{6535C6E9-AAF2-4035-A402-978BA93B1320}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{29454CB9-23A7-481E-AD90-2F21EAB23B6A}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{08EC6850-F26C-4223-9ECD-6BC26350B02E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{A6525F84-E349-47F1-8A66-9F2BD16376A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    ==================== Restore Points =========================

    28-05-2020 11:21:26 Windows Modules Installer
    01-06-2020 10:43:44 Windows Update

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (05/31/2020 09:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Maxthon.exe, version: 5.3.8.2000, time stamp: 0x5db2c7f0
    Faulting module name: mx_core.dll, version: 5.2.22.688, time stamp: 0x5db1763d
    Exception code: 0xc0000005
    Fault offset: 0x0003d997
    Faulting process id: 0x1254
    Faulting application start time: 0x01d637be909b8ee0
    Faulting application path: C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    Faulting module path: C:\Program Files (x86)\Maxthon5\Core\mx_core.dll
    Report Id: c9229e82-bce9-4fe0-af49-3c5f9a111583
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (05/31/2020 09:43:09 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
    .

    Error: (05/31/2020 09:43:09 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
    ]

    Error: (05/30/2020 10:06:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Taskmgr.exe version 10.0.18362.693 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 342c

    Start Time: 01d636f83540dceb

    Termination Time: 24

    Application Path: C:\Windows\System32\Taskmgr.exe

    Report Id: 1254231b-a788-44a1-a5d7-7d7063b99e2d

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Cross-thread

    Error: (05/30/2020 05:25:30 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
    Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5744, ProfSvc PID: 1804.

    Error: (05/30/2020 08:37:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program CCleanerBrowser.exe version 81.0.4054.116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 140e4

    Start Time: 01d635a4559a2dd7

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe

    Report Id: ce3b57a7-bc31-485d-bdf2-4635ac669d07

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Unknown

    Error: (05/29/2020 10:47:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program ShellExperienceHost.exe version 10.0.18362.752 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1ef0

    Start Time: 01d62eb0cb2f359a

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

    Report Id: 135a0563-5499-4b0f-b1fc-7635bc3d1352

    Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: App

    Hang type: Quiesce

    Error: (05/29/2020 09:16:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program msedge.exe version 83.0.478.37 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 10c04

    Start Time: 01d635a8b8e9dd3e

    Termination Time: 60000

    Application Path: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

    Report Id: 8ae3a0a1-b24e-4248-8a62-0a5e41462630

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Unknown


    System errors:
    =============
    Error: (06/01/2020 10:45:21 AM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (06/01/2020 10:45:19 AM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (06/01/2020 10:45:17 AM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (06/01/2020 10:45:14 AM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (06/01/2020 10:45:12 AM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (06/01/2020 10:45:10 AM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (06/01/2020 10:45:08 AM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (06/01/2020 10:45:06 AM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.


    Windows Defender:
    ===================================
    Date: 2020-05-31 21:46:58.118
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.313.1687.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2020-05-31 21:46:58.118
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.313.1687.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2020-05-31 21:46:58.118
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.313.1687.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2020-05-31 21:46:58.109
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.313.1687.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    Date: 2020-05-31 21:46:58.108
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.313.1687.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16900.4
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    CodeIntegrity:
    ===================================

    Date: 2020-06-01 04:02:59.244
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-06-01 04:02:57.057
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-06-01 04:02:56.878
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-06-01 04:02:56.689
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-06-01 04:02:40.123
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-06-01 03:55:15.561
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-06-01 03:55:15.401
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-06-01 03:55:15.153
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    BIOS: LENOVO 8TCN53WW 05/17/2019
    Motherboard: LENOVO LNVNB161216
    Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
    Percentage of memory in use: 80%
    Total physical RAM: 4005.22 MB
    Available physical RAM: 785.55 MB
    Total Virtual: 7973.22 MB
    Available Virtual: 3682.43 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:854.6 GB) NTFS

    \\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.54 GB) NTFS
    \\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  4. #34
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,899

    Default

    System errors:
    =============
    Error: (06/01/2020 10:45:21 AM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    There are many of the above showing in the log, this is kinda what I expected. What we can try to do now is run a Microsoft tool and attempt to fix it.


    chkdsk /r
    Check Disk /R - With log
    Check Disk (chkdsk)
    Follow the instructions below to run a CHKDSK scan on your Windows partition;
    • On Windows 8.1, and Windows 10, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
    • Enter the command chkdsk /r (there's a space between "chkdsk" and "/r") and press on Enter;
    • A message will be returned, stating that the drive cannot be locked because it's already in use, and you'll be asked if you want to schedule the scan for the next restart. Enter y and press on Enter;
    • Restart your computer, and the chkdsk scan will be launched automatically;
    • Once the chkdsk scan is complete and you're back in Windows, find the log in the Event Viewer and copy/paste it in your next reply;

    WARNING: Depending on your hard drive (specs, free space, fragmentation, etc.) this scan can be relatively long to complete. Give it all the time it needs to finish. Do not interrupt it for any reason there is, or you might be damaging your drive in the process and make your Windows unbootable. It's suggested to let this scan run overnight or when you leave the house for a few hours (when you go to work for example). If you are running this scan on a laptop, don't forget to leave it plugged in;
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #35
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    313

    Default

    i'm sorry juliet...that didn't work here like that. you know before when i had t reinstall command prompt wasn't at that location either. i just searched to pull it up. but this was what i got....
    Attached Images Attached Images

  6. #36
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    313

    Default

    oh stop the train! let dummy catch up...did i mention i had pnuemonia the last three days? He maketh me to lie down sorry. now i'll do it right

  7. #37
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    313

    Default

    well i did it spelled right and still no command prompt

  8. #38
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,899

    Default

    Sorry to hear you've been sick, get better soon.

    See if we can try it this way

    Click Start.
    Type cmd at the Search program and files search box.
    Right-click on cmd.exe.
    Click Run as Administrator.
    Type in your Administrator password.
    When cmd.exe opens, type the command: chkdsk /r
    Press Enter.

    A message will be returned, stating that the drive cannot be locked because it's already in use, and you'll be asked if you want to schedule the scan for the next restart. Enter y and press on Enter;
    Restart your computer, and the chkdsk scan will be launched automatically;
    Once the chkdsk scan is complete and you're back in Windows, find the log in the Event Viewer and copy/paste it in your next reply;


    Hopefully this will run, if not, we're running out of options.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •