Results 1 to 9 of 9

Thread: is it microsoft or is it fake?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default is it microsoft or is it fake?

    that's my question after they took control of my pc and had me call a tech of theirs to let him into my pc to find the problem...lol, yea ok...hello stranger so you want in my pc? that what he said. i told him i'd get back with him on that. just being safe here, you may find nothing or a lot. thank you!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
    Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (18-12-2020 20:16:22)
    Running from C:\Users\ronny\Downloads
    Loaded Profiles: ronny
    Platform: Windows 10 Home Version 1909 18363.1256 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
    (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
    (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
    (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <35>
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1667208 2020-11-23] (Logitech Inc -> Logitech, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
    HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
    HKLM\...\Policies\Explorer: [New Value #1]
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27660216 2020-11-10] (A.V.M. SOFTWARE, INC. -> AVM Software)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27660216 2020-11-10] (A.V.M. SOFTWARE, INC. -> AVM Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {3157D448-CF82-4935-9BE8-7A38D7874FE5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe
    Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
    Task: {6BD67C7B-1EED-4037-A8C9-B4B6359EADD4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
    Task: {7D14A629-B295-47BB-9607-5A955A6F2FAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {97604842-DA68-4926-806B-C0861C13882C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
    Task: {E01434BC-B825-49F7-BAD7-D42970B88A76} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
    Task: {FA810C09-D881-4375-A1F0-17C65E6B4EEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
    Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{1232e081-3ace-4211-9a2a-c7905161ff8c}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{af97352d-e735-4ecd-bdfa-31997e5c514b}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{ed8eb7c4-60b8-418b-a88b-903ebe971820}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{fd63fefb-e36d-4b82-a277-e20845b6d9ff}: [DhcpNameServer] 192.168.42.129

    Edge:
    ======
    DownloadDir: C:\Users\ronny\Downloads
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-18]
    Edge DownloadDir: C:\Users\ronny\Downloads
    Edge Notifications: Default -> hxxps://www.youtube.com
    Edge HomePage: Default -> hxxps://www.oann.com/
    Edge DefaultSearchURL: Default -> hxxps://images.crazygames.com/games/cannon-balls-3d/thumb-1576755043044.png?auto=format,compress&q=75&cs=strip&ch=DPR&w=192&h=192&fit=fill&fill=blur
    Edge Extension: (Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bifnnkpgakamifkjfppdlmmbeojlgdfi [2020-07-28]
    Edge Extension: (Featured Songs | SingSnap Karaoke) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hhiajehpjhiangplbhcdmaomkbcjkiok [2020-07-28]
    Edge Extension: (Amazon Assistant) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2020-09-25]
    Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
    Edge Extension: ((7) Facebook) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofohkhocbjomniionenjnkmhapjnahmj [2020-07-28]
    Edge Extension: (8 Ball Pool - A free Sports Game) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pflldibpeogkdfhedafalghhpnfofnaj [2020-07-28]

    FireFox:
    ========
    FF DefaultProfile: 1a5my9te.default
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\1a5my9te.default [2020-12-18]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zb50iane.default-release [2020-12-18]
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
    FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
    FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
    FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
    S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
    R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [117168 2015-08-07] (Andrea Electronics -> Andrea Electronics Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-13] (Malwarebytes Inc -> Malwarebytes)
    R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1337784 2020-09-30] (A.V.M. SOFTWARE, INC. -> AVM Software)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BthA2dp; C:\windows\System32\drivers\BthA2dp.sys [231936 2019-10-06] (Microsoft Corporation) [File not signed]
    S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 DroidCam; C:\windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
    S3 DroidCamVideo; C:\windows\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    S3 e2esoft_ivcamaudio_simple; C:\windows\system32\drivers\iVCamAud.sys [255464 2020-11-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
    R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [153312 2020-11-13] (Malwarebytes Corporation -> Malwarebytes)
    S3 iVCam; C:\windows\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
    R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-09] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [19912 2020-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [197792 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248968 2020-11-25] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [138904 2020-12-15] (Malwarebytes Inc -> Malwarebytes)
    S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 stdriver; C:\windows\system32\DRIVERS\stdriverx64.sys [54664 2020-07-15] (NCH Software Pty Ltd -> )
    R3 VCAM_WDM; C:\windows\system32\DRIVERS\VCam_WDM.sys [1090984 2018-03-13] (Shanghai Yitu Information Technology Co.,Ltd. -> e2eSoft)
    S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-12-18 20:16 - 2020-12-18 20:17 - 000015158 _____ C:\Users\ronny\Downloads\FRST.txt
    2020-12-18 20:13 - 2020-12-18 20:16 - 000000000 ____D C:\FRST
    2020-12-18 20:11 - 2020-12-18 20:12 - 002286592 _____ (Farbar) C:\Users\ronny\Downloads\FRST64.exe
    2020-12-18 20:11 - 2020-12-18 20:11 - 002286592 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 748936.crdownload
    2020-12-18 20:02 - 2020-12-18 20:02 - 000000207 _____ C:\windows\tweaking.com-regbackup-DADS-Windows-10-Home-(64-bit).dat
    2020-12-18 20:02 - 2020-12-18 20:02 - 000000000 ____D C:\RegBackup
    2020-12-18 20:01 - 2020-12-18 20:02 - 000017987 _____ C:\windows\Tweaking.com - Registry Backup Setup Log.txt
    2020-12-18 20:01 - 2020-12-18 20:01 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup.exe
    2020-12-18 20:01 - 2020-12-18 20:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2020-12-18 20:01 - 2020-12-18 20:01 - 000002315 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
    2020-12-18 20:01 - 2020-12-18 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2020-12-18 20:01 - 2020-12-18 20:01 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2020-12-18 19:41 - 2020-12-18 19:41 - 000015194 _____ C:\Users\ronny\Downloads\This computer is BLOCKED.html
    2020-12-16 23:22 - 2020-12-16 23:22 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc (2).xlsx
    2020-12-16 23:19 - 2020-12-16 23:19 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc.xlsx
    2020-12-16 23:19 - 2020-12-16 23:19 - 000128607 _____ C:\Users\ronny\Downloads\Dominion_Voting_Systems_Inc (1).xlsx
    2020-12-16 23:19 - 2020-12-16 23:19 - 000000000 ____D C:\Users\ronny\AppData\Roaming\LibreOffice
    2020-12-16 15:16 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\windows\system32\Drivers\ssudbus2.sys
    2020-12-15 22:10 - 2020-12-15 22:10 - 000197792 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
    2020-12-15 22:10 - 2020-12-15 22:10 - 000138904 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
    2020-12-15 22:10 - 2020-12-15 22:10 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
    2020-12-15 21:59 - 2020-12-15 21:59 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
    2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\ProgramData\Logishrd
    2020-12-15 21:58 - 2020-12-15 21:58 - 000000000 ____D C:\Program Files\Logitech
    2020-12-15 21:56 - 2020-12-15 21:56 - 211968984 _____ (Logitech Inc.) C:\Users\ronny\Downloads\Options_8.36.86.exe
    2020-12-14 23:50 - 2020-12-14 23:50 - 000117740 _____ C:\windows\system32\cc_20201214_235031.reg
    2020-12-14 23:35 - 2020-12-18 19:50 - 000000000 ____D C:\Program Files\CCleaner
    2020-12-14 23:35 - 2020-12-17 19:44 - 000004210 _____ C:\windows\system32\Tasks\CCleaner Update
    2020-12-14 23:35 - 2020-12-14 23:35 - 000002866 _____ C:\windows\system32\Tasks\CCleanerSkipUAC
    2020-12-14 23:35 - 2020-12-14 23:35 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2020-12-14 23:35 - 2020-12-14 23:35 - 000000870 _____ C:\ProgramData\Desktop\CCleaner.lnk
    2020-12-14 23:35 - 2020-12-14 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2020-12-14 23:34 - 2020-12-14 23:35 - 030536752 _____ (Piriform Software Ltd) C:\Users\ronny\Downloads\ccsetup575.exe
    2020-12-14 02:59 - 2020-11-04 00:13 - 000255464 _____ (e2eSoft) C:\windows\system32\Drivers\iVCamAud.sys
    2020-12-14 02:56 - 2020-12-14 02:56 - 018077432 _____ (e2eSoft ) C:\Users\ronny\Downloads\iVCam_x64_v6.1.5.exe
    2020-12-14 02:54 - 2020-12-14 02:54 - 000000000 ____D C:\windows\LastGood.Tmp
    2020-12-14 02:54 - 2020-11-02 18:40 - 001090536 _____ (e2eSoft) C:\windows\system32\Drivers\iVCam.sys
    2020-12-14 02:53 - 2020-12-14 02:53 - 015804440 _____ (e2eSoft ) C:\Users\ronny\Downloads\iVCam_v4.6.exe
    2020-12-11 03:38 - 2020-12-11 03:38 - 003768309 _____ C:\Users\ronny\Downloads\OneDrive-2020-12-11.zip
    2020-12-09 12:32 - 2020-12-09 12:32 - 000220160 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
    2020-12-09 01:27 - 2020-12-09 01:27 - 002045952 _____ C:\windows\system32\rdpnano.dll
    2020-12-09 01:27 - 2020-12-09 01:27 - 001756600 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
    2020-12-09 01:27 - 2020-12-09 01:27 - 001366144 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
    2020-12-09 01:27 - 2020-12-09 01:27 - 000171008 _____ C:\windows\system32\FsNVSDeviceSource.dll
    2020-12-09 01:27 - 2020-12-09 01:27 - 000102912 _____ (Microsoft Corporation) C:\windows\system32\ncpa.cpl
    2020-12-09 01:27 - 2020-12-09 01:27 - 000100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncpa.cpl
    2020-12-09 01:27 - 2020-12-09 01:27 - 000059392 _____ C:\windows\system32\runexehelper.exe
    2020-12-09 01:27 - 2020-12-09 01:27 - 000001370 _____ C:\windows\system32\ThirdPartyNoticesBySHS.txt
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000357 _____ C:\windows\system32\DrtmAuth14.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000357 _____ C:\windows\system32\DrtmAuth13.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth9.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth8.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth7.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth6.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth5.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth4.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth3.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth2.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth18.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth17.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth16.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth15.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth12.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth11.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth10.bin
    2020-12-09 01:27 - 2020-12-09 01:27 - 000000315 _____ C:\windows\system32\DrtmAuth1.bin
    2020-12-04 12:27 - 2020-12-04 12:31 - 015412776 _____ C:\Users\ronny\Downloads\DroidCam.Setup.6.3.3.exe
    2020-12-04 10:23 - 2020-12-04 10:59 - 062378712 _____ (Dwyco, Inc. ) C:\Users\ronny\Downloads\cdcxdwy.exe
    2020-11-30 15:34 - 2020-11-30 15:34 - 000301570 _____ C:\Users\ronny\Downloads\2556 (2).dcr
    2020-11-30 15:34 - 2020-11-30 15:34 - 000301570 _____ C:\Users\ronny\Downloads\2556 (1).dcr
    2020-11-27 19:57 - 2020-11-27 19:57 - 029043984 _____ () C:\Users\ronny\Downloads\WiFi_22.0.0_Driver64_Win10.exe
    2020-11-27 19:46 - 2020-11-27 19:46 - 008331800 _____ C:\Users\ronny\Downloads\16 watch back over your shoulder.m4a
    2020-11-25 18:20 - 2020-11-25 18:20 - 000248968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
    2020-11-21 23:40 - 2020-11-21 23:40 - 000000000 ___HD C:\$SysReset
    2020-11-20 01:02 - 2020-11-20 01:02 - 000301570 _____ C:\Users\ronny\Downloads\2556.dcr

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-12-18 19:57 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-12-18 19:52 - 2019-10-23 14:32 - 000840852 _____ C:\windows\system32\PerfStringBackup.INI
    2020-12-18 19:52 - 2019-03-18 22:50 - 000000000 ____D C:\windows\INF
    2020-12-18 19:49 - 2020-07-01 21:15 - 000000000 ___RD C:\Users\ronny\OneDrive
    2020-12-18 19:49 - 2020-06-08 10:08 - 000000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2020-12-18 19:48 - 2020-07-01 21:08 - 000000000 ____D C:\Users\ronny
    2020-12-18 19:48 - 2019-10-23 13:31 - 000000006 ____H C:\windows\Tasks\SA.DAT
    2020-12-18 19:48 - 2019-10-23 13:31 - 000000000 ____D C:\windows\system32\SleepStudy
    2020-12-18 14:37 - 2020-07-10 04:21 - 000004142 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
    2020-12-18 12:25 - 2019-03-18 22:52 - 000000000 ____D C:\windows\AppReadiness
    2020-12-16 15:17 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-12-16 01:43 - 2020-07-10 06:41 - 006275072 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
    2020-12-15 22:31 - 2020-07-10 06:41 - 006275072 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
    2020-12-15 22:11 - 2020-07-01 21:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2020-12-15 22:09 - 2019-03-18 22:37 - 000786432 _____ C:\windows\system32\config\BBI
    2020-12-15 21:29 - 2020-07-10 04:36 - 000000000 ____D C:\Users\ronny\AppData\Local\e2eSoft
    2020-12-15 21:29 - 2020-07-10 04:20 - 000000000 ____D C:\Program Files (x86)\e2eSoft
    2020-12-14 23:57 - 2020-07-01 21:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
    2020-12-14 23:41 - 2020-11-12 21:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
    2020-12-14 23:41 - 2020-07-01 21:02 - 000000000 ____D C:\windows\minidump
    2020-12-14 23:41 - 2019-10-23 14:30 - 000000000 ____D C:\windows\Panther
    2020-12-14 23:41 - 2019-03-18 22:52 - 000000000 ____D C:\windows\LiveKernelReports
    2020-12-14 22:58 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\NDF
    2020-12-14 22:40 - 2020-09-06 13:10 - 000000000 ____D C:\Program Files (x86)\ClipX
    2020-12-14 21:12 - 2020-07-03 00:16 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
    2020-12-13 02:41 - 2020-07-12 10:01 - 000000000 ____D C:\ProgramData\Paltalk Update
    2020-12-13 02:11 - 2020-07-12 10:00 - 000000000 ____D C:\Program Files (x86)\Paltalk
    2020-12-12 22:57 - 2020-07-19 07:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2020-12-12 22:57 - 2020-07-19 07:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2020-12-12 22:57 - 2020-07-19 07:00 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
    2020-12-12 02:39 - 2020-07-01 21:15 - 000003354 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-687888615-3449104039-937635755-1001
    2020-12-12 02:39 - 2020-07-01 21:15 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-12-11 09:15 - 2020-07-01 21:15 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
    2020-12-11 03:25 - 2020-09-16 12:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2020-12-09 12:33 - 2019-10-23 13:34 - 000000000 __RHD C:\Users\Public\AccountPictures
    2020-12-09 12:32 - 2020-07-01 21:12 - 000000000 ___RD C:\Users\ronny\3D Objects
    2020-12-09 12:32 - 2019-10-23 13:31 - 000438640 _____ C:\windows\system32\FNTCACHE.DAT
    2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ___RD C:\windows\ImmersiveControlPanel
    2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Dism
    2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SystemResources
    2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\oobe
    2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Dism
    2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\ShellExperiences
    2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\windows\bcastdvr
    2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files\Windows Defender
    2020-12-09 12:30 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2020-12-09 01:30 - 2019-03-18 22:37 - 000000000 ____D C:\windows\CbsTemp
    2020-12-08 21:16 - 2020-07-02 23:50 - 000004524 _____ C:\windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
    2020-12-08 21:16 - 2019-03-18 22:56 - 000842296 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerApp.exe
    2020-12-08 21:16 - 2019-03-18 22:56 - 000175160 _____ (Adobe) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2020-12-08 21:16 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Macromed
    2020-12-08 21:16 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Macromed
    2020-12-04 12:32 - 2020-07-09 18:50 - 000000000 ____D C:\ProgramData\Package Cache
    2020-12-04 11:00 - 2020-07-10 04:03 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
    2020-12-04 10:32 - 2019-10-23 13:31 - 000000000 ____D C:\windows\system32\Drivers\wd
    2020-12-03 14:18 - 2019-10-23 14:40 - 000003418 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
    2020-12-03 14:18 - 2019-10-23 14:40 - 000003294 _____ C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
    2020-12-02 17:19 - 2019-10-23 14:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2020-12-02 17:19 - 2019-10-23 14:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2020-12-02 17:19 - 2019-10-23 14:40 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2020-11-30 08:21 - 2020-07-19 07:00 - 000003480 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2020-11-30 08:21 - 2020-07-19 07:00 - 000003356 _____ C:\windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2020-11-27 19:59 - 2020-06-08 10:08 - 000000000 ____D C:\Program Files\Intel
    2020-11-25 11:20 - 2020-09-16 12:35 - 000004562 _____ C:\windows\system32\Tasks\Adobe Acrobat Update Task
    2020-11-22 00:58 - 2020-08-12 10:00 - 000000000 ____D C:\Program Files (x86)\Easy Thumbnails
    2020-11-22 00:57 - 2020-11-16 00:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Thumbnails
    2020-11-22 00:57 - 2020-09-30 00:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2020-11-22 00:57 - 2020-08-16 21:44 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Easy Thumbnails
    2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Portable Devices
    2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
    2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2020-11-22 00:57 - 2019-03-19 00:20 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ___RD C:\windows\PrintDialog
    2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ___HD C:\windows\ELAMBKUP
    2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\PolicyDefinitions
    2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\L2Schemas
    2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\IME
    2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\DiagTrack
    2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\windows\Containers
    2020-11-22 00:57 - 2019-03-18 22:52 - 000000000 ____D C:\Program Files\Common Files\System
    2020-11-22 00:57 - 2019-03-18 22:37 - 000000000 ____D C:\windows\servicing
    2020-11-22 00:52 - 2019-03-19 00:19 - 000000000 ____D C:\windows\system32\OpenSSH
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\SysWOW64\F12
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\SysWOW64\DiagSvcs
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\UNP
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\F12
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\dsc
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ___SD C:\windows\system32\DiagSvcs
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\TextInput
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\setup
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\PerceptionSimulation
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\oobe
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\migwiz
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\InstallShield
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\downlevel
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\Com
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\SysWOW64\AdvancedInstallers
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\WinMetadata
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\WinBioPlugIns
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\SystemResetPlatform
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Sysprep
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\ShellExperiences
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\setup
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\PerceptionSimulation
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\migwiz
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\InputMethod
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\downlevel
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\DDFs
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\Com
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\appraiser
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\system32\AdvancedInstallers
    2020-11-22 00:52 - 2019-03-18 22:52 - 000000000 ____D C:\windows\ShellComponents
    2020-11-22 00:31 - 2019-03-18 22:52 - 000000000 ____D C:\windows\registration

    ==================== Files in the root of some directories ========

    2020-07-10 04:21 - 2020-07-10 04:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
    Ran by ronny (18-12-2020 20:18:03)
    Running from C:\Users\ronny\Downloads
    Windows 10 Home Version 1909 18363.1256 (X64) (2020-07-02 03:02:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
    Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
    ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    (7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
    8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
    CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
    Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
    Dwyco CDC-X version 2.30 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.30 - Dwyco, Inc.)
    e2eSoft VCam 6.4 (HKLM-x32\...\VCam_is1) (Version: 6.4 - e2eSoft)
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
    Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
    Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
    Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
    Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
    Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
    LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
    Logitech Options (HKLM\...\LogiOptions) (Version: 8.36.86 - Logitech)
    Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation)
    Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
    Microsoft OneDrive (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
    Mozilla Firefox 43.0 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0 (x64 en-US)) (Version: 43.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
    ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
    Paltalk (HKLM-x32\...\Paltalk) (Version: - )
    PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 6.42 - NCH Software)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
    RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 11.27 - NCH Software)

    Packages:
    =========
    All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.0.26.0_x64__0aqw1zw0x2snt [2020-12-02] (韵华软件) [MS Ad]
    Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_1.1.0.0_x86__0ah1jqwq7j8nj [2020-12-11] (Ironjaw Studios Private Limited) [MS Ad]
    Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.50.7.0_x86__kgqvnymyfvs32 [2020-12-16] (king.com)
    Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.35.0_x64__xsbsxxypt8dh6 [2020-12-16] (eyacker.com)
    Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.9.0_x64__q68sgvev02mx6 [2020-11-22] (Swisspix) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Studios) [MS Ad]
    Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-22] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok

    ==================== Loaded Modules (Whitelisted) =============

    2020-10-09 12:56 - 2020-10-09 12:56 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
    2020-10-09 12:56 - 2020-10-09 12:56 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
    2020-10-09 12:56 - 2020-10-09 12:56 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
    2020-10-09 12:56 - 2020-10-09 12:56 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
    2020-10-09 12:56 - 2020-10-09 12:56 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-28] (Oracle America, Inc. -> Oracle Corporation)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-03-18 22:49 - 2019-03-18 22:49 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Desktop\Grand-Teton-National-Park-Wyoming.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{1EFE4B38-276B-4B44-B0F7-A28E15464D81}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{2811985E-4113-43E9-91BC-9538D7559372}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [TCP Query User{59D56F90-F78C-4975-B93B-BC7113E70530}C:\program files (x86)\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files (x86)\e2esoft\ivcam\ivcam.exe => No File
    FirewallRules: [UDP Query User{A6C00DBA-BDA5-4E65-9447-C6482AC5F8D8}C:\program files (x86)\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files (x86)\e2esoft\ivcam\ivcam.exe => No File
    FirewallRules: [{5B55DA72-E057-4E45-BE35-E09C0C0759F7}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
    FirewallRules: [{17E8ABB5-14C9-4C7D-B730-018C58B1E484}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
    FirewallRules: [TCP Query User{2F221377-8491-488A-BDA7-003BE5028821}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{BF8399EB-40A7-4C06-A57B-9477A0FE9ECA}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [{2E835BC0-9A0F-4588-9095-605F448A1D05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{C4419992-6231-4561-885A-8A0DF09DEC6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A57B8224-7F4B-4CE6-AEC1-6CB81CFA8FE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{EE4753E1-9862-4FEA-8018-675B60397C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{94A83817-8FB6-4ECB-8CAC-8DBE6A9698EC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
    FirewallRules: [UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
    FirewallRules: [TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
    FirewallRules: [UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
    FirewallRules: [{0C212BF3-8492-42EF-9255-0AF5CC41A6CA}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)

    ==================== Restore Points =========================

    06-12-2020 17:00:39 Scheduled Checkpoint
    14-12-2020 22:39:27 Removed Speedtest by Ookla

    ==================== Faulty Device Manager Devices ============

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname Dads.local already in use; will try Dads-2.local instead

    Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Dads.local. Addr 192.168.1.4

    Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F

    Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA FE80:0000:0000:0000:088D:D0CD:FD1C:D91F

    Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F

    Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Dads.local. Addr 192.168.1.4

    Error: (12/17/2020 08:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.4:5353 16 Dads.local. AAAA 2600:0380:5677:A9C2:088D:D0CD:FD1C:D91F

    Error: (12/17/2020 08:10:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname Dads.local already in use; will try Dads-2.local instead


    System errors:
    =============
    Error: (12/18/2020 07:48:24 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 7:46:42 PM on ‎12/‎18/‎2020 was unexpected.

    Error: (12/17/2020 09:40:16 AM) (Source: Tcpip) (EventID: 4207) (User: )
    Description: The IPv6 TCP/IP interface with index 4 failed to bind to its provider.

    Error: (12/17/2020 09:40:16 AM) (Source: Tcpip) (EventID: 4207) (User: )
    Description: The IPv4 TCP/IP interface with index 4 failed to bind to its provider.

    Error: (12/17/2020 09:40:16 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
    Description: Miniport Remote NDIS based Internet Sharing Device #3, {1232e081-3ace-4211-9a2a-c7905161ff8c}, had event 74

    Error: (12/14/2020 11:49:30 PM) (Source: DCOM) (EventID: 10000) (User: DADS)
    Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
    "2147942767"
    Happened while starting this command:
    C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

    Error: (12/14/2020 11:41:17 PM) (Source: DCOM) (EventID: 10000) (User: DADS)
    Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
    "2147942767"
    Happened while starting this command:
    C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

    Error: (12/14/2020 11:28:07 PM) (Source: DCOM) (EventID: 10010) (User: DADS)
    Description: The server Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

    Error: (12/14/2020 11:01:33 PM) (Source: DCOM) (EventID: 10010) (User: DADS)
    Description: The server Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.


    Windows Defender:
    ===================================
    Date: 2020-12-08 19:38:26.065
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {0452B4B1-4213-400E-8B6F-A8FCE041DCC0}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-12-07 15:12:22.939
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {A50EFC74-6F1F-494A-9DB6-79E9DED16A40}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-12-06 13:01:24.017
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {D28B6F6A-FF82-428C-A00F-3919158CC07A}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-07-22 02:55:54.791
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {5454A90F-D8A4-4859-9E10-F51C4357ACCA}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-07-04 05:00:11.879
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {9AC034E9-45EC-48FB-ADE9-F0F335743D33}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2020-12-08 10:42:24.209
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.327.2240.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2020-11-07 12:23:10.002
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.327.510.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070645
    Error description: This action is only valid for products that are currently installed.

    Date: 2020-11-07 12:23:10.001
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.327.510.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiSpyware
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070645
    Error description: This action is only valid for products that are currently installed.

    Date: 2020-11-07 12:23:10.001
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.327.510.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17600.5
    Error code: 0x80070645
    Error description: This action is only valid for products that are currently installed.

    Date: 2020-09-01 01:39:39.958
    Description:
    Windows Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.319.2097.0
    Update Source: Microsoft Malware Protection Center
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.17200.2
    Error code: 0x80072f8f
    Error description: A security error occurred

    CodeIntegrity:
    ===================================

    Date: 2020-12-18 20:07:23.677
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

    Date: 2020-12-18 20:07:23.675
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

    Date: 2020-12-18 20:07:23.185
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

    Date: 2020-12-18 20:07:23.184
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

    Date: 2020-12-18 20:07:15.696
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-12-18 20:07:15.695
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-12-18 20:06:44.717
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    Date: 2020-12-18 20:06:44.716
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    BIOS: Hewlett-Packard L01 v02.65 07/13/2015
    Motherboard: Hewlett-Packard 1998
    Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
    Percentage of memory in use: 54%
    Total physical RAM: 8082.33 MB
    Available physical RAM: 3643.05 MB
    Total Virtual: 9362.33 MB
    Available Virtual: 4738.89 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:882.33 GB) NTFS
    Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:336.59 GB) NTFS

    \\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
    \\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ (Recovery image) (Fixed) (Total:0.73 GB) (Free:0.3 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=749 MB) - (Type=27)

    ==========================================================
    Disk: 1 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt =======================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2020-12-18 20:20:07
    -----------------------------
    20:20:07.706 OS Version: Windows x64 6.2.9200
    20:20:07.706 Number of processors: 4 586 0x3C03
    20:20:07.716 ComputerName: DADS UserName:
    20:20:12.465 Initialize success
    20:20:12.557 VM: initialized successfully
    20:20:12.557 VM: Intel CPU BiosDisabled
    20:24:01.674 AVAST engine defs: 17030301
    20:24:06.745 The log file has been saved successfully to "C:\Users\ronny\OneDrive\Desktop\aswMBR.txt"

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    YOUR COMPUTER HAS BEEN BLOCKED Tech Support Scam
    is an web browser advertisement shown by scammy remote tech support companies that try to scare visitors into thinking that they are infected so they call the listed phone number. I want to make it clear that if you see this alert in a web browser then your computer is fine! This is just an advertisement and you should not call the number or purchase any services from them.
    https://www.bleepingcomputer.com/vir...h-support-scam

    almost all browser based tech support scams can be closed by simply opening Windows Task Manager and ending the browser process. It is important, though, that if you end the browser process that you do not reopen previously closed sites if prompted by the browser when you start it again.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
    FirewallRules: [{5B55DA72-E057-4E45-BE35-E09C0C0759F7}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
    FirewallRules: [{17E8ABB5-14C9-4C7D-B730-018C58B1E484}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
    FirewallRules: [TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
    FirewallRules: [UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
    FirewallRules: [TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
    FirewallRules: [UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download and run AdwCleaner

    Download AdwCleaner from here and save it to your desktop.
    • run AdwCleaner by clicking on Scan Now
    • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
    • if it asks to reboot, allow the reboot
    • on reboot, click on View Log File; please attach the content of the log to your next reply.

    ============================================

    Run Malwarebytes Anti-Malware

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard

    Logs to include with the next post:

    Fixlog.txt
    AdwCleaner log
    Mbam.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    ok juliet thanks, here are those reports. thanks...



    Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
    Ran by ronny (19-12-2020 11:09:14) Run:1
    Running from C:\Users\ronny\Downloads
    Loaded Profiles: ronny
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Shortcut: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
    ShortcutWithArgument: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=ofohkhocbjomniionenjnkmhapjnahmj
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=pflldibpeogkdfhedafalghhpnfofnaj
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bifnnkpgakamifkjfppdlmmbeojlgdfi
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hhiajehpjhiangplbhcdmaomkbcjkiok
    FirewallRules: [{5B55DA72-E057-4E45-BE35-E09C0C0759F7}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
    FirewallRules: [{17E8ABB5-14C9-4C7D-B730-018C58B1E484}] => (Allow) C:\Program Files (x86)\e2eSoft\iVCam\iVCam.exe => No File
    FirewallRules: [TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
    FirewallRules: [UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe] => (Allow) C:\program files (x86)\droidcam\droidcamapp.exe => No File
    FirewallRules: [TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
    FirewallRules: [UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk => moved successfully
    C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pflldibpeogkdfhedafalghhpnfofnaj\8 Ball Pool - A free Sports Game.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__ofohkhocbjomniionenjnkmhapjnahmj\(7) Facebook.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__hhiajehpjhiangplbhcdmaomkbcjkiok\Featured Songs _ SingSnap Karaoke.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__bifnnkpgakamifkjfppdlmmbeojlgdfi\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\(7) Facebook.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\8 Ball Pool - A free Sports Game.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Featured Songs _ SingSnap Karaoke.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\8 Ball Pool - A free Sports Game.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games.lnk => Shortcut argument removed successfully
    C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Featured Songs _ SingSnap Karaoke.lnk => Shortcut argument removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B55DA72-E057-4E45-BE35-E09C0C0759F7}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17E8ABB5-14C9-4C7D-B730-018C58B1E484}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{21742A2E-A3A7-4E1C-965A-2DF33F768BFE}C:\program files (x86)\droidcam\droidcamapp.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E3799086-38B3-4B01-B15D-AFDFF6DC1C33}C:\program files (x86)\droidcam\droidcamapp.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B93A14C0-AA21-431D-8614-A6DBA01C959C}C:\program files\e2esoft\ivcam\ivcam.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7C3AABD3-D87E-4DC4-AC95-CDE8C3ACFF27}C:\program files\e2esoft\ivcam\ivcam.exe" => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\AdobeARM.log => moved successfully
    C:\Windows\Temp\ArmUI.ini => moved successfully
    C:\Windows\Temp\mat-debug-12736.log => moved successfully
    C:\Windows\Temp\mat-debug-4648.log => moved successfully
    C:\Windows\Temp\mat-debug-5768.log => moved successfully
    C:\Windows\Temp\mat-debug-668.log => moved successfully
    C:\Windows\Temp\mat-debug-7916.log => moved successfully
    C:\Windows\Temp\mat-debug-8340.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\msedge_installer.log => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38262557 B
    Java, Flash, Steam htmlcache => 1229 B
    Windows/system/drivers => 3664611 B
    Edge => 11432926 B
    Chrome => 0 B
    Firefox => 27842288 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 15524 B
    NetworkService => 31504062 B
    ronny => 254211869 B

    RecycleBin => 110106 B
    EmptyTemp: => 360.1 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 11:09:49 ====

    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.8.0
    # -------------------------------
    # Build: 10-08-2020
    # Database: 2020-11-23.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 12-19-2020
    # Duration: 00:00:01
    # OS: Windows 10 Home
    # Cleaned: 0
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1406 octets] - [19/12/2020 11:15:35]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 12/19/20
    Scan Time: 11:22 AM
    Log File: bea1a886-421e-11eb-ae2c-5065f31c66a8.json

    -Software Information-
    Version: 4.2.3.96
    Components Version: 1.0.1122
    Update Package Version: 1.0.34527
    License: Premium

    -System Information-
    OS: Windows 10 (Build 18362.1256)
    CPU: x64
    File System: NTFS
    User: DADS\ronny

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 284654
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 1 min, 17 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    If you didnt allow access to your computer (please dont ever do that) I think your OK.
    What they do while on the computer is start going through documents, favorites to locate bank sites or stored shopping card info, other things they feel they could get access to that might turn up money.

    I'm not seeing an infection on the machine but let's do an online to see if any remnants are found.


    Download
    ESET Online Scanner
    and save it to your desktop.

    • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
    • When the tool opens, click Get Started.
    • Read and accept the license agreement.
    • At the Welcome to ESET Online Scanner window, click Get Started.
    • Select whether you would like to send anonymous data to ESET.
    • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
    • Click on the Full Scan option.
    • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
    • ESET will now begin scanning your computer. This may take some time.
    • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
    • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
    • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
    • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

    ---------------------------------------------------

    How is the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    ok juliet, no i didn't let him do anything. thanks for all your help.

    12/19/2020 14:45:50 PM
    Files scanned: 399715
    Detected files: 1
    Cleaned files: 1
    Total scan time 00:57:17
    Scan status: Finished
    C:\Users\ronny\Downloads\This computer is BLOCKED.html HTML/FakeAlert.SP trojan cleaned by deleting

  6. #6
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    asking about my pc, it has been fine, i just wanted to make sure those pop ups did no harm. i knew i hadn't let him do anything so i was just making sure. thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •