Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: my pc keeps throwing pop ups warning me mcafee has detected 3-5 virus'...

  1. #1
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default my pc keeps throwing pop ups warning me mcafee has detected 3-5 virus'...

    but i don't use mcafee so i thought i better have the right people pop the hood on this clunker to check...the 2nd reoprt didn't make as that program got the blue page during it's run...

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2021
    Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (19-08-2021 21:55:18)
    Running from C:\Users\ronny\Downloads
    Loaded Profiles: ronny
    Platform: Windows 10 Home Version 20H2 19042.1165 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Baltic Latvian Universal Electronics LLC -> ) C:\Program Files\Blue Sherpa\sherpa_service.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\MBVPNService.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <37>
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20090.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20090.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SndVol.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
    (NCH Software, Inc. -> NCH Software) C:\Program Files (x86)\NCH Software\SoundTap\soundtap.exe
    (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM-x32\...\Run: [VRS] => C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8090912 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
    HKLM\...\Policies\Explorer: [New Value #1]
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2194792 2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Malwarebytes Privacy] => C:\Program Files\Malwarebytes\Privacy\UI\mbprivacy.exe [354984 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2147264 2021-08-05] (Wargaming.net Limited -> Wargaming.net)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Samsung DeX] => C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe [10517160 2021-03-03] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\ronny\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
    HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [31193688 2021-08-03] (PALTALK, INC. -> AVM Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.159\Installer\chrmstp.exe [2021-08-18] (Google LLC -> Google LLC)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {36EE3A7E-07D4-4A76-BCE5-42FDCFECFFA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-12] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    Task: {532445BC-23BC-4742-96D4-DAC2C13C9805} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {561E6F49-EC06-4A67-AF3C-7321394EE673} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124112 2020-12-07] (Mozilla Corporation -> Mozilla Foundation)
    Task: {5F54ED48-77D2-4AEE-87E8-F82C71EB8A45} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
    Task: {63D40B72-C951-4C04-9F37-24EE4D57CCFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
    Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
    Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {793F35C6-425D-4ACA-B379-CC823F8FF67B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\Downloads\esetonlinescanner.exe
    Task: {7AFFB79E-C869-4BC0-A467-7E1BD74EA127} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\Downloads\esetonlinescanner.exe
    Task: {7D14A629-B295-47BB-9607-5A955A6F2FAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {7E430002-6821-42AC-A4C3-AF8FAC9F8CF3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {855C0293-3723-44A4-9CB8-7C787D718E9A} - System32\Tasks\NCH Software\VideoPadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [10926568 2021-08-18] (NCH Software, Inc. -> NCH Software)
    Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
    Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
    Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    Task: {A414520F-50C5-4AB1-80F6-A93AADE0013E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe
    Task: {B22DD305-AB28-4EE5-8D3E-0156ADFADB4F} - System32\Tasks\NCH Software\VideoPadCacheDeleteAll => C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe [10926568 2021-08-18] (NCH Software, Inc. -> NCH Software)
    Task: {C9A26270-3C17-4B2F-A6F8-B3B71C78B9FA} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2837864 2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    Task: {E85E19FD-0C98-4D06-8129-FC4964EDB436} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-12] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {EC371213-55BF-47FD-BB30-B9220AECE9CB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{38ae83d3-c5f7-44d3-984f-0acfc8cf2da0}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{5e1c0758-ec84-4b10-a4a1-f7f6a1b3783b}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{865d2f01-f8c5-4163-8a80-73e2360e6c01}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1
    Tcpip\..\Interfaces\{ae4fedb0-b58c-4083-9a00-aa800f0e1404}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{d1b68d3f-9370-45c4-a254-f0c6c61f7079}: [DhcpNameServer] 192.168.42.129

    Edge:
    =======
    DownloadDir: C:\Users\ronny\Downloads
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-19]
    Edge DownloadDir: Default -> C:\Users\ronny\Downloads
    Edge Notifications: Default -> hxxps://mypshsuborg.xyz; hxxps://www.facebook.com
    Edge HomePage: Default -> hxxps://www.oann.com/
    Edge DefaultSearchURL: Default -> hxxps://images.crazygames.com/games/cannon-balls-3d/thumb-1576755043044.png?auto=format,compress&q=75&cs=strip&ch=DPR&w=192&h=192&fit=fill&fill=blur
    Edge Extension: (Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bifnnkpgakamifkjfppdlmmbeojlgdfi [2020-07-28]
    Edge Extension: (Featured Songs | SingSnap Karaoke) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hhiajehpjhiangplbhcdmaomkbcjkiok [2020-07-28]
    Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
    Edge Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-08-17]
    Edge Extension: ((7) Facebook) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofohkhocbjomniionenjnkmhapjnahmj [2020-07-28]
    Edge Extension: (8 Ball Pool - A free Sports Game) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pflldibpeogkdfhedafalghhpnfofnaj [2020-07-28]
    Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    FireFox:
    ========
    FF DefaultProfile: 6nm8fvx2.default-1611594858898
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 [2021-08-19]
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\ntamu3y2.default-1618974619849 [2021-06-30]
    FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
    FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
    FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-07-20] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-07-20] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2021-08-04]
    CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16]
    CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16]
    CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16]
    CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16]
    CHR Extension: (Adobe Acrobat) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-13]
    CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16]
    CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-09]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-02]
    CHR Extension: (SuperNova SWF Enabler) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2021-04-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
    CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16]
    CHR Extension: (Chrome Media Router) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-02]
    CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
    R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [117168 2015-08-07] (Andrea Electronics -> Andrea Electronics Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-12] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-12] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.)
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-07-15] (EasyAntiCheat Oy -> Epic Games, Inc)
    S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\FileSyncHelper.exe [2380152 2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-20] (Malwarebytes Inc -> Malwarebytes)
    R2 MBVpnService; C:\Program Files\Malwarebytes\Privacy\MBVpnService.exe [3276912 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
    S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Privacy\MBVpnTunnelService.exe [2239304 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
    R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4490376 2020-09-18] (Logitech Inc -> Logitech)
    S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\OneDriveUpdaterService.exe [2738552 2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-14] (PALTALK, INC. -> AVM Software)
    R2 sherpa_service; C:\Program Files\Blue Sherpa\sherpa_service.exe [348080 2020-08-01] (Baltic Latvian Universal Electronics LLC -> )
    S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
    R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
    R2 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
    R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
    S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-07] (Malwarebytes Inc -> Malwarebytes)
    S3 EvoMouseDriverMini; C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [25952 2018-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Evoluent)
    S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
    S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-20] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-07-20] (Malwarebytes Inc -> Malwarebytes)
    S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-30] (Malwarebytes Inc -> Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-07-20] (Malwarebytes Inc -> Malwarebytes)
    R3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
    S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
    R3 MpKsl3aa2214d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52A2642F-7C45-4F93-BDDB-97B25FDFC4BD}\MpKslDrv.sys [123112 2021-08-19] (Microsoft Windows -> Microsoft Corporation)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-03-12] (NCH Software Pty Ltd -> )
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-08-19 21:55 - 2021-08-19 21:56 - 000026654 _____ C:\Users\ronny\Downloads\FRST.txt
    2021-08-19 21:54 - 2021-08-19 21:54 - 005198336 _____ (AVAST Software) C:\Users\ronny\Downloads\aswMBR.exe
    2021-08-19 21:53 - 2021-08-19 21:53 - 002300416 _____ (Farbar) C:\Users\ronny\Downloads\FRST64.exe
    2021-08-19 21:52 - 2021-08-19 21:52 - 000018140 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2021-08-19 21:51 - 2021-08-19 21:51 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (4).exe
    2021-08-19 15:23 - 2021-08-19 15:23 - 005195240 _____ (NCH Software) C:\Users\ronny\Downloads\VideoPadVideoEditor (4).exe
    2021-08-19 15:23 - 2021-08-19 15:23 - 000000000 ____D C:\Users\ronny\NCH Software Suite
    2021-08-19 15:21 - 2021-08-19 15:21 - 005195240 _____ (NCH Software) C:\Users\ronny\Downloads\VideoPadVideoEditor (3).exe
    2021-08-19 08:59 - 2021-08-19 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2021-08-18 22:09 - 2021-08-18 22:09 - 001106840 _____ (Unity Technologies ApS) C:\Users\ronny\Downloads\UnityWebPlayer64 (6).exe
    2021-08-18 22:08 - 2021-08-18 22:08 - 001106840 _____ (Unity Technologies ApS) C:\Users\ronny\Downloads\UnityWebPlayer64 (5).exe
    2021-08-18 22:08 - 2021-08-18 22:08 - 001106840 _____ (Unity Technologies ApS) C:\Users\ronny\Downloads\UnityWebPlayer64 (4).exe
    2021-08-18 22:07 - 2021-08-18 22:07 - 001106840 _____ (Unity Technologies ApS) C:\Users\ronny\Downloads\UnityWebPlayer64 (3).exe
    2021-08-18 22:07 - 2021-08-18 22:07 - 001106840 _____ (Unity Technologies ApS) C:\Users\ronny\Downloads\UnityWebPlayer64 (2).exe
    2021-08-18 22:06 - 2021-08-18 22:07 - 001106840 _____ (Unity Technologies ApS) C:\Users\ronny\Downloads\UnityWebPlayer64 (1).exe
    2021-08-14 10:02 - 2021-08-14 10:02 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2021-08-14 10:02 - 2021-08-14 10:02 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2021-08-14 10:02 - 2021-08-14 10:02 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2021-08-14 10:02 - 2021-08-14 10:02 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2021-08-11 15:36 - 2021-08-11 15:36 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2021-08-11 15:35 - 2021-08-11 15:35 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2021-08-11 15:35 - 2021-08-11 15:35 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2021-08-11 15:35 - 2021-08-11 15:35 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2021-08-11 15:35 - 2021-08-11 15:35 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
    2021-08-11 15:35 - 2021-08-11 15:35 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2021-08-11 15:34 - 2021-08-11 15:34 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
    2021-08-11 15:10 - 2021-08-11 15:10 - 000000000 ___HD C:\$WinREAgent
    2021-08-11 09:20 - 2021-08-11 09:20 - 006531920 _____ (Wargaming.net ) C:\Users\ronny\Downloads\world_of_warships_ww_install_na_cdgr07swbok1.exe
    2021-08-06 23:39 - 2021-08-06 23:39 - 005165944 _____ (NCH Software) C:\Users\ronny\Downloads\VideoPadVideoEditor (2).exe
    2021-08-06 23:17 - 2021-08-06 23:17 - 000000016 _____ C:\ProgramData\mntemp
    2021-08-06 23:16 - 2021-08-06 23:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2021-08-06 23:16 - 2021-08-06 23:16 - 000000000 ____D C:\Users\ronny\AppData\Local\Wondershare
    2021-08-06 23:15 - 2021-08-09 03:58 - 000000000 ____D C:\Users\ronny\OneDrive\Documents\Wondershare
    2021-08-06 23:15 - 2021-08-06 23:33 - 000000000 ____D C:\ProgramData\Wondershare Filmora
    2021-08-06 23:15 - 2021-08-06 23:18 - 000000000 ____D C:\ProgramData\Wondershare
    2021-08-06 23:15 - 2021-08-06 23:15 - 000000000 ____D C:\Program Files\Wondershare
    2021-08-03 09:13 - 2021-08-03 09:13 - 000977132 _____ C:\Users\ronny\Downloads\Resized_20210801_184830.jpeg
    2021-08-03 09:13 - 2021-08-03 09:13 - 000735451 _____ C:\Users\ronny\Downloads\Resized_20210801_184857.jpeg
    2021-08-02 21:56 - 2021-08-02 21:56 - 000036864 _____ C:\Users\ronny\Downloads\psort.db
    2021-08-02 17:16 - 2021-06-29 05:43 - 000159864 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
    2021-07-29 19:10 - 2021-07-29 19:10 - 000000000 ____D C:\Users\ronny\AppData\Roaming\EasyAntiCheat
    2021-07-29 19:10 - 2021-07-29 19:10 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
    2021-07-29 18:56 - 2021-07-29 18:56 - 000000000 ____D C:\Users\ronny\AppData\Local\NVIDIA Corporation
    2021-07-29 18:55 - 2021-07-29 18:55 - 000000000 ____D C:\ProgramData\WarThunder
    2021-07-29 18:10 - 2021-08-18 20:42 - 000000000 ____D C:\Users\ronny\AppData\Local\WarThunder
    2021-07-29 18:10 - 2021-07-29 18:10 - 000000000 ____D C:\Users\ronny\OneDrive\Documents\My Games
    2021-07-29 18:10 - 2021-07-29 18:10 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
    2021-07-29 18:10 - 2021-07-29 18:10 - 000000000 ____D C:\Users\ronny\AppData\Local\Gaijin
    2021-07-29 18:10 - 2021-07-29 18:10 - 000000000 ____D C:\ProgramData\Gaijin
    2021-07-29 18:08 - 2021-07-29 18:08 - 010509696 _____ (Gaijin Network ) C:\Users\ronny\Downloads\wt_launcher_1.0.3.282-jllznvl2t.exe
    2021-07-29 18:07 - 2021-07-29 18:07 - 010509696 _____ (Gaijin Network ) C:\Users\ronny\Downloads\wt_launcher_1.0.3.282-cbut8fh0g.exe
    2021-07-29 18:05 - 2021-07-29 18:05 - 010509696 _____ (Gaijin Network ) C:\Users\ronny\Downloads\wt_launcher_1.0.3.282-9tcdzvlcr.exe
    2021-07-29 18:03 - 2021-07-29 18:03 - 010509696 _____ (Gaijin Network ) C:\Users\ronny\Downloads\wt_launcher_1.0.3.282-0qto7q2db.exe
    2021-07-20 03:20 - 2021-07-20 03:20 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2021-07-20 03:20 - 2021-07-20 03:20 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2021-07-20 03:20 - 2021-07-20 03:20 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2021-07-20 03:20 - 2021-07-20 03:20 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-08-19 21:56 - 2021-01-22 20:36 - 000000000 ____D C:\FRST
    2021-08-19 21:52 - 2020-12-18 21:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2021-08-19 21:48 - 2019-10-23 15:40 - 000000000 ____D C:\Program Files (x86)\Google
    2021-08-19 20:11 - 2021-01-03 02:20 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
    2021-08-19 18:48 - 2021-01-03 02:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2021-08-19 16:25 - 2021-01-03 02:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
    2021-08-19 15:23 - 2021-02-15 08:53 - 000001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
    2021-08-19 15:23 - 2021-02-15 08:53 - 000001340 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
    2021-08-19 15:23 - 2021-01-03 02:08 - 000000000 ____D C:\Users\ronny
    2021-08-19 11:36 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-08-19 10:43 - 2020-12-15 00:35 - 000000000 ____D C:\Program Files\CCleaner
    2021-08-19 09:00 - 2021-01-16 09:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2021-08-19 04:58 - 2021-07-13 02:59 - 038461440 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-1cd2f2162e201f6f1f0f.sql
    2021-08-19 04:13 - 2021-07-13 02:59 - 038297600 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-1cd2f2162e201f6f1f0f.old.sql
    2021-08-19 04:12 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
    2021-08-18 18:48 - 2019-10-23 15:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-08-18 18:48 - 2019-10-23 15:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2021-08-18 07:40 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-08-18 07:40 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-08-18 03:42 - 2021-01-19 18:57 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e19fdc9c5413
    2021-08-18 03:42 - 2021-01-03 02:20 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-08-17 14:41 - 2020-07-01 22:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2021-08-17 14:41 - 2020-06-08 11:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2021-08-17 14:29 - 2021-01-03 02:17 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2021-08-17 14:25 - 2021-01-03 02:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-08-17 14:25 - 2021-01-03 02:02 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-08-15 09:15 - 2020-07-12 11:01 - 000000000 ____D C:\ProgramData\Paltalk Update
    2021-08-15 03:49 - 2020-07-12 11:00 - 000000000 ____D C:\Program Files (x86)\Paltalk
    2021-08-15 01:18 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2021-08-15 01:16 - 2021-01-03 02:03 - 000444392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2021-08-15 01:14 - 2021-01-16 09:34 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2021-08-15 01:14 - 2021-01-16 09:34 - 000000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2021-08-15 01:13 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2021-08-15 01:13 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2021-08-15 01:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2021-08-15 01:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2021-08-15 01:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2021-08-15 01:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
    2021-08-15 01:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
    2021-08-15 01:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2021-08-15 01:13 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
    2021-08-14 07:43 - 2020-07-19 08:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-08-14 07:43 - 2020-07-19 08:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2021-08-12 23:52 - 2021-01-16 09:34 - 000003976 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
    2021-08-12 23:52 - 2021-01-16 09:34 - 000003744 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
    2021-08-11 17:27 - 2020-07-01 22:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
    2021-08-11 17:22 - 2020-07-01 22:15 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
    2021-08-11 15:46 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-08-11 15:06 - 2020-07-02 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT
    2021-08-11 15:04 - 2020-07-02 02:27 - 133215968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2021-08-11 02:41 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
    2021-08-11 02:08 - 2020-07-03 01:16 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
    2021-08-10 20:05 - 2021-02-26 03:43 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
    2021-08-08 14:06 - 2021-02-26 03:43 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
    2021-08-08 14:06 - 2021-02-26 03:43 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2021-08-08 14:06 - 2020-07-01 22:15 - 000000000 ___RD C:\Users\ronny\OneDrive
    2021-08-06 23:16 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2021-08-04 14:43 - 2021-01-03 02:20 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2021-08-04 14:43 - 2021-01-03 02:20 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2021-08-04 11:31 - 2020-09-30 01:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2021-08-04 02:58 - 2019-10-23 14:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2021-08-04 02:11 - 2021-01-03 02:20 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2021-07-29 19:36 - 2020-11-12 22:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
    2021-07-28 12:37 - 2020-09-16 13:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2021-07-20 22:18 - 2021-01-20 14:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2021-07-20 22:18 - 2021-01-20 14:48 - 000000000 ____D C:\Program Files (x86)\Java
    2021-07-20 22:17 - 2021-01-20 14:48 - 000164696 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2021-07-20 03:20 - 2020-07-06 23:19 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2021-07-20 03:20 - 2020-07-06 23:19 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2021-07-20 03:20 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

    ==================== Files in the root of some directories ========

    2020-12-27 15:29 - 2020-12-27 15:29 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
    2020-12-27 15:29 - 2020-12-27 15:29 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2020-07-10 05:21 - 2020-07-10 05:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2021-06-30 21:12 - 2021-06-30 21:12 - 000007597 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2021
    Ran by ronny (19-08-2021 21:59:59)
    Running from C:\Users\ronny\Downloads
    Windows 10 Home Version 20H2 19042.1165 (X64) (2021-01-03 07:21:13)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
    Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
    ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    (7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
    8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
    Blue Sherpa (HKLM-x32\...\Blue Sherpa) (Version: 1.4.16 - Blue Microphones)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
    CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
    DeskFX Audio Effect Processor (HKLM-x32\...\DeskFX) (Version: 3.14 - NCH Software)
    Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 129.4.3571 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden
    Dwyco CDC-X version 2.31 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.31 - Dwyco, Inc.)
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.159 - Google LLC)
    HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{D0873D1A-C420-483C-A2B7-08AACD6CAC00}) (Version: 12.18.34.21 - HP Inc.)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
    Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
    Java 8 Update 301 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
    Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
    Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
    LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
    Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.12.8.0 - Logitech Europe S.A.)
    Malwarebytes Privacy version 2.9.0.563 (HKLM\...\{934873BE-C9BC-4F19-B698-9B3E3F8FF07F}_is1) (Version: 2.9.0.563 - Malwarebytes)
    Malwarebytes Privacy VPN Tunnel Driver (HKLM\...\{FEE4A372-663C-47A0-BD08-A6C34320DC52}) (Version: 1.0.0.0 - Malwarebytes)
    Malwarebytes version 4.4.3.125 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.3.125 - Malwarebytes)
    Maxthon (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Maxthon) (Version: 6.1.0.2000 - Maxthon Ltd.)
    Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.5.1000 - Maxthon International Limited)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.73 - Microsoft Corporation)
    Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{852D8FE5-BC66-4061-B1C4-CADF51E5B27D}) (Version: 2.82.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
    MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 7.10 - NCH Software)
    Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
    Mozilla Firefox 78.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 78.6.0 ESR (x64 en-US)) (Version: 78.6.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.0 - Mozilla)
    ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
    Paltalk (HKLM-x32\...\Paltalk) (Version: - )
    PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 6.42 - NCH Software)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
    Samsung DeX (HKLM-x32\...\{589A31D3-C347-4F23-A3B8-98E7603C3DCA}) (Version: 2.0.0.21 - Samsung Electronics Co., Ltd.) Hidden
    Samsung DeX (HKLM-x32\...\{a57d934a-f197-4680-96f3-6b7b837ab1fa}) (Version: 2.0.0.21 - Samsung Electronics Co., Ltd.)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
    SuperNova Player (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\TacticsTechnologySuperNova) (Version: - )
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
    Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
    VideoPad Video Editor (HKLM\...\VideoPad) (Version: 10.56 - NCH Software)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.75 - NCH Software)
    VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
    War Thunder Launcher 1.0.3.282 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
    Wargaming.net Game Center (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Wargaming.net Game Center) (Version: 21.5.0.5956 - Wargaming.net)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 12.23 - NCH Software)
    WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
    World of Tanks NA (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net)
    World_of_Warplanes (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWP.WW.PRODUCTION) (Version: - Wargaming.net)
    World_of_Warships (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWS.WW.PRODUCTION) (Version: - Wargaming.net)

    Packages:
    =========
    All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.2.1.0_x64__0aqw1zw0x2snt [2021-08-03] (韵华软件)
    AutoCAD mobile - DWG Viewer, Editor & CAD Drawing Tools -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_8.6.0.0_x64__tf1gferkr813w [2021-08-03] (Autodesk Inc.)
    City Racing 3D 2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.5.0_x64__3ag0hv5nd203a [2021-08-11] (成都羽珀科技有限责任公司) [MS Ad]
    DrawPad Graphic Design Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_7.4.9.0_x86__7kedsbyvzns34 [2021-07-28] (NCH Software)
    Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_2.0.1.0_x64__0ah1jqwq7j8nj [2021-08-18] (Ironjaw Studios Private Limited)
    Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.45.0_x64__xsbsxxypt8dh6 [2021-05-02] (eyacker.com)
    Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.13.0_x64__q68sgvev02mx6 [2021-05-27] (Swisspix) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-02] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-02] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Studios) [MS Ad]
    My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2021-05-02] (Keith Lam)
    Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_3.0.4.0_neutral__gvheqymwk6zrr [2021-07-08] (Zero Byte) [Startup Task]
    Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-05-02] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-05-02] (Microsoft Corporation)
    Speech to Text -> C:\Program Files\WindowsApps\49600POONFAMILY.SpeechtoText_1.1.0.2_x86__cjkmrjc535bpe [2021-05-02] (POONFAMILY) [MS Ad]
    Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.3.0_x64__1722q061jff9j [2021-05-02] (Best Game Studio) [MS Ad]
    VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2021-05-02] (LSongBee) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\ronny\AppData\Local\Maxthon\Application\6.1.0.2000\notification_helper.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\ronny\Dropbox [2021-01-21 15:24]
    CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{e4211cc1-dab9-49db-af72-8e71f657e3c5}\localserver32 -> C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe (NCH Software, Inc. -> NCH Software)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.139.0711.0001\amd64\FileSyncShell64.dll [2021-08-08] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-06] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============


    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBVpnService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBVpnService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssv.dll [2021-07-20] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-07-20] (Oracle America, Inc. -> Oracle Corporation)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    2021-01-12 09:13 - 2021-01-12 09:13 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Pictures\Dad's\rose6.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "VRS"
    HKLM\...\StartupApproved\Run32: => "Dropbox"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{982257A6-2960-4CC5-B218-9C82D0FDF538}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{D878296B-3054-4CB8-AE02-04EDC6D71925}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{AF67BDB6-1C1C-491B-9674-FFF1A21D5947}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{DCD0CA11-52AF-44CB-B55B-190AFA8312BE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{A44ADCAB-F36B-4CE4-8019-BA7CD41B8738}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{67605349-E1B0-4A34-999E-4F40E09F08B8}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{B3A4C66C-2FF9-4A17-8A8C-90D574B68004}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{055DE081-7DF1-49FB-A657-4FE2FC430CC4}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{ED58E4D4-63E1-482D-8836-F4DDA5215099}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{4942BF96-9725-4E37-A256-5B0B2ECB4079}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{80726437-D855-42F0-9567-D7FCAC8B66D1}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{63A43B1B-D2A0-405E-8244-3D4F50143137}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{54A1549B-1042-48EC-9BD7-3F1186C1110B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{C0AC34D7-37A5-4B19-9296-58D831CEF53A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [{EE4753E1-9862-4FEA-8018-675B60397C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A57B8224-7F4B-4CE6-AEC1-6CB81CFA8FE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{C4419992-6231-4561-885A-8A0DF09DEC6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{2E835BC0-9A0F-4588-9095-605F448A1D05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{CE00FE93-FB6F-4FC8-AAD5-E7581803509A}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{BF3AA785-855A-47BD-8A71-572E874F8095}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [TCP Query User{D186F964-CDBE-4556-A7C3-B323D0D4992D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [UDP Query User{E92F51C9-4EF6-4FE2-839D-04033893C61D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [TCP Query User{A2C21B27-525C-47F0-80B2-CAD32FAB60B9}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{83AFC75C-B451-4DA8-9473-83E62094B9FD}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [TCP Query User{8D4B2E09-73A4-49D9-84E2-B32DCB73C74F}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{E55F3C4C-A35C-41A9-AC27-50B0BFAD8878}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{9FD57219-DABB-401D-8946-6882C2804BE3}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{AF1C38B7-66CA-4ECF-9E43-2D9E7C1FB5D7}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{B46037EE-E896-4026-8074-186B1A433CF6}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{3C1E87DC-457B-4854-9389-A71ED3992371}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [{92906945-CE2D-46B6-A165-12E6966EE91B}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    FirewallRules: [{55FA3B62-6B1C-49B2-82EB-2381CEF82A29}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    FirewallRules: [TCP Query User{15D87C4B-FF2D-4BAF-886B-E2B8BC79C647}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
    FirewallRules: [UDP Query User{6D5EEC59-D930-451E-A844-0217285E138C}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
    FirewallRules: [TCP Query User{1A807194-50F0-4706-8F00-FD34AA32563E}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
    FirewallRules: [UDP Query User{3B23A8A4-906C-4F27-AB16-BEDC3CBB4298}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
    FirewallRules: [{42EFD42A-DA3E-49DA-8BEE-F2CA37516721}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{7BF48A3D-E9FD-4926-B66D-0CF2BAA250B6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

    ==================== Restore Points =========================

    16-08-2021 09:01:41 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices ============

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (08/19/2021 08:59:41 AM) (Source: DbxSvc) (EventID: 281) (User: )
    Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

    Error: (08/19/2021 08:59:41 AM) (Source: DbxSvc) (EventID: 281) (User: )
    Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

    Error: (08/17/2021 03:41:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2000

    Error: (08/17/2021 03:41:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2000

    Error: (08/17/2021 03:41:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/16/2021 08:55:38 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimizer couldn't complete retrim on Windows (C because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

    Error: (08/16/2021 08:22:28 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
    Description: The storage optimizer couldn't complete retrim on System because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

    Error: (08/15/2021 03:51:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6031


    System errors:
    =============
    Error: (08/19/2021 05:38:07 PM) (Source: volsnap) (EventID: 29) (User: )
    Description: The shadow copies of volume F: were aborted during detection.

    Error: (08/19/2021 05:38:03 PM) (Source: volsnap) (EventID: 27) (User: )
    Description: The shadow copies of volume F: were aborted during detection because a critical control file could not be opened.

    Error: (08/18/2021 07:38:48 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (08/18/2021 07:38:14 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (08/17/2021 02:25:48 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 1:44:11 PM on ‎8/‎17/‎2021 was unexpected.

    Error: (08/16/2021 08:04:06 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (08/16/2021 08:03:49 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (08/15/2021 06:50:55 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


    Windows Defender:
    ================
    Date: 2021-08-19 03:20:56
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-08-17 04:11:40
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-08-16 08:01:36
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-08-14 12:32:43
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-08-13 08:58:10
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-08-11 02:25:55
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.345.307.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18400.4
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-08-11 01:59:18
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.345.307.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18400.4
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-08-04 01:04:53
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.343.2190.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18300.4
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2021-08-04 00:41:41
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.343.2190.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18300.4
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ===============
    Date: 2021-08-17 14:28:24
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    BIOS: Hewlett-Packard L01 v02.65 07/13/2015
    Motherboard: Hewlett-Packard 1998
    Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
    Percentage of memory in use: 73%
    Total physical RAM: 8082.33 MB
    Available physical RAM: 2126.1 MB
    Total Virtual: 9766.48 MB
    Available Virtual: 1777.75 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:736.69 GB) NTFS

    \\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
    \\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ () (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=749 MB) - (Type=27)

    ==================== End of Addition.txt =======================

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello rcb56,

    Juliet is not available at this time.

    The malware removal forum will be 'READ' only until she returns.

    Sorry about that.

    Best regards,
    tashi
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hello rcb56
    What site had you visited when this pop up occurred?
    I think you were hit with a scare tactic to push you into purchasing McAfee products.

    Logs are clear, what you can do is delete everything you have related to Farbar Recovery Scan Tool
    And download an updated version and we'll look at new logs.

    Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the program.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    hello there stranger! i hope all is well with you. i am now scanning with the scanner and will post when it's through. thanks and welcome back!

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Quote Originally Posted by rcb56 View Post
    hello there stranger! i hope all is well with you. i am now scanning with the scanner and will post when it's through. thanks and welcome back!
    Some days are good and others I have to tolerate.

    Hello rcb56
    What site had you visited when this pop up occurred?
    I think you were hit with a scare tactic to push you into purchasing McAfee products.

    Also. I wont be back till morning, just happened to check before signing off.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    ok juliet, thanks...

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2021
    Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (22-12-2021 19:21:05)
    Running from C:\Users\ronny\OneDrive\Desktop
    Loaded Profiles: ronny
    Platform: Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Baltic Latvian Universal Electronics LLC -> ) C:\Program Files\Blue Sherpa\sherpa_service.exe
    (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe
    (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <37>
    (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21111.123.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe <15>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SndVol.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
    (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM-x32\...\Run: [VRS] => C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-17] (NCH Software Pty Ltd -> NCH Software)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8807712 2021-11-29] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [189320 2021-10-08] (MIXBYTE, INC. -> )
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [ASUS WebStorage Timeline Backup] => C:\Program Files (x86)\ASUS WebStorage Timeline Backup\ASUS WebStorage Timeline Backup\1.0.0.23\ASUSWebStorageTimelineBackup_.exe [3310592 2021-09-29] (ASUS Cloud Corporation) [File not signed]
    HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
    HKLM\...\Policies\Explorer: [New Value #1]
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2543992 2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148288 2021-12-10] (Wargaming.net Limited -> Wargaming.net)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\ronny\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Samsung DeX] => C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe [10484392 2021-07-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [MicrosoftEdgeAutoLaunch_48A1A4294CCEB77515622EF96F55E31B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [BingWallpaperApp] => C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13871496 2021-12-07] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [31193688 2021-08-16] (PALTALK, INC. -> AVM Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-15] (Google LLC -> Google LLC)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1C89487D-03E0-468E-9867-F8031AE25418} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {36EE3A7E-07D4-4A76-BCE5-42FDCFECFFA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
    Task: {561E6F49-EC06-4A67-AF3C-7321394EE673} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
    Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
    Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
    Task: {6B0F0911-8730-4BF4-B4F8-FC879197F4BE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {793F35C6-425D-4ACA-B379-CC823F8FF67B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\Downloads\esetonlinescanner.exe SCHED (No File)
    Task: {7AFFB79E-C869-4BC0-A467-7E1BD74EA127} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\Downloads\esetonlinescanner.exe LOGON (No File)
    Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
    Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {9805F2E9-A583-4063-86FF-0C47CE56A48C} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
    Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
    Task: {9EC3A1CD-9913-4FB7-AA5D-3940F7FD5B45} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4074344 2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe /show (No File)
    Task: {B05DA692-C638-44B1-92DC-DEE6C6846C43} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4074344 2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    Task: {BDF535B2-421D-41B1-9E7C-68D8CCC1D628} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
    Task: {C1B8BED6-8893-448A-8E48-9642B967506D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform)
    Task: {C53BB61C-4C18-407E-9900-9BA987531E05} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
    Task: {CADFDF2A-7AA0-4339-98C6-345214CDE79E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (No File)
    Task: {E85E19FD-0C98-4D06-8129-FC4964EDB436} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {EC754926-CFBD-407F-BE8D-15DB34B37F64} - System32\Tasks\CCleanerSkipUAC - ronny => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (No File)
    Task: {F282F2B9-0D6C-40A0-80C3-D3FC013B9F6E} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [97960 2021-09-06] (CyberLink Corp. -> CyberLink Corp.)
    Task: {FB3166A0-92EF-43F6-976A-5B9975CC1946} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3c961351-f7d7-41da-899e-f41b92bb43dc}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1

    Edge:
    =======
    DownloadDir: C:\Users\ronny\Downloads
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-22]
    Edge DownloadDir: Default -> C:\Users\ronny\Downloads
    Edge HomePage: Default -> hxxps://www.oann.com/
    Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
    Edge Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-11-15]
    Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    FireFox:
    ========
    FF DefaultProfile: 6nm8fvx2.default-1611594858898
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 [2021-12-22]
    FF Homepage: Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 -> hxxps://www.bing.com/?pc=W091
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\ntamu3y2.default-1618974619849 [2021-12-09]
    FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
    FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
    FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-10-20] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-10-20] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2021-12-22]
    CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.westernjournal.com
    CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16]
    CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16]
    CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16]
    CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16]
    CHR Extension: (Adobe Acrobat) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-12-21]
    CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16]
    CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-21]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-21]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
    CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16]
    CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddojnmkongaimkdddgmcccldlfhokcfb]
    CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
    R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [117168 2015-08-07] (Andrea Electronics -> Andrea Electronics Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-11-29] (Dropbox, Inc -> Dropbox, Inc.)
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-07-15] (EasyAntiCheat Oy -> Epic Games, Inc)
    S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncHelper.exe [3280760 2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [87432 2021-10-08] (MIXBYTE, INC. -> Freemake)
    S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
    R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4490376 2020-09-18] (Logitech Inc -> Logitech)
    S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.230.1107.0004\OneDriveUpdaterService.exe [3737976 2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-14] (PALTALK, INC. -> AVM Software)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [626344 2021-09-06] (CyberLink Corp. -> CyberLink)
    R2 sherpa_service; C:\Program Files\Blue Sherpa\sherpa_service.exe [348080 2020-08-01] (Baltic Latvian Universal Electronics LLC -> )
    S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
    R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
    R2 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-17] (NCH Software Pty Ltd -> NCH Software)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
    S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
    R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
    S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    S3 EvoMouseDriverMini; C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [25952 2018-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Evoluent)
    S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
    S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
    R3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
    S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-03-12] (NCH Software Pty Ltd -> )
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-15] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-15] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-12-21 00:30 - 2021-12-21 00:30 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
    2021-12-16 23:59 - 2021-12-16 23:59 - 000000000 ____D C:\WINDOWS\SystemTemp
    2021-12-16 14:46 - 2021-12-16 14:46 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2021-12-16 14:45 - 2021-12-16 14:45 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
    2021-12-16 14:44 - 2021-12-16 14:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
    2021-12-16 14:44 - 2021-12-16 14:44 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
    2021-12-16 14:14 - 2021-12-16 14:14 - 000000000 ___HD C:\$WinREAgent
    2021-12-12 14:37 - 2021-12-12 14:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001
    2021-12-09 07:59 - 2021-12-09 07:59 - 000000980 _____ C:\WINDOWS\system32\cc_20211209_075859.reg
    2021-12-08 18:10 - 2021-12-08 18:10 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logitech
    2021-12-08 18:10 - 2021-12-08 18:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2021-12-08 17:33 - 2021-12-08 17:34 - 000000000 ____D C:\ProgramData\LogiShrd
    2021-12-08 17:32 - 2021-12-08 17:32 - 086906048 _____ (Logitech Inc.) C:\Users\ronny\Downloads\SetPoint6.70.55_64.exe
    2021-12-08 17:32 - 2021-12-08 17:32 - 013744648 _____ C:\Users\ronny\Downloads\FirmwareUpdateTool_2.6.184496_x64.exe
    2021-12-08 17:31 - 2021-12-08 17:31 - 004147600 _____ ($Co_Name Inc.) C:\Users\ronny\Downloads\unifying250.exe
    2021-12-08 06:59 - 2021-12-08 06:59 - 000002882 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - ronny
    2021-12-03 00:13 - 2021-12-03 00:13 - 001264088 _____ C:\Users\ronny\Downloads\SuperNovaSetup (14).exe
    2021-12-02 18:05 - 2021-12-02 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2021-11-30 10:51 - 2021-11-30 11:00 - 000000000 ____D C:\Users\ronny\AppData\Roaming\obs-studio
    2021-11-30 10:51 - 2021-11-30 10:51 - 000001059 _____ C:\Users\Public\Desktop\OBS Studio.lnk
    2021-11-30 10:51 - 2021-11-30 10:51 - 000000000 ____D C:\ProgramData\obs-studio-hook
    2021-11-30 10:51 - 2021-11-30 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
    2021-11-30 10:49 - 2021-11-30 10:51 - 000000000 ____D C:\Program Files\obs-studio
    2021-11-30 10:48 - 2021-11-30 10:48 - 090640720 _____ (obsproject.com) C:\Users\ronny\Downloads\OBS-Studio-27.1.3-Full-Installer-x64 (1).exe
    2021-11-30 10:47 - 2021-11-30 10:47 - 090640720 _____ (obsproject.com) C:\Users\ronny\Downloads\OBS-Studio-27.1.3-Full-Installer-x64.exe
    2021-11-29 09:10 - 2021-11-29 09:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2021-11-29 09:10 - 2021-11-29 09:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2021-11-29 09:10 - 2021-11-29 09:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2021-11-29 09:10 - 2021-11-29 09:10 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2021-11-28 13:41 - 2021-10-22 00:56 - 000000174 ____R C:\Users\ronny\OneDrive\Documents\Ronny's Notebook.url
    2021-11-28 13:30 - 2021-11-28 13:30 - 000050208 _____ C:\WINDOWS\system32\cc_20211128_133052.reg

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-12-22 19:23 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-12-22 19:22 - 2021-01-22 19:36 - 000000000 ____D C:\FRST
    2021-12-22 18:32 - 2019-10-23 14:40 - 000000000 ____D C:\Program Files (x86)\Google
    2021-12-22 18:21 - 2021-01-03 01:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2021-12-22 14:34 - 2021-01-03 01:20 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
    2021-12-22 13:25 - 2020-12-14 23:35 - 000000000 ____D C:\Program Files\CCleaner
    2021-12-22 12:07 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-12-22 12:07 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-12-22 07:56 - 2020-07-01 21:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2021-12-22 07:56 - 2020-06-08 10:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2021-12-21 13:55 - 2021-06-20 21:05 - 000000000 ____D C:\Users\ronny\AppData\Local\SimplePatchToolDls
    2021-12-21 10:51 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
    2021-12-21 02:35 - 2021-07-13 01:59 - 093421568 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-1cd2f2162e201f6f1f0f.sql
    2021-12-20 00:29 - 2020-11-12 21:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
    2021-12-19 11:28 - 2020-07-19 07:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-12-19 11:28 - 2020-07-19 07:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2021-12-18 04:04 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
    2021-12-17 00:05 - 2021-01-03 01:17 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2021-12-17 00:01 - 2021-09-11 16:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive
    2021-12-17 00:01 - 2021-01-03 01:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-12-17 00:01 - 2021-01-03 01:03 - 000444392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2021-12-17 00:01 - 2021-01-03 01:02 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-12-17 00:00 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
    2021-12-16 23:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2021-12-16 14:51 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-12-16 14:12 - 2020-07-02 01:27 - 000000000 ____D C:\WINDOWS\system32\MRT
    2021-12-16 14:10 - 2020-07-02 01:27 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2021-12-16 05:11 - 2021-07-13 01:59 - 092745728 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-1cd2f2162e201f6f1f0f.old.sql
    2021-12-15 20:06 - 2019-10-23 13:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2021-12-15 16:32 - 2019-10-23 14:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-12-15 16:32 - 2019-10-23 14:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2021-12-12 14:37 - 2021-02-26 02:43 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
    2021-12-12 14:37 - 2021-02-26 02:43 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2021-12-12 06:33 - 2020-07-01 21:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
    2021-12-12 06:31 - 2021-01-03 01:08 - 000000000 ____D C:\Users\ronny
    2021-12-10 20:05 - 2021-01-19 17:57 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e19fdc9c5413
    2021-12-10 20:05 - 2021-01-03 01:20 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-12-08 18:10 - 2020-12-15 21:59 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
    2021-12-08 17:33 - 2020-07-02 21:57 - 000000000 ____D C:\Program Files\Common Files\logishrd
    2021-12-04 02:47 - 2021-01-03 01:20 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2021-12-03 14:17 - 2020-10-30 11:57 - 000000000 ____D C:\Users\ronny\AppData\Roaming\ocenaudio
    2021-12-02 18:06 - 2021-01-16 08:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2021-11-30 10:50 - 2020-07-09 18:50 - 000000000 ____D C:\ProgramData\Package Cache
    2021-11-28 23:11 - 2021-01-03 01:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
    2021-11-28 13:41 - 2020-07-01 21:15 - 000000000 ___RD C:\Users\ronny\OneDrive
    2021-11-28 13:28 - 2021-03-06 14:14 - 000000000 ____D C:\WINDOWS\Minidump

    ==================== Files in the root of some directories ========

    2020-12-27 14:29 - 2020-12-27 14:29 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
    2020-12-27 14:29 - 2020-12-27 14:29 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2020-07-10 04:21 - 2020-07-10 04:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2021-06-30 20:12 - 2021-06-30 20:12 - 000007597 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================


    ------------------------------------------------------------------------------------------------------------------------------------------


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
    Ran by ronny (22-12-2021 19:26:20)
    Running from C:\Users\ronny\OneDrive\Desktop
    Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) (2021-01-03 07:21:13)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
    Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
    ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    (7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
    8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
    ASUS WebStorage Timeline Backup (HKLM-x32\...\ASUS WebStorage Timeline Backup) (Version: 1.0.0.23 - ASUS Cloud Corporation)
    Bing Wallpaper (HKLM-x32\...\{95736CC6-1FA4-4BD5-BE63-7724E0C51CCD}) (Version: 1.0.9.5 - Microsoft Corporation)
    Blue Sherpa (HKLM-x32\...\Blue Sherpa) (Version: 1.4.16 - Blue Microphones)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
    CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform)
    CyberLink PowerDirector 365 (HKLM-x32\...\{278A8296-12A6-4CD0-8A8E-6947948477C5}) (Version: 20.0.2106.0 - CyberLink Corp.)
    DeskFX Audio Effect Processor (HKLM-x32\...\DeskFX) (Version: 3.14 - NCH Software)
    Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 136.4.4345 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.541.1 - Dropbox, Inc.) Hidden
    Dwyco CDC-X version 2.31 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.31 - Dwyco, Inc.)
    Dwyco Video Conferencing (HKLM-x32\...\Dwyco Video Conferencing_is1) (Version: 2.97 - Dwyco, Inc.)
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
    Freemake Video Converter version 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
    HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{D0873D1A-C420-483C-A2B7-08AACD6CAC00}) (Version: 12.18.34.21 - HP Inc.)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
    Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
    Java 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
    Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
    Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
    LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
    LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - )
    Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.12.8.0 - Logitech Europe S.A.)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Maxthon (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Maxthon) (Version: 6.1.0.2000 - Maxthon Ltd.)
    Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.5.1000 - Maxthon International Limited)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
    Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
    MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 7.10 - NCH Software)
    Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
    Mozilla Firefox 78.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 78.6.0 ESR (x64 en-US)) (Version: 78.6.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.0 - Mozilla)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
    ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
    Paltalk (HKLM-x32\...\Paltalk) (Version: - )
    PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 6.42 - NCH Software)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
    Samsung DeX (HKLM-x32\...\{2EB6072C-55E0-4AA0-A851-A34A5D64F6C9}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.) Hidden
    Samsung DeX (HKLM-x32\...\{3d6025db-b129-4813-84ac-91328af71882}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
    SuperNova Player (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\TacticsTechnologySuperNova) (Version: - )
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
    Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
    VideoPad Video Editor (HKLM\...\VideoPad) (Version: 10.56 - NCH Software)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.75 - NCH Software)
    VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
    War Thunder Launcher 1.0.3.282 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
    Wargaming.net Game Center (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Wargaming.net Game Center) (Version: 21.8.2.7331 - Wargaming.net)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 12.23 - NCH Software)
    WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
    Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
    World of Tanks NA (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net)
    World_of_Warplanes (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWP.WW.PRODUCTION) (Version: - Wargaming.net)
    World_of_Warships (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWS.WW.PRODUCTION) (Version: - Wargaming.net)
    Y8 Browser 1.0.10 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)

    Packages:
    =========
    All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.2.1.0_x64__0aqw1zw0x2snt [2021-10-14] (韵华软件)
    AutoCAD mobile - DWG Viewer, Editor & CAD Drawing Tools -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_8.14.0.0_x64__tf1gferkr813w [2021-11-15] (Autodesk Inc.)
    City Racing 3D 2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.5.0_x64__3ag0hv5nd203a [2021-10-14] (成都羽珀科技有限责任公司) [MS Ad]
    DrawPad Graphic Design Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_7.8.5.0_x86__7kedsbyvzns34 [2021-12-22] (NCH Software)
    Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_2.0.1.0_x64__0ah1jqwq7j8nj [2021-10-14] (Ironjaw Studios Private Limited)
    Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.60.0_x64__xsbsxxypt8dh6 [2021-12-22] (eyacker.com)
    Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.13.0_x64__q68sgvev02mx6 [2021-10-14] (Swisspix) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Studios) [MS Ad]
    My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2021-10-14] (Keith Lam)
    Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_3.0.9.0_neutral__gvheqymwk6zrr [2021-12-10] (Zero Byte) [Startup Task]
    Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation)
    Speech to Text -> C:\Program Files\WindowsApps\49600POONFAMILY.SpeechtoText_1.1.0.2_x86__cjkmrjc535bpe [2021-10-14] (POONFAMILY) [MS Ad]
    Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.3.0_x64__1722q061jff9j [2021-10-14] (Best Game Studio) [MS Ad]
    VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2021-10-14] (LSongBee) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\ronny\AppData\Local\Maxthon\Application\6.1.0.2000\notification_helper.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\ronny\Dropbox [2021-01-21 14:24]
    CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{e4211cc1-dab9-49db-af72-8e71f657e3c5}\localserver32 -> C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe (NCH Software, Inc. -> NCH Software)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.230.1107.0004\FileSyncShell64.dll [2021-12-12] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.51.0.dll [2021-10-09] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============


    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll [2021-10-20] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-10-20] (Oracle America, Inc. -> Oracle Corporation)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-03-18 22:49 - 2021-10-03 01:35 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    2021-01-12 08:13 - 2021-01-12 08:13 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20211222.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "VRS"
    HKLM\...\StartupApproved\Run32: => "Dropbox"
    HKLM\...\StartupApproved\Run32: => "ASUS WebStorage Timeline Backup"
    HKLM\...\StartupApproved\Run32: => "ProductUpdater"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Samsung DeX"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{982257A6-2960-4CC5-B218-9C82D0FDF538}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{D878296B-3054-4CB8-AE02-04EDC6D71925}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{AF67BDB6-1C1C-491B-9674-FFF1A21D5947}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{DCD0CA11-52AF-44CB-B55B-190AFA8312BE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{A44ADCAB-F36B-4CE4-8019-BA7CD41B8738}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{67605349-E1B0-4A34-999E-4F40E09F08B8}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{B3A4C66C-2FF9-4A17-8A8C-90D574B68004}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{055DE081-7DF1-49FB-A657-4FE2FC430CC4}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{ED58E4D4-63E1-482D-8836-F4DDA5215099}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{4942BF96-9725-4E37-A256-5B0B2ECB4079}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{80726437-D855-42F0-9567-D7FCAC8B66D1}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{63A43B1B-D2A0-405E-8244-3D4F50143137}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{54A1549B-1042-48EC-9BD7-3F1186C1110B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{C0AC34D7-37A5-4B19-9296-58D831CEF53A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [{EE4753E1-9862-4FEA-8018-675B60397C5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A57B8224-7F4B-4CE6-AEC1-6CB81CFA8FE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{C4419992-6231-4561-885A-8A0DF09DEC6D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{2E835BC0-9A0F-4588-9095-605F448A1D05}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{CE00FE93-FB6F-4FC8-AAD5-E7581803509A}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{BF3AA785-855A-47BD-8A71-572E874F8095}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [TCP Query User{D186F964-CDBE-4556-A7C3-B323D0D4992D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [UDP Query User{E92F51C9-4EF6-4FE2-839D-04033893C61D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [TCP Query User{A2C21B27-525C-47F0-80B2-CAD32FAB60B9}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{83AFC75C-B451-4DA8-9473-83E62094B9FD}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [TCP Query User{8D4B2E09-73A4-49D9-84E2-B32DCB73C74F}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{E55F3C4C-A35C-41A9-AC27-50B0BFAD8878}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{9FD57219-DABB-401D-8946-6882C2804BE3}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{AF1C38B7-66CA-4ECF-9E43-2D9E7C1FB5D7}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{B46037EE-E896-4026-8074-186B1A433CF6}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{3C1E87DC-457B-4854-9389-A71ED3992371}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{15D87C4B-FF2D-4BAF-886B-E2B8BC79C647}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
    FirewallRules: [UDP Query User{6D5EEC59-D930-451E-A844-0217285E138C}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
    FirewallRules: [TCP Query User{1A807194-50F0-4706-8F00-FD34AA32563E}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
    FirewallRules: [UDP Query User{3B23A8A4-906C-4F27-AB16-BEDC3CBB4298}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
    FirewallRules: [TCP Query User{FDBAB707-224F-49A7-9945-F3B8DBA2AADC}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe (Dwyco, Inc.) [File not signed]
    FirewallRules: [UDP Query User{FFCEF217-1EFA-4702-9EDF-F12B6A716881}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe (Dwyco, Inc.) [File not signed]
    FirewallRules: [{30356CD6-449A-4F6C-A754-44357A926440}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    FirewallRules: [{25FF29BF-942C-4149-9672-CE70C5C1859F}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    FirewallRules: [{E7AB386F-F45D-4175-A2B8-B9C8E55AB5F6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{297BB581-8A28-4DE9-AAFE-13A3EF3459D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    11-12-2021 01:56:28 Scheduled Checkpoint
    16-12-2021 14:12:49 Windows Modules Installer
    16-12-2021 14:23:16 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (12/22/2021 10:44:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname Dads.local already in use; will try Dads-2.local instead

    Error: (12/22/2021 10:44:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Dads.local. Addr 192.168.1.190

    Error: (12/22/2021 10:44:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.190:5353 16 Dads.local. AAAA FDCD:F856:29D2:0000:0D90:F591:3D95:CA12

    Error: (12/22/2021 10:44:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA FE80:0000:0000:0000:1520:AD89:1878:C819

    Error: (12/22/2021 10:44:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.190:5353 16 Dads.local. AAAA FDCD:F856:29D2:0000:0D90:F591:3D95:CA12

    Error: (12/22/2021 10:44:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA FDCD:F856:29D2:0000:D84B:C937:131F:1760

    Error: (12/22/2021 10:44:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.190:5353 16 Dads.local. AAAA FDCD:F856:29D2:0000:0D90:F591:3D95:CA12

    Error: (12/22/2021 10:44:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA 2600:0380:543C:7EB8:D84B:C937:131F:1760


    System errors:
    =============
    Error: (12/20/2021 10:03:43 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (12/17/2021 02:03:52 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (12/17/2021 02:03:32 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (12/10/2021 09:17:32 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 9:11:45 PM on ‎12/‎10/‎2021 was unexpected.

    Error: (12/10/2021 05:09:07 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
    Description: 3221225684A fatal error occurred processing the restoration data.

    Error: (12/10/2021 05:09:45 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:08:09 PM on ‎12/‎10/‎2021 was unexpected.

    Error: (12/07/2021 01:45:56 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

    Error: (12/07/2021 01:45:36 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
    Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.


    Windows Defender:
    ================
    Date: 2021-12-21 21:44:23
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-12-21 11:06:22
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-12-19 20:21:52
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-12-18 20:28:51
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-12-16 20:32:42
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    
    CodeIntegrity:
    ===============
    Date: 2021-10-14 04:28:20
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdrom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2021-10-14 04:28:18
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cimfs.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2021-10-03 02:35:45
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.

    Date: 2021-10-01 23:17:07
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    BIOS: Hewlett-Packard L01 v02.65 07/13/2015
    Motherboard: Hewlett-Packard 1998
    Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
    Percentage of memory in use: 66%
    Total physical RAM: 8082.33 MB
    Available physical RAM: 2719.19 MB
    Total Virtual: 11330.06 MB
    Available Virtual: 4178.37 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:710.68 GB) NTFS

    \\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
    \\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ () (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=749 MB) - (Type=27)

    ==================== End of Addition.txt =======================

  7. #7
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    Quote Originally Posted by Juliet View Post
    Some days are good and others I have to tolerate.

    Hello rcb56
    What site had you visited when this pop up occurred?
    I think you were hit with a scare tactic to push you into purchasing McAfee products.

    Also. I wont be back till morning, just happened to check before signing off.
    i'm not sure about the site, i usually have four or five tabs on. in the morning is fine. don't push yourself. i'm thinking that's what it was a buy me ploy, but i always wonder did yjey drop off a little miner to dig away and send back stuff. just checking and it all seems to run ok.

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I think it came from a site using scare tactics

    Not seeing anything, but, let's run a couple of tools to look for left overs anyways

    Open Malwarebytes and allow it to run a quick threat scan

    ~~~~~~~~~~~~~~~~~~~~~~~~~~`

    AdwCleaner - Clean
    here
    • Double click AdwCleaner.exe to run it.
    • Click Scan Now
    • When the scan has finished a Scan Results window will open.
    • Please check all boxes and then click Quarantine
    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
    • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
    • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
    • A prompt to restart your computer will appear ...
    • Click Restart Now
    • Once your computer has restarted ...
    • If it doesn't open automatically, please start AdwCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.

    Please post the contents of the file in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Also, you might want to download and install an Adblock for google chrome and firefox.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    ok, thanks, i'll d'load that now. the scan showed no malicious threats and had to just go to log files.

    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.1.0
    # -------------------------------
    # Build: 11-18-2021
    # Database: 2021-12-02.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 12-23-2021
    # Duration: 00:00:17
    # OS: Windows 10 Home
    # Scanned: 32016
    # Detected: 16


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.Legacy C:\ProgramData\TotalAV
    PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
    PUP.Optional.PCProtect C:\ProgramData\SecuritySuite

    ***** [ Files ] *****

    Adware.KorAd C:\Users\ronny\Downloads\tinstall.exe
    PUP.Optional.TotalAV C:\Users\ronny\Downloads\TOTALAV_SETUP.EXE

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
    PUP.Optional.FreeMakeConverter HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
    PUP.Optional.PCProtect HKCU\Software\SSProtect
    PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
    PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
    PUP.Optional.TotalAV HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
    PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    PUP.Optional.TotalAV HKLM\Software\Classes\totalav
    PUP.Optional.TotalAV HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityServiceMonitor

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
    Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •