Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: seems something is affecting browser surfing and mouse funtions.

  1. #1
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default seems something is affecting browser surfing and mouse funtions.

    well today at some point it seems my pc picked up something. it has since been unbearably slow, it locks up or freezes, the mouse seems to give the most headache as it stops scrolling. also once here, i started dl's and it took about 10 tries to get the Frst downloaded (it kept prompting me it was a bad file). aswMBR would not d'load saying it could not be d'loaded securely. here is the frst report and additional.

    ----------------------------

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-03-2022
    Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (28-03-2022 18:59:44)
    Running from C:\Users\ronny\OneDrive\Desktop
    Loaded Profiles: ronny
    Platform: Microsoft Windows 10 Home Version 20H2 19042.1586 (X64) Language: English (United States)
    Default browser: Opera
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe ->) (Logitech Inc -> Logitech Europe S.A.) C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
    (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
    (C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.147.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.147.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
    (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe
    (C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\UpdateBrowserForApp.exe
    (C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\UpdateBrowserForApp.exe ->) (Microsoft Corporation -> ) C:\Users\ronny\AppData\Local\Temp\IXP010.TMP\UpdateBrowserForApp.exe
    (C:\Users\ronny\AppData\Local\Programs\Opera\opera.exe ->) (Opera Software AS -> Opera Software) C:\Users\ronny\AppData\Local\Programs\Opera\85.0.4341.18\opera_crashreporter.exe
    (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
    (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
    (explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Opera Software AS -> Opera Software) C:\Users\ronny\AppData\Local\Programs\Opera\opera.exe <21>
    (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (services.exe ->) (Baltic Latvian Universal Electronics LLC -> ) C:\Program Files\Blue Sherpa\sherpa_service.exe
    (services.exe ->) (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
    (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
    (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
    (services.exe ->) (NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
    (services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
    (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    (services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
    (svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe
    (svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489920 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM-x32\...\Run: [VRS] => C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [10585376 2022-03-15] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [189320 2021-10-08] (MIXBYTE, INC. -> )
    HKLM-x32\...\Run: [ASUS WebStorage Timeline Backup] => C:\Program Files (x86)\ASUS WebStorage Timeline Backup\ASUS WebStorage Timeline Backup\1.0.0.23\ASUSWebStorageTimelineBackup_.exe [3310592 2021-09-29] (ASUS Cloud Corporation) [File not signed]
    HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
    HKLM-x32\...\Run: [Sound Blaster Audigy Fx Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe [861184 2013-11-08] (Creative Technology Ltd) [File not signed]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
    HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
    HKLM\...\Policies\Explorer: [New Value #1]
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2619296 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148288 2021-12-10] (Wargaming.net Limited -> Wargaming.net)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\ronny\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Samsung DeX] => C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe [10484392 2021-07-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CTRegRun] => C:\WINDOWS\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd) [File not signed]
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [BingWallpaperApp] => C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13877136 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\MountPoints2: {cd31f76c-a9b5-11ea-aae4-806e6f6e6963} - "D:\Audio\setup.exe"
    HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [31193688 2021-08-16] (PALTALK, INC. -> AVM Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.82\Installer\chrmstp.exe [2022-03-20] (Google LLC -> Google LLC)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {28FA5FCF-79F8-44E6-BED9-5161C75BC9D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {303C9A58-6062-4CFD-A488-8D482E1F6FAA} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200344 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    Task: {35C2929B-173D-468F-860E-480DE235984F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {36EE3A7E-07D4-4A76-BCE5-42FDCFECFFA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
    Task: {561E6F49-EC06-4A67-AF3C-7321394EE673} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
    Task: {61765FCA-C131-48DC-A946-0414C663BE12} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
    Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
    Task: {66BC0478-8E86-482F-A276-80FB1E87871D} - System32\Tasks\Opera scheduled Autoupdate 1648218072 => C:\Users\ronny\AppData\Local\Programs\Opera\launcher.exe [2467024 2022-03-23] (Opera Software AS -> Opera Software)
    Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {736797C2-5509-47BC-A6F8-4CBC4779D4CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    Task: {793F35C6-425D-4ACA-B379-CC823F8FF67B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\Downloads\esetonlinescanner.exe SCHED (No File)
    Task: {7AFFB79E-C869-4BC0-A467-7E1BD74EA127} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\Downloads\esetonlinescanner.exe LOGON (No File)
    Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
    Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {9805F2E9-A583-4063-86FF-0C47CE56A48C} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
    Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
    Task: {9EC3A1CD-9913-4FB7-AA5D-3940F7FD5B45} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200344 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9FC0D67A-7162-480C-BCFE-C915747BAA9E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe /show (No File)
    Task: {C53BB61C-4C18-407E-9900-9BA987531E05} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
    Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (No File)
    Task: {E85E19FD-0C98-4D06-8129-FC4964EDB436} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-20] (HP Inc. -> HP Inc.)
    Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (No File)
    Task: {F282F2B9-0D6C-40A0-80C3-D3FC013B9F6E} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [97960 2021-09-06] (CyberLink Corp. -> CyberLink Corp.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3c961351-f7d7-41da-899e-f41b92bb43dc}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1

    Edge:
    =======
    DownloadDir: C:\Users\ronny\Downloads
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-28]
    Edge DownloadDir: Default -> C:\Users\ronny\Downloads
    Edge Notifications: Default -> hxxps://www.facebook.com
    Edge HomePage: Default -> hxxps://www.oann.com/
    Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
    Edge Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-03-09]
    Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    FireFox:
    ========
    FF DefaultProfile: 6nm8fvx2.default-1611594858898
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 [2022-03-28]
    FF Homepage: Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 -> hxxps://www.bing.com/?pc=W091
    FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\ntamu3y2.default-1618974619849 [2021-12-27]
    FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
    FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
    FF Plugin-x32: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2022-03-25]
    CHR Notifications: Default -> hxxps://gayneedsex.com; hxxps://geek.wish.com; hxxps://mrgay.com; hxxps://www.aliexpress.com; hxxps://www.bestofarkansassports.com; hxxps://www.crosswalk.com; hxxps://www.facebook.com; hxxps://www.paramountplus.com; hxxps://www.reddit.com; hxxps://www.westernjournal.com; hxxps://www.youtube.com
    CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
    CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
    CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16]
    CHR Extension: (Easy Online Image/Photo Editor) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\akcgjjdppiajicgmjkggechdkolcpfkm [2021-12-27]
    CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16]
    CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16]
    CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16]
    CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-03-24]
    CHR Extension: (Image Manager) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcknobmagahblapmkjepaflnakhagle [2021-12-27]
    CHR Extension: (Microsoft Rewards) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2022-03-11]
    CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16]
    CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-16]
    CHR Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-03-11]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-20]
    CHR Extension: (BeFunky Extension) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffeadjabcnpcjlpbdbhoglnfbmbfkoo [2022-01-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
    CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16]
    CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\System Profile [2022-02-18]
    CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddojnmkongaimkdddgmcccldlfhokcfb]
    CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
    CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    Opera:
    =======
    OPR Profile: C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable [2022-03-28]
    OPR Notifications: Opera Stable -> hxxps://wp.aliexpress.com; hxxps://www.xvideos.com
    OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
    OPR Extension: (Rich Hints Agent) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-25]
    OPR Extension: (Amazon Assistant Promotion) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-03-25]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
    R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106944 2017-06-29] (Andrea Electronics -> Andrea Electronics Corporation)
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2022-03-15] (Dropbox, Inc -> Dropbox, Inc.)
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-07-15] (EasyAntiCheat Oy -> Epic Games, Inc)
    S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncHelper.exe [3382176 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [87432 2021-10-08] (MIXBYTE, INC. -> Freemake)
    S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
    R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
    S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.045.0227.0004\OneDriveUpdaterService.exe [3861400 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-14] (PALTALK, INC. -> AVM Software)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [626344 2021-09-06] (CyberLink Corp. -> CyberLink)
    R2 sherpa_service; C:\Program Files\Blue Sherpa\sherpa_service.exe [348080 2020-08-01] (Baltic Latvian Universal Electronics LLC -> )
    S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
    R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
    R2 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AFXfilt; C:\WINDOWS\system32\drivers\AFXfilt.sys [25088 2013-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
    S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
    S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
    R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
    R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [53616 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
    S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
    S3 EvoMouseDriverMini; C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [25952 2018-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Evoluent)
    R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation)
    S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
    S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
    R3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
    S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-03-12] (NCH Software Pty Ltd -> )
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-03-28 19:00 - 2022-03-28 19:00 - 005198336 _____ (AVAST Software) C:\Users\ronny\Downloads\Unconfirmed 177322.crdownload
    2022-03-28 19:00 - 2022-03-28 19:00 - 005198336 _____ (AVAST Software) C:\Users\ronny\Downloads\Unconfirmed 169256.crdownload
    2022-03-28 18:59 - 2022-03-28 19:00 - 000000000 ____D C:\FRST
    2022-03-28 18:51 - 2022-03-28 18:51 - 002365440 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 890295.crdownload
    2022-03-28 18:51 - 2022-03-28 18:51 - 002365440 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 627377.crdownload
    2022-03-28 18:50 - 2022-03-28 18:50 - 002365440 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 990563.crdownload
    2022-03-28 18:50 - 2022-03-28 18:50 - 002365440 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 876571.crdownload
    2022-03-28 18:48 - 2022-03-28 18:49 - 000018140 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2022-03-28 18:48 - 2022-03-28 18:48 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (5).exe
    2022-03-25 09:21 - 2022-03-25 09:21 - 000004140 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1648218072
    2022-03-25 09:21 - 2022-03-25 09:21 - 000001406 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
    2022-03-25 09:21 - 2022-03-25 09:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Opera Software
    2022-03-25 09:20 - 2022-03-25 09:20 - 002754824 _____ (Opera Software) C:\Users\ronny\Downloads\OperaSetup.exe
    2022-03-25 09:20 - 2022-03-25 09:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Opera Software
    2022-03-17 00:25 - 2022-03-17 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2022-03-16 22:08 - 2022-03-28 03:20 - 001638400 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.sql
    2022-03-16 22:08 - 2022-03-28 02:22 - 001638400 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.old.sql
    2022-03-16 22:08 - 2022-03-16 22:08 - 430067712 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-a6a29945429dd8db4edc.sql
    2022-03-16 21:54 - 2022-03-16 21:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
    2022-03-16 21:52 - 2022-03-16 21:52 - 066238704 _____ (ITNT SRL) C:\Users\ronny\Downloads\Dwyco VideoChat Community_2.10(1).exe
    2022-03-16 21:51 - 2022-03-16 21:51 - 066238704 _____ (ITNT SRL) C:\Users\ronny\Downloads\Dwyco VideoChat Community_2.10.exe
    2022-03-16 21:51 - 2022-03-16 21:51 - 000000000 ____D C:\Users\ronny\AppData\Local\Adaware
    2022-03-15 01:36 - 2022-03-15 01:36 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2022-03-15 01:36 - 2022-03-15 01:36 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2022-03-15 01:36 - 2022-03-15 01:36 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2022-03-15 01:36 - 2022-03-15 01:36 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2022-03-13 18:06 - 2022-03-13 18:06 - 000125635 _____ C:\Users\ronny\Downloads\Account e-Statement - January 2022.pdf
    2022-03-11 19:23 - 2022-03-11 19:23 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2022-03-11 19:22 - 2022-03-11 19:22 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
    2022-03-11 19:21 - 2022-03-11 19:21 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2022-03-11 19:21 - 2022-03-11 19:21 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
    2022-03-11 19:21 - 2022-03-11 19:21 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
    2022-03-11 18:48 - 2022-03-11 18:48 - 000000000 ___HD C:\$WinREAgent
    2022-03-08 20:16 - 2022-03-08 20:16 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-03-28 18:48 - 2020-12-18 21:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2022-03-28 18:37 - 2019-10-23 15:40 - 000000000 ____D C:\Program Files (x86)\Google
    2022-03-28 16:44 - 2021-01-03 02:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2022-03-28 16:44 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2022-03-28 16:32 - 2021-01-03 02:20 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
    2022-03-28 10:29 - 2020-07-19 08:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2022-03-28 10:29 - 2020-07-19 08:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2022-03-28 10:25 - 2020-07-01 22:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
    2022-03-28 10:25 - 2020-06-08 11:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2022-03-27 05:15 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2022-03-26 04:35 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2022-03-25 20:41 - 2021-12-12 15:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001
    2022-03-25 20:41 - 2021-09-11 17:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive
    2022-03-25 20:41 - 2021-02-26 03:43 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
    2022-03-25 20:41 - 2021-02-26 03:43 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2022-03-24 10:41 - 2020-09-16 13:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2022-03-24 00:08 - 2021-01-03 02:08 - 000000000 ____D C:\Users\ronny
    2022-03-23 12:41 - 2020-11-12 22:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
    2022-03-22 10:18 - 2021-01-03 02:17 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2022-03-22 10:18 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
    2022-03-22 10:12 - 2021-01-03 02:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2022-03-22 10:12 - 2021-01-03 02:02 - 000008192 ___SH C:\DumpStack.log.tmp
    2022-03-20 20:48 - 2021-01-03 02:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
    2022-03-20 17:09 - 2020-12-29 10:43 - 000000000 ____D C:\Users\ronny\AppData\Local\vback
    2022-03-20 12:38 - 2019-10-23 15:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2022-03-20 12:38 - 2019-10-23 15:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2022-03-19 02:11 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2022-03-19 02:09 - 2021-01-16 09:34 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2022-03-19 02:09 - 2021-01-16 09:34 - 000000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2022-03-19 02:09 - 2021-01-03 02:03 - 000444392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2022-03-19 02:06 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
    2022-03-17 00:26 - 2021-01-16 09:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2022-03-15 07:40 - 2019-10-23 14:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2022-03-14 19:02 - 2021-06-20 22:05 - 000000000 ____D C:\Users\ronny\AppData\Local\SimplePatchToolDls
    2022-03-11 19:36 - 2020-09-30 01:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
    2022-03-11 19:36 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2022-03-11 19:20 - 2021-01-03 02:06 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2022-03-11 18:48 - 2020-07-02 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT
    2022-03-11 18:44 - 2020-07-02 02:27 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2022-03-10 22:17 - 2021-01-16 09:34 - 000003874 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
    2022-03-10 22:17 - 2021-01-16 09:34 - 000003642 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
    2022-03-10 04:59 - 2020-07-02 19:49 - 000000000 ____D C:\Program Files\UNP
    2022-03-10 02:22 - 2021-01-19 18:57 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e19fdc9c5413
    2022-03-10 02:22 - 2021-01-03 02:20 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

    ==================== Files in the root of some directories ========

    2020-12-27 15:29 - 2020-12-27 15:29 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
    2020-12-27 15:29 - 2020-12-27 15:29 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
    2020-07-10 05:21 - 2020-07-10 05:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2021-06-30 21:12 - 2021-06-30 21:12 - 000007597 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-03-2022
    Ran by ronny (28-03-2022 19:07:30)
    Running from C:\Users\ronny\OneDrive\Desktop
    Microsoft Windows 10 Home Version 20H2 19042.1586 (X64) (2021-01-03 07:21:13)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
    Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
    ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
    WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    (7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
    8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
    ASUS WebStorage Timeline Backup (HKLM-x32\...\ASUS WebStorage Timeline Backup) (Version: 1.0.0.23 - ASUS Cloud Corporation)
    Bing Wallpaper (HKLM-x32\...\{9FBBDD1D-2CE0-4DC7-B7F8-026F6668DBD3}) (Version: 1.0.9.6 - Microsoft Corporation)
    Blue Sherpa (HKLM-x32\...\Blue Sherpa) (Version: 1.4.16 - Blue Microphones)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
    Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
    CyberLink PowerDirector 365 (HKLM-x32\...\{278A8296-12A6-4CD0-8A8E-6947948477C5}) (Version: 20.0.2106.0 - CyberLink Corp.)
    DeskFX Audio Effect Processor (HKLM-x32\...\DeskFX) (Version: 3.14 - NCH Software)
    Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
    Dropbox (HKLM-x32\...\Dropbox) (Version: 144.4.4491 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
    Dwyco CDC-X version 2.31 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.31 - Dwyco, Inc.)
    Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
    Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
    Freemake Video Converter version 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.82 - Google LLC)
    HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{D0873D1A-C420-483C-A2B7-08AACD6CAC00}) (Version: 12.18.34.21 - HP Inc.)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001100-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.100.1.1 - Intel Corporation)
    Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
    Java 8 Update 321 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
    Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
    Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
    LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
    LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - )
    Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
    Maxthon (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Maxthon) (Version: 6.1.0.2000 - Maxthon Ltd.)
    Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.5.1000 - Maxthon International Limited)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.55 - Microsoft Corporation)
    Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.045.0227.0004 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
    MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 7.10 - NCH Software)
    Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
    Mozilla Firefox 78.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 78.6.0 ESR (x64 en-US)) (Version: 78.6.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.0 - Mozilla)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
    ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
    Opera Stable 85.0.4341.18 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Opera 85.0.4341.18) (Version: 85.0.4341.18 - Opera Software)
    Paltalk (HKLM-x32\...\Paltalk) (Version: - )
    PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 8.00 - NCH Software)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
    RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
    Samsung DeX (HKLM-x32\...\{2EB6072C-55E0-4AA0-A851-A34A5D64F6C9}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.) Hidden
    Samsung DeX (HKLM-x32\...\{3d6025db-b129-4813-84ac-91328af71882}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.)
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
    Sound Blaster Audigy Fx (HKLM-x32\...\{77CE1865-F3B9-4B6D-A558-28674AE7787E}) (Version: 1.00.06 - Creative Technology Limited)
    Sound Blaster Audigy Fx Extras (HKLM-x32\...\{52272D09-08E0-4A57-BC14-BC09F5D7AE26}) (Version: 1.0 - Creative Technology Limited)
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
    SuperNova Player (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\TacticsTechnologySuperNova) (Version: - )
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
    Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
    Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
    VideoPad Video Editor (HKLM\...\VideoPad) (Version: 10.56 - NCH Software)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.75 - NCH Software)
    VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
    War Thunder Launcher 1.0.3.282 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
    Wargaming.net Game Center (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Wargaming.net Game Center) (Version: 21.8.2.7331 - Wargaming.net)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 12.23 - NCH Software)
    WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
    Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
    World of Tanks NA (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net)
    World_of_Warplanes (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWP.WW.PRODUCTION) (Version: - Wargaming.net)
    World_of_Warships (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWS.WW.PRODUCTION) (Version: - Wargaming.net)
    Y8 Browser 1.0.10 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)

    Packages:
    =========
    All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.2.1.0_x64__0aqw1zw0x2snt [2021-10-14] (韵华软件)
    AutoCAD Mobile -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_8.21.0.0_x64__tf1gferkr813w [2022-03-11] (Autodesk Inc.)
    City Racing 3D 2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.5.0_x64__3ag0hv5nd203a [2021-10-14] (成都羽珀科技有限责任公司) [MS Ad]
    DrawPad Graphic Design Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_8.1.8.0_x86__7kedsbyvzns34 [2022-03-25] (NCH Software)
    Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_2.0.1.0_x64__0ah1jqwq7j8nj [2021-10-14] (Ironjaw Studios Private Limited)
    Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.60.0_x64__xsbsxxypt8dh6 [2021-12-22] (eyacker.com)
    Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.13.0_x64__q68sgvev02mx6 [2021-10-14] (Swisspix) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-25] (Microsoft Studios) [MS Ad]
    My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2021-10-14] (Keith Lam)
    Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_3.0.9.0_neutral__gvheqymwk6zrr [2021-12-10] (Zero Byte) [Startup Task]
    Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation)
    Speech to Text -> C:\Program Files\WindowsApps\49600POONFAMILY.SpeechtoText_1.1.0.2_x86__cjkmrjc535bpe [2021-10-14] (POONFAMILY) [MS Ad]
    Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.3.0_x64__1722q061jff9j [2021-10-14] (Best Game Studio) [MS Ad]
    VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2021-10-14] (LSongBee) [MS Ad]

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\ronny\AppData\Local\Maxthon\Application\6.1.0.2000\notification_helper.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\ronny\Dropbox [2021-01-21 15:24]
    CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{e4211cc1-dab9-49db-af72-8e71f657e3c5}\localserver32 -> C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe (NCH Software, Inc. -> NCH Software)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
    HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk -> C:\Users\ronny\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com

    ==================== Loaded Modules (Whitelisted) =============

    2011-09-16 05:04 - 2011-09-16 05:04 - 000238080 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\CTLoadRs.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-03-18 23:49 - 2021-10-03 02:35 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    2021-01-12 09:13 - 2021-01-12 09:13 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20220328.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "VRS"
    HKLM\...\StartupApproved\Run32: => "Dropbox"
    HKLM\...\StartupApproved\Run32: => "ASUS WebStorage Timeline Backup"
    HKLM\...\StartupApproved\Run32: => "ProductUpdater"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Samsung DeX"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
    HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CTRegRun"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{982257A6-2960-4CC5-B218-9C82D0FDF538}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{D878296B-3054-4CB8-AE02-04EDC6D71925}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{AF67BDB6-1C1C-491B-9674-FFF1A21D5947}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{DCD0CA11-52AF-44CB-B55B-190AFA8312BE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
    FirewallRules: [{A44ADCAB-F36B-4CE4-8019-BA7CD41B8738}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{67605349-E1B0-4A34-999E-4F40E09F08B8}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{B3A4C66C-2FF9-4A17-8A8C-90D574B68004}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{055DE081-7DF1-49FB-A657-4FE2FC430CC4}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
    FirewallRules: [{ED58E4D4-63E1-482D-8836-F4DDA5215099}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{4942BF96-9725-4E37-A256-5B0B2ECB4079}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{80726437-D855-42F0-9567-D7FCAC8B66D1}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{63A43B1B-D2A0-405E-8244-3D4F50143137}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{54A1549B-1042-48EC-9BD7-3F1186C1110B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [{C0AC34D7-37A5-4B19-9296-58D831CEF53A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
    FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{CE00FE93-FB6F-4FC8-AAD5-E7581803509A}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{BF3AA785-855A-47BD-8A71-572E874F8095}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [TCP Query User{D186F964-CDBE-4556-A7C3-B323D0D4992D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [UDP Query User{E92F51C9-4EF6-4FE2-839D-04033893C61D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
    FirewallRules: [TCP Query User{A2C21B27-525C-47F0-80B2-CAD32FAB60B9}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [UDP Query User{83AFC75C-B451-4DA8-9473-83E62094B9FD}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
    FirewallRules: [TCP Query User{8D4B2E09-73A4-49D9-84E2-B32DCB73C74F}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{E55F3C4C-A35C-41A9-AC27-50B0BFAD8878}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{9FD57219-DABB-401D-8946-6882C2804BE3}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{AF1C38B7-66CA-4ECF-9E43-2D9E7C1FB5D7}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{B46037EE-E896-4026-8074-186B1A433CF6}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [UDP Query User{3C1E87DC-457B-4854-9389-A71ED3992371}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
    FirewallRules: [TCP Query User{15D87C4B-FF2D-4BAF-886B-E2B8BC79C647}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
    FirewallRules: [UDP Query User{6D5EEC59-D930-451E-A844-0217285E138C}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
    FirewallRules: [TCP Query User{1A807194-50F0-4706-8F00-FD34AA32563E}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
    FirewallRules: [UDP Query User{3B23A8A4-906C-4F27-AB16-BEDC3CBB4298}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
    FirewallRules: [TCP Query User{FDBAB707-224F-49A7-9945-F3B8DBA2AADC}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
    FirewallRules: [UDP Query User{FFCEF217-1EFA-4702-9EDF-F12B6A716881}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
    FirewallRules: [{30356CD6-449A-4F6C-A754-44357A926440}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    FirewallRules: [{25FF29BF-942C-4149-9672-CE70C5C1859F}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
    FirewallRules: [{D703801D-57F8-4AD7-B072-65A5FFDAAD08}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{E374659F-8916-4333-8E54-9F77ED924A6A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{D48AB89F-548C-4749-8D94-D023200E2ADC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{F710309B-F801-46AF-B5F8-0383D424A267}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{A0409FED-A462-4D77-9C6C-B3A987B6710A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{8307A542-5E1F-4DF9-952B-9ECDECB9151D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [TCP Query User{71F0ADF0-11DC-4F0D-9619-C5EC060B502A}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
    FirewallRules: [UDP Query User{6EC61F7D-56EA-498C-A24F-1202603C591F}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)

    ==================== Restore Points =========================

    11-03-2022 18:48:42 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============

    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (03/28/2022 04:53:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7969

    Error: (03/28/2022 04:53:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7969

    Error: (03/28/2022 04:53:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/28/2022 04:53:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5985

    Error: (03/28/2022 04:53:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 5985

    Error: (03/28/2022 04:53:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/28/2022 04:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4000

    Error: (03/28/2022 04:53:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4000


    System errors:
    =============
    Error: (03/23/2022 05:08:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

    Error: (03/22/2022 10:12:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The NcbService service terminated with the following error:
    A device attached to the system is not functioning.

    Error: (03/22/2022 10:12:22 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 1:38:53 AM on ‎3/‎22/‎2022 was unexpected.

    Error: (03/20/2022 01:47:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

    Error: (03/19/2022 07:38:15 AM) (Source: DCOM) (EventID: 10005) (User: DADS)
    Description: DCOM got error "1053" attempting to start the service InstallService with arguments "Unavailable" in order to run the server:
    Windows.Internal.InstallService.Control.InstallServiceControl

    Error: (03/19/2022 07:38:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Store Install Service service to connect.

    Error: (03/13/2022 09:00:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/13/2022 08:56:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The VRS Recording System service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    Windows Defender:
    ================
    Date: 2022-03-16 21:55:03
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...5&enterprise=0
    Name: PUA:Win32/Pearfoos.A!ml
    Severity: Low
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe; process:_pid:12584,ProcessStart:132919591082836513
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: System
    Process Name: C:\Windows\explorer.exe
    Security intelligence Version: AV: 1.361.114.0, AS: 1.361.114.0, NIS: 1.361.114.0
    Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

    Date: 2022-03-16 21:53:36
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...5&enterprise=0
    Name: PUA:Win32/Pearfoos.A!ml
    Severity: Low
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: System
    Process Name: C:\Windows\explorer.exe
    Security intelligence Version: AV: 1.361.114.0, AS: 1.361.114.0, NIS: 1.361.114.0
    Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8

    Date: 2022-03-16 21:52:03
    Description:
    Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
    For more information please see the following:
    https://go.microsoft.com/fwlink/?lin...5&enterprise=0
    Name: PUA:Win32/Pearfoos.A!ml
    Severity: Low
    Category: Potentially Unwanted Software
    Path: file:_C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe
    Detection Origin: Local machine
    Detection Type: FastPath
    Detection Source: System
    Process Name: Unknown
    Security intelligence Version: AV: 1.361.114.0, AS: 1.361.114.0, NIS: 1.361.114.0
    Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
    Event[0]:

    Date: 2022-02-19 08:28:55
    Description:
    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
    New security intelligence Version:
    Previous security intelligence Version: 1.359.438.0
    Update Source: Microsoft Update Server
    Security intelligence Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.18900.3
    Error code: 0x80240009
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ===============
    Date: 2022-01-26 22:43:45
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ronny\Downloads\BT-22.100.1-32-64UWD-Win10-Win11.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2021-10-14 04:28:20
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdrom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2021-10-14 04:28:18
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cimfs.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2021-10-03 02:35:45
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    BIOS: Hewlett-Packard L01 v02.65 07/13/2015
    Motherboard: Hewlett-Packard 1998
    Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
    Percentage of memory in use: 65%
    Total physical RAM: 8082.33 MB
    Available physical RAM: 2785.66 MB
    Total Virtual: 11029.54 MB
    Available Virtual: 4328.56 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:702.91 GB) NTFS
    Drive d: (SB_INSTALL) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS

    \\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
    \\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ () (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=749 MB) - (Type=27)

    ==================== End of Addition.txt =======================

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hi again

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator, just open it and let it wait)

    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [189320 2021-10-08] (MIXBYTE, INC. -> )
    C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater
    Task: {793F35C6-425D-4ACA-B379-CC823F8FF67B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\Downloads\esetonlinescanner.exe SCHED (No File)
    Task: {7AFFB79E-C869-4BC0-A467-7E1BD74EA127} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\Downloads\esetonlinescanner.exe LOGON (No File)
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk -> C:\Users\ronny\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
    FirewallRules: [TCP Query User{FDBAB707-224F-49A7-9945-F3B8DBA2AADC}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
    FirewallRules: [UDP Query User{FFCEF217-1EFA-4702-9EDF-F12B6A716881}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
    C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe
    Hosts:
    CMD: netsh int ip reset
    CMD: ipconfig /flushDNS
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Press the Fix button
    FRST will process the lines copied above from the clipboard.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    • Please download AdwCleaner and save it to your Desktop
    • Close all open programs and browsers
    • Right click on the icon and select Run as administrator
    • Click Scan now
    • Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
    • When completed click View Scan Log File
    • Copy and paste the contents in your reply
    • Click Skip Basic Repair if it appears then close the program

    ===================================================

    Run Malwarebytes Anti-Malware

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Please post these 3 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    hello again juliet, ok here are the three reports and thank you very much!

    Fix result of Farbar Recovery Scan Tool (x64) Version: 28-03-2022
    Ran by ronny (29-03-2022 14:21:00) Run:1
    Running from C:\Users\ronny\OneDrive\Desktop
    Loaded Profiles: ronny
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [189320 2021-10-08] (MIXBYTE, INC. -> )
    C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater
    Task: {793F35C6-425D-4ACA-B379-CC823F8FF67B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\Downloads\esetonlinescanner.exe SCHED (No File)
    Task: {7AFFB79E-C869-4BC0-A467-7E1BD74EA127} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\Downloads\esetonlinescanner.exe LOGON (No File)
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    ShortcutWithArgument: C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk -> C:\Users\ronny\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
    FirewallRules: [TCP Query User{FDBAB707-224F-49A7-9945-F3B8DBA2AADC}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
    FirewallRules: [UDP Query User{FFCEF217-1EFA-4702-9EDF-F12B6A716881}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
    C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe
    Hosts:
    CMD: netsh int ip reset
    CMD: ipconfig /flushDNS
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ProductUpdater" => removed successfully
    C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe => moved successfully
    C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{793F35C6-425D-4ACA-B379-CC823F8FF67B}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{793F35C6-425D-4ACA-B379-CC823F8FF67B}" => removed successfully
    C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AFFB79E-C869-4BC0-A467-7E1BD74EA127}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFFB79E-C869-4BC0-A467-7E1BD74EA127}" => removed successfully
    C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
    C:\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk => Shortcut argument removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FDBAB707-224F-49A7-9945-F3B8DBA2AADC}C:\program files\dwyco2\cdc32.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FFCEF217-1EFA-4702-9EDF-F12B6A716881}C:\program files\dwyco2\cdc32.exe" => removed successfully
    "C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe" => not found
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= netsh int ip reset =========

    Resetting Compartment Forwarding, OK!
    Resetting Compartment, OK!
    Resetting Control Protocol, OK!
    Resetting Echo Sequence Request, OK!
    Resetting Global, OK!
    Resetting Interface, OK!
    Resetting Anycast Address, OK!
    Resetting Multicast Address, OK!
    Resetting Unicast Address, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting Potential, OK!
    Resetting Prefix Policy, OK!
    Resetting Proxy Neighbor, OK!
    Resetting Route, OK!
    Resetting Site Prefix, OK!
    Resetting Subinterface, OK!
    Resetting Wakeup Pattern, OK!
    Resetting Resolve Neighbor, OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= ipconfig /flushDNS =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\73e1b1ed-dc44-4c79-aa2d-22236afb1d98.tmp => moved successfully
    C:\Windows\Temp\7e261dda-01a9-443e-8be9-013a379536f3.tmp => moved successfully
    C:\Windows\Temp\AdobeARM.log => moved successfully
    C:\Windows\Temp\AdobeARM_Helper.log => moved successfully
    C:\Windows\Temp\ArmUI.ini => moved successfully
    C:\Windows\Temp\chrome_installer.log => moved successfully
    Could not move "C:\Windows\Temp\CropAssist.log" => Scheduled to move on reboot.
    C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
    C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpCopyAccelerator.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\msedge_installer.log => moved successfully
    C:\Windows\Temp\tem109C.tmp => moved successfully
    C:\Windows\Temp\tem1281.tmp => moved successfully
    C:\Windows\Temp\tem13E7.tmp => moved successfully
    C:\Windows\Temp\tem1459.tmp => moved successfully
    C:\Windows\Temp\tem1528.tmp => moved successfully
    C:\Windows\Temp\tem162F.tmp => moved successfully
    C:\Windows\Temp\tem1644.tmp => moved successfully
    C:\Windows\Temp\tem174.tmp => moved successfully
    C:\Windows\Temp\tem1865.tmp => moved successfully
    C:\Windows\Temp\tem1966.tmp => moved successfully
    C:\Windows\Temp\tem1A10.tmp => moved successfully
    C:\Windows\Temp\tem1AF4.tmp => moved successfully
    C:\Windows\Temp\tem1B65.tmp => moved successfully
    C:\Windows\Temp\tem1BA8.tmp => moved successfully
    C:\Windows\Temp\tem1BE3.tmp => moved successfully
    C:\Windows\Temp\tem1DDA.tmp => moved successfully
    C:\Windows\Temp\tem2044.tmp => moved successfully
    C:\Windows\Temp\tem2264.tmp => moved successfully
    C:\Windows\Temp\tem24D4.tmp => moved successfully
    C:\Windows\Temp\tem254.tmp => moved successfully
    C:\Windows\Temp\tem25E9.tmp => moved successfully
    C:\Windows\Temp\tem28A9.tmp => moved successfully
    C:\Windows\Temp\tem28CC.tmp => moved successfully
    C:\Windows\Temp\tem2A14.tmp => moved successfully
    C:\Windows\Temp\tem2AA0.tmp => moved successfully
    C:\Windows\Temp\tem2B13.tmp => moved successfully
    C:\Windows\Temp\tem2BF4.tmp => moved successfully
    C:\Windows\Temp\tem2D5C.tmp => moved successfully
    C:\Windows\Temp\tem30A2.tmp => moved successfully
    C:\Windows\Temp\tem328D.tmp => moved successfully
    C:\Windows\Temp\tem330A.tmp => moved successfully
    C:\Windows\Temp\tem35B8.tmp => moved successfully
    C:\Windows\Temp\tem35CF.tmp => moved successfully
    C:\Windows\Temp\tem387F.tmp => moved successfully
    C:\Windows\Temp\tem3A40.tmp => moved successfully
    C:\Windows\Temp\tem3B11.tmp => moved successfully
    C:\Windows\Temp\tem3B4C.tmp => moved successfully
    C:\Windows\Temp\tem3B55.tmp => moved successfully
    C:\Windows\Temp\tem3BB3.tmp => moved successfully
    C:\Windows\Temp\tem3CB2.tmp => moved successfully
    C:\Windows\Temp\tem3D0.tmp => moved successfully
    C:\Windows\Temp\tem3F11.tmp => moved successfully
    C:\Windows\Temp\tem3F9F.tmp => moved successfully
    C:\Windows\Temp\tem3FF.tmp => moved successfully
    C:\Windows\Temp\tem3FF2.tmp => moved successfully
    C:\Windows\Temp\tem40B4.tmp => moved successfully
    C:\Windows\Temp\tem4213.tmp => moved successfully
    C:\Windows\Temp\tem42CB.tmp => moved successfully
    C:\Windows\Temp\tem434E.tmp => moved successfully
    C:\Windows\Temp\tem436E.tmp => moved successfully
    C:\Windows\Temp\tem4397.tmp => moved successfully
    C:\Windows\Temp\tem45C2.tmp => moved successfully
    C:\Windows\Temp\tem4632.tmp => moved successfully
    C:\Windows\Temp\tem4722.tmp => moved successfully
    C:\Windows\Temp\tem483A.tmp => moved successfully
    C:\Windows\Temp\tem4880.tmp => moved successfully
    C:\Windows\Temp\tem4BFA.tmp => moved successfully
    C:\Windows\Temp\tem4CC5.tmp => moved successfully
    C:\Windows\Temp\tem4CD5.tmp => moved successfully
    C:\Windows\Temp\tem4D71.tmp => moved successfully
    C:\Windows\Temp\tem4EAF.tmp => moved successfully
    C:\Windows\Temp\tem5062.tmp => moved successfully
    C:\Windows\Temp\tem509D.tmp => moved successfully
    C:\Windows\Temp\tem5103.tmp => moved successfully
    C:\Windows\Temp\tem51A1.tmp => moved successfully
    C:\Windows\Temp\tem52A2.tmp => moved successfully
    C:\Windows\Temp\tem5393.tmp => moved successfully
    C:\Windows\Temp\tem54CD.tmp => moved successfully
    C:\Windows\Temp\tem54E0.tmp => moved successfully
    C:\Windows\Temp\tem56D0.tmp => moved successfully
    C:\Windows\Temp\tem56D1.tmp => moved successfully
    C:\Windows\Temp\tem570A.tmp => moved successfully
    C:\Windows\Temp\tem5781.tmp => moved successfully
    C:\Windows\Temp\tem59C0.tmp => moved successfully
    C:\Windows\Temp\tem5A32.tmp => moved successfully
    C:\Windows\Temp\tem5CD.tmp => moved successfully
    C:\Windows\Temp\tem5D06.tmp => moved successfully
    C:\Windows\Temp\tem5E58.tmp => moved successfully
    C:\Windows\Temp\tem5E65.tmp => moved successfully
    C:\Windows\Temp\tem5F1F.tmp => moved successfully
    C:\Windows\Temp\tem5F94.tmp => moved successfully
    C:\Windows\Temp\tem606D.tmp => moved successfully
    C:\Windows\Temp\tem6121.tmp => moved successfully
    C:\Windows\Temp\tem61BC.tmp => moved successfully
    C:\Windows\Temp\tem61E2.tmp => moved successfully
    C:\Windows\Temp\tem6340.tmp => moved successfully
    C:\Windows\Temp\tem6404.tmp => moved successfully
    C:\Windows\Temp\tem643B.tmp => moved successfully
    C:\Windows\Temp\tem6668.tmp => moved successfully
    C:\Windows\Temp\tem66A9.tmp => moved successfully
    C:\Windows\Temp\tem67B7.tmp => moved successfully
    C:\Windows\Temp\tem69B1.tmp => moved successfully
    C:\Windows\Temp\tem6BD5.tmp => moved successfully
    C:\Windows\Temp\tem6C76.tmp => moved successfully
    C:\Windows\Temp\tem6E61.tmp => moved successfully
    C:\Windows\Temp\tem6EFB.tmp => moved successfully
    C:\Windows\Temp\tem6F4.tmp => moved successfully
    C:\Windows\Temp\tem6FB9.tmp => moved successfully
    C:\Windows\Temp\tem70C1.tmp => moved successfully
    C:\Windows\Temp\tem7151.tmp => moved successfully
    C:\Windows\Temp\tem71DF.tmp => moved successfully
    C:\Windows\Temp\tem734E.tmp => moved successfully
    C:\Windows\Temp\tem73C8.tmp => moved successfully
    C:\Windows\Temp\tem74DF.tmp => moved successfully
    C:\Windows\Temp\tem77D2.tmp => moved successfully
    C:\Windows\Temp\tem7833.tmp => moved successfully
    C:\Windows\Temp\tem78D6.tmp => moved successfully
    C:\Windows\Temp\tem7B7.tmp => moved successfully
    C:\Windows\Temp\tem7BBE.tmp => moved successfully
    C:\Windows\Temp\tem7C14.tmp => moved successfully
    C:\Windows\Temp\tem7E05.tmp => moved successfully
    C:\Windows\Temp\tem8252.tmp => moved successfully
    C:\Windows\Temp\tem82D.tmp => moved successfully
    C:\Windows\Temp\tem8340.tmp => moved successfully
    C:\Windows\Temp\tem84F4.tmp => moved successfully
    C:\Windows\Temp\tem853A.tmp => moved successfully
    C:\Windows\Temp\tem861.tmp => moved successfully
    C:\Windows\Temp\tem86CD.tmp => moved successfully
    C:\Windows\Temp\tem88D1.tmp => moved successfully
    C:\Windows\Temp\tem8E2A.tmp => moved successfully
    C:\Windows\Temp\tem8EBA.tmp => moved successfully
    C:\Windows\Temp\tem8EC6.tmp => moved successfully
    C:\Windows\Temp\tem8EDC.tmp => moved successfully
    C:\Windows\Temp\tem9012.tmp => moved successfully
    C:\Windows\Temp\tem9021.tmp => moved successfully
    C:\Windows\Temp\tem90DE.tmp => moved successfully
    C:\Windows\Temp\tem912A.tmp => moved successfully
    C:\Windows\Temp\tem9140.tmp => moved successfully
    C:\Windows\Temp\tem9278.tmp => moved successfully
    C:\Windows\Temp\tem93B5.tmp => moved successfully
    C:\Windows\Temp\tem9672.tmp => moved successfully
    C:\Windows\Temp\tem9810.tmp => moved successfully
    C:\Windows\Temp\tem9AC6.tmp => moved successfully
    C:\Windows\Temp\tem9ADB.tmp => moved successfully
    C:\Windows\Temp\tem9ADD.tmp => moved successfully
    C:\Windows\Temp\tem9EA4.tmp => moved successfully
    C:\Windows\Temp\tem9ED1.tmp => moved successfully
    C:\Windows\Temp\tem9F1.tmp => moved successfully
    C:\Windows\Temp\tem9FE5.tmp => moved successfully
    C:\Windows\Temp\temA00E.tmp => moved successfully
    C:\Windows\Temp\temA1A2.tmp => moved successfully
    C:\Windows\Temp\temA206.tmp => moved successfully
    C:\Windows\Temp\temA500.tmp => moved successfully
    C:\Windows\Temp\temA533.tmp => moved successfully
    C:\Windows\Temp\temA5A2.tmp => moved successfully
    C:\Windows\Temp\temA5F.tmp => moved successfully
    C:\Windows\Temp\temA69C.tmp => moved successfully
    C:\Windows\Temp\temA6CD.tmp => moved successfully
    C:\Windows\Temp\temA940.tmp => moved successfully
    C:\Windows\Temp\temAB66.tmp => moved successfully
    C:\Windows\Temp\temABF3.tmp => moved successfully
    C:\Windows\Temp\temAD5D.tmp => moved successfully
    C:\Windows\Temp\temAE79.tmp => moved successfully
    C:\Windows\Temp\temAEB2.tmp => moved successfully
    C:\Windows\Temp\temAECD.tmp => moved successfully
    C:\Windows\Temp\temB03F.tmp => moved successfully
    C:\Windows\Temp\temB071.tmp => moved successfully
    C:\Windows\Temp\temB072.tmp => moved successfully
    C:\Windows\Temp\temB24B.tmp => moved successfully
    C:\Windows\Temp\temB276.tmp => moved successfully
    C:\Windows\Temp\temB30F.tmp => moved successfully
    C:\Windows\Temp\temB332.tmp => moved successfully
    C:\Windows\Temp\temB3F.tmp => moved successfully
    C:\Windows\Temp\temB440.tmp => moved successfully
    C:\Windows\Temp\temB4B4.tmp => moved successfully
    C:\Windows\Temp\temB521.tmp => moved successfully
    C:\Windows\Temp\temB5AE.tmp => moved successfully
    C:\Windows\Temp\temB637.tmp => moved successfully
    C:\Windows\Temp\temB70B.tmp => moved successfully
    C:\Windows\Temp\temB71C.tmp => moved successfully
    C:\Windows\Temp\temB7B0.tmp => moved successfully
    C:\Windows\Temp\temB873.tmp => moved successfully
    C:\Windows\Temp\temB8A9.tmp => moved successfully
    C:\Windows\Temp\temB91.tmp => moved successfully
    C:\Windows\Temp\temB972.tmp => moved successfully
    C:\Windows\Temp\temB9AF.tmp => moved successfully
    C:\Windows\Temp\temB9D1.tmp => moved successfully
    C:\Windows\Temp\temBAFC.tmp => moved successfully
    C:\Windows\Temp\temBB09.tmp => moved successfully
    C:\Windows\Temp\temBB23.tmp => moved successfully
    C:\Windows\Temp\temBBA0.tmp => moved successfully
    C:\Windows\Temp\temBC7.tmp => moved successfully
    C:\Windows\Temp\temBE53.tmp => moved successfully
    C:\Windows\Temp\temBEDA.tmp => moved successfully
    C:\Windows\Temp\temC034.tmp => moved successfully
    C:\Windows\Temp\temC0B1.tmp => moved successfully
    C:\Windows\Temp\temC0CF.tmp => moved successfully
    C:\Windows\Temp\temC133.tmp => moved successfully
    C:\Windows\Temp\temC415.tmp => moved successfully
    C:\Windows\Temp\temC482.tmp => moved successfully
    C:\Windows\Temp\temC5D7.tmp => moved successfully
    C:\Windows\Temp\temC607.tmp => moved successfully
    C:\Windows\Temp\temC60E.tmp => moved successfully
    C:\Windows\Temp\temC7E1.tmp => moved successfully
    C:\Windows\Temp\temC8E1.tmp => moved successfully
    C:\Windows\Temp\temCB6A.tmp => moved successfully
    C:\Windows\Temp\temCBC4.tmp => moved successfully
    C:\Windows\Temp\temCCCB.tmp => moved successfully
    C:\Windows\Temp\temCCFD.tmp => moved successfully
    C:\Windows\Temp\temCF54.tmp => moved successfully
    C:\Windows\Temp\temCF73.tmp => moved successfully
    C:\Windows\Temp\temD1B7.tmp => moved successfully
    C:\Windows\Temp\temD1F1.tmp => moved successfully
    C:\Windows\Temp\temD350.tmp => moved successfully
    C:\Windows\Temp\temD38.tmp => moved successfully
    C:\Windows\Temp\temD3B9.tmp => moved successfully
    C:\Windows\Temp\temD4CC.tmp => moved successfully
    C:\Windows\Temp\temD557.tmp => moved successfully
    C:\Windows\Temp\temD5A3.tmp => moved successfully
    C:\Windows\Temp\temD5F2.tmp => moved successfully
    C:\Windows\Temp\temD77F.tmp => moved successfully
    C:\Windows\Temp\temD785.tmp => moved successfully
    C:\Windows\Temp\temD932.tmp => moved successfully
    C:\Windows\Temp\temD9FD.tmp => moved successfully
    C:\Windows\Temp\temDA90.tmp => moved successfully
    C:\Windows\Temp\temDB2.tmp => moved successfully
    C:\Windows\Temp\temDBF.tmp => moved successfully
    C:\Windows\Temp\temDD1F.tmp => moved successfully
    C:\Windows\Temp\temDD30.tmp => moved successfully
    C:\Windows\Temp\temE1F4.tmp => moved successfully
    C:\Windows\Temp\temE210.tmp => moved successfully
    C:\Windows\Temp\temE48D.tmp => moved successfully
    C:\Windows\Temp\temE5F.tmp => moved successfully
    C:\Windows\Temp\temE74F.tmp => moved successfully
    C:\Windows\Temp\temE8A4.tmp => moved successfully
    C:\Windows\Temp\temE8AC.tmp => moved successfully
    C:\Windows\Temp\temE8DF.tmp => moved successfully
    C:\Windows\Temp\temE996.tmp => moved successfully
    C:\Windows\Temp\temEA10.tmp => moved successfully
    C:\Windows\Temp\temEAAD.tmp => moved successfully
    C:\Windows\Temp\temEB35.tmp => moved successfully
    C:\Windows\Temp\temEDCE.tmp => moved successfully
    C:\Windows\Temp\temEEE8.tmp => moved successfully
    C:\Windows\Temp\temEEE9.tmp => moved successfully
    C:\Windows\Temp\temF001.tmp => moved successfully
    C:\Windows\Temp\temF055.tmp => moved successfully
    C:\Windows\Temp\temF28D.tmp => moved successfully
    C:\Windows\Temp\temF383.tmp => moved successfully
    C:\Windows\Temp\temF5EA.tmp => moved successfully
    C:\Windows\Temp\temF6BA.tmp => moved successfully
    C:\Windows\Temp\temF710.tmp => moved successfully
    C:\Windows\Temp\temF7E7.tmp => moved successfully
    C:\Windows\Temp\temF8DF.tmp => moved successfully
    C:\Windows\Temp\temF9AE.tmp => moved successfully
    C:\Windows\Temp\temFAFC.tmp => moved successfully
    C:\Windows\Temp\temFCF5.tmp => moved successfully
    C:\Windows\Temp\temFD2A.tmp => moved successfully
    C:\Windows\Temp\temFD42.tmp => moved successfully
    C:\Windows\Temp\temFD4D.tmp => moved successfully
    C:\Windows\Temp\temFD89.tmp => moved successfully
    C:\Windows\Temp\TS_97D6.tmp => moved successfully
    C:\Windows\Temp\UpdHealthTools.msi => moved successfully
    C:\Windows\Temp\wct10C3.tmp => moved successfully
    C:\Windows\Temp\wct1250.tmp => moved successfully
    C:\Windows\Temp\wct1253.tmp => moved successfully
    C:\Windows\Temp\wct1A17.tmp => moved successfully
    C:\Windows\Temp\wct1A49.tmp => moved successfully
    C:\Windows\Temp\wct1A76.tmp => moved successfully
    C:\Windows\Temp\wct28B6.tmp => moved successfully
    C:\Windows\Temp\wct2CBA.tmp => moved successfully
    C:\Windows\Temp\wct3423.tmp => moved successfully
    C:\Windows\Temp\wct34C9.tmp => moved successfully
    C:\Windows\Temp\wct3D2D.tmp => moved successfully
    C:\Windows\Temp\wct418D.tmp => moved successfully
    C:\Windows\Temp\wct4A97.tmp => moved successfully
    C:\Windows\Temp\wct4B42.tmp => moved successfully
    C:\Windows\Temp\wct4CFF.tmp => moved successfully
    C:\Windows\Temp\wct5457.tmp => moved successfully
    C:\Windows\Temp\wct5712.tmp => moved successfully
    C:\Windows\Temp\wct581.tmp => moved successfully
    C:\Windows\Temp\wct5A6.tmp => moved successfully
    C:\Windows\Temp\wct5B2.tmp => moved successfully
    C:\Windows\Temp\wct5BBA.tmp => moved successfully
    C:\Windows\Temp\wct5D51.tmp => moved successfully
    C:\Windows\Temp\wct606.tmp => moved successfully
    C:\Windows\Temp\wct60AC.tmp => moved successfully
    C:\Windows\Temp\wct65AE.tmp => moved successfully
    C:\Windows\Temp\wct685.tmp => moved successfully
    C:\Windows\Temp\wct69A6.tmp => moved successfully
    C:\Windows\Temp\wct6D55.tmp => moved successfully
    C:\Windows\Temp\wct6D6.tmp => moved successfully
    C:\Windows\Temp\wct6F49.tmp => moved successfully
    C:\Windows\Temp\wct7060.tmp => moved successfully
    C:\Windows\Temp\wct7361.tmp => moved successfully
    C:\Windows\Temp\wct7729.tmp => moved successfully
    C:\Windows\Temp\wct7A44.tmp => moved successfully
    C:\Windows\Temp\wct7C6D.tmp => moved successfully
    C:\Windows\Temp\wct7CB9.tmp => moved successfully
    C:\Windows\Temp\wct7CE7.tmp => moved successfully
    C:\Windows\Temp\wct8043.tmp => moved successfully
    C:\Windows\Temp\wct827C.tmp => moved successfully
    C:\Windows\Temp\wct84DA.tmp => moved successfully
    C:\Windows\Temp\wct850.tmp => moved successfully
    C:\Windows\Temp\wct86D6.tmp => moved successfully
    C:\Windows\Temp\wct882A.tmp => moved successfully
    C:\Windows\Temp\wct893D.tmp => moved successfully
    C:\Windows\Temp\wct8974.tmp => moved successfully
    C:\Windows\Temp\wct8C02.tmp => moved successfully
    C:\Windows\Temp\wct8CD3.tmp => moved successfully
    C:\Windows\Temp\wct8FDC.tmp => moved successfully
    C:\Windows\Temp\wct903D.tmp => moved successfully
    C:\Windows\Temp\wct9200.tmp => moved successfully
    C:\Windows\Temp\wct9395.tmp => moved successfully
    C:\Windows\Temp\wct957F.tmp => moved successfully
    C:\Windows\Temp\wct975.tmp => moved successfully
    C:\Windows\Temp\wct9776.tmp => moved successfully
    C:\Windows\Temp\wct9D54.tmp => moved successfully
    C:\Windows\Temp\wct9F39.tmp => moved successfully
    C:\Windows\Temp\wct9F85.tmp => moved successfully
    C:\Windows\Temp\wctA2.tmp => moved successfully
    C:\Windows\Temp\wctA332.tmp => moved successfully
    C:\Windows\Temp\wctA813.tmp => moved successfully
    C:\Windows\Temp\wctAB80.tmp => moved successfully
    C:\Windows\Temp\wctB13.tmp => moved successfully
    C:\Windows\Temp\wctB39F.tmp => moved successfully
    C:\Windows\Temp\wctB5F7.tmp => moved successfully
    C:\Windows\Temp\wctBDD8.tmp => moved successfully
    C:\Windows\Temp\wctBE16.tmp => moved successfully
    C:\Windows\Temp\wctC4BE.tmp => moved successfully
    C:\Windows\Temp\wctCA18.tmp => moved successfully
    C:\Windows\Temp\wctCFDC.tmp => moved successfully
    C:\Windows\Temp\wctD592.tmp => moved successfully
    C:\Windows\Temp\wctD7CC.tmp => moved successfully
    C:\Windows\Temp\wctE11.tmp => moved successfully
    C:\Windows\Temp\wctE1A1.tmp => moved successfully
    C:\Windows\Temp\wctE3FE.tmp => moved successfully
    C:\Windows\Temp\wctEA1E.tmp => moved successfully
    C:\Windows\Temp\wctEBBF.tmp => moved successfully
    C:\Windows\Temp\wctEC2C.tmp => moved successfully
    C:\Windows\Temp\wctED46.tmp => moved successfully
    C:\Windows\Temp\wctEDB5.tmp => moved successfully
    C:\Windows\Temp\wctF39A.tmp => moved successfully
    C:\Windows\Temp\wctF594.tmp => moved successfully
    C:\Windows\Temp\wctF5B3.tmp => moved successfully
    C:\Windows\Temp\wctF707.tmp => moved successfully
    C:\Windows\Temp\wctF835.tmp => moved successfully
    C:\Windows\Temp\wctFC08.tmp => moved successfully
    C:\Windows\Temp\wctFCA4.tmp => moved successfully
    C:\Windows\Temp\wctFCBE.tmp => moved successfully
    C:\Windows\Temp\wctFDB2.tmp => moved successfully
    C:\Windows\Temp\wctFEC.tmp => moved successfully
    C:\Windows\Temp\wctFF57.tmp => moved successfully
    C:\Windows\Temp\wctFF84.tmp => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 2359296 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 154568598 B
    Java, Flash, Steam htmlcache => 524 B
    Windows/system/drivers => 62883093 B
    Edge => 0 B
    Chrome => 928260257 B
    Firefox => 144765412 B
    Opera => 432451078 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 48018485 B
    systemprofile32 => 87510400 B
    LocalService => 87510400 B
    NetworkService => 97443646 B
    ronny => 304494342 B

    RecycleBin => 0 B
    EmptyTemp: => 2.2 GB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 29-03-2022 14:28:49)

    C:\Windows\Temp\CropAssist.log => Could not move

    ==== End of Fixlog 14:28:49 ====

    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.1.0
    # -------------------------------
    # Build: 11-18-2021
    # Database: 2022-03-15.3 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 03-29-2022
    # Duration: 00:00:12
    # OS: Windows 10 Home
    # Cleaned: 15
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted C:\ProgramData\SecuritySuite
    Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV

    ***** [ Files ] *****

    Deleted C:\Users\ronny\Downloads\TOTALAV_SETUP.EXE
    Deleted C:\Users\ronny\Downloads\tinstall.exe

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\SSProtect
    Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
    Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
    Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
    Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
    Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityServiceMonitor

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    Deleted azlyrics.com

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
    Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
    Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [2691 octets] - [29/03/2022 14:33:58]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 3/29/22
    Scan Time: 2:44 PM
    Log File: b1feed30-af98-11ec-b1cf-5065f31c66a8.json

    -Software Information-
    Version: 4.5.2.157
    Components Version: 1.0.1562
    Update Package Version: 1.0.53012
    License: Trial

    -System Information-
    OS: Windows 10 (Build 19042.1586)
    CPU: x64
    File System: NTFS
    User: Dads\ronny

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 320665
    Threats Detected: 1
    Threats Quarantined: 0
    Time Elapsed: 12 min, 28 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 1
    PUP.Optional.DotSetupIo, C:\USERS\RONNY\DOWNLOADS\MEMU-SETUP-ABROAD-SDK.EXE, No Action By User, 864, 1000511, 1.0.53012, , ame, , 6CC9A78E4778F77343CA22CB09CC8BE5, DCBD77AD65145AB5AA64B8C08608991A6CC23DAABF02CF0695F2261DA3EC5B7D

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Go to https://download.eset.com/com/eset/t...inescanner.exe



    It will start a download of "esetonlinescanner.exe"

    Save the file to your system, such as the Downloads folder, or else to the Desktop.
    Go to the saved file, and double click it to get it started.


    When presented with the initial ESET options, click on "Computer Scan".
    Next, when prompted by Windows, allow it to start by clicking Yes
    When prompted for scan type, Click on Full scan
    Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

    Have patience. The entire process may take an hour or more. There is an initial update download.
    There is a progress window display. You may step away from machine &. Let it be.

    You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

    When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked View detected results.
    Click The blue Save scan log to save the log.
    If something was removed and you know it is a false finding, you may click on the blue Restore cleaned files ( in blue, at bottom).

    Press Continue when all done. You should click to off the offer for periodic scanning.

    Please make sure you attach the log report.

    Whats the computer doing now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    it seems to be better, eset is running now and will give report soon.

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Thank you
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I've got to call it a night, I'll check back first thing in the morning.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    ok juliet that was a long scan!

    3/29/2022 20:56:16 PM
    Files scanned: 578832
    Detected files: 7
    Cleaned files: 7
    Total scan time 03:42:07
    Scan status: Finished
    C:\FRST\Quarantine\C\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk.xBAD LNK/MetaOpera.A potentially unwanted application cleaned by deleting

    C:\Users\ronny\Downloads\Dwyco VideoChat Community_2.10(1).exe a variant of MSIL/Adaware.A potentially unwanted application,a variant of MSIL/Adaware.H potentially unwanted application cleaned by deleting

    C:\Users\ronny\Downloads\Dwyco VideoChat Community_2.10.exe a variant of MSIL/Adaware.A potentially unwanted application,a variant of MSIL/Adaware.H potentially unwanted application cleaned by deleting

    C:\Users\ronny\Downloads\freemake-video-converter-4-1-11.exe a variant of Win32/Freemake.C potentially unwanted application cleaned by deleting

    C:\Users\ronny\Downloads\PDF_Suite_2020_Installer.exe a variant of Win32/LuluSoftware.K potentially unwanted application cleaned by deleting

    C:\Users\ronny\Downloads\protected-folder-setup.exe a variant of Win32/IObit.AD potentially unwanted application cleaned by deleting

    C:\Users\ronny\OneDrive\Desktop\facebook.lnk LNK/MetaOpera.A potentially unwanted application cleaned by deleting

  9. #9
    Senior Member
    Join Date
    Feb 2008
    Location
    L.A. (Lower Arkansas)
    Posts
    381

    Default

    that's ok i'm sure it's late for you.

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Computer still OK?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •