[SOLVED] hello, new here and pc has trouble, but not sure what kind...

[DR M]

ok dr. here is fixlog and i changed setting to select all TSL boxes. also earlier today i noticed an email from yahoo included a link i'd never hit on so i tried it and yes, yahoo opened up and i was able to open emails. i don't know what changed that but glad something did!

What do you mean? A link in an email from Yahoo?

Is the initial problem solved because you used that link for Yahoo? Please explain exactly what you mean and if you are experiencing any other issue right now.

In any case, since the topic is moved to the Security Arena section, let's make some other checks, to make sure that the computer is malware free.


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now.
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Filestab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)

I know you said that you already performed a scan with Malwarebytes. Let's do another scan with the following settings set.

• Open Malwarebytes you have already installed in your computer.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is NOT checked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

In your next reply, please post:

1. The AdwCleaner[S0*].txt
2. The Malwarebytes report

 

[rb56]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 4/1/22
Protection Event Time: 7:01 PM
Log File: 10719d78-b218-11ec-b647-5065f31c66a8.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.53117
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1586)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: PUP
Domain: restoro.com
IP Address: 50.56.4.238
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe



(end)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/5/22
Scan Time: 5:02 PM
Log File: 0769bd02-b52c-11ec-9433-5065f31c66a8.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.53299
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1586)
CPU: x64
File System: NTFS
User: Dads\ronny

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 327076
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 15 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[DR M]

Hello.

1. Reset Edge Settings / Run Malwarebytes

• Open Edge
• In the top right corner, click on Microsoft Edge’s main menu button, represented by three horizontal dots. When the drop-down menu appears, click on “Settings“.
• On the left side of the window, click on “Reset Settings”.
• In the main window, click on “Restore settings to their default values”.
• A confirmation dialog should now be displayed, detailing the components that will be restored to their default state should you continue on with the reset process. To complete the restoration process, click on the “Reset” button.
• Restart Edge and run Malwarebytes again as you did before.

2. AdwCleaner

Please, run AdwCleaner as instructed above (Step 1 in my previous post)

 

[rb56]

ok dr. thank you i hope i did this right as you instructed.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/6/22
Scan Time: 1:18 AM
Log File: 650a6138-b571-11ec-a9ce-5065f31c66a8.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.53311
License: Premium

-System Information-
OS: Windows 10 (Build 19043.1586)
CPU: x64
File System: NTFS
User: Dads\ronny

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 327806
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 18 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[DR M]

That's fine, but you didn't run the AdwCleaner scan yet.

Here are the instructions again:

1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now.
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Filestab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

 

[rb56]

ok dr. here ya go

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-06-2022
# Duration: 00:00:10
# OS: Windows 10 Home
# Scanned: 32043
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1406 octets] - [05/04/2022 16:57:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

 

[DR M]

Good! The log is clean.

How is the computer running now? Any remaining issue/question/concern?

Let's see fresh FRST logs now, to ensure that everything is fine.

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

 

[rb56]

ok dr. here is the new frst and the pc seems to be running much better. none of the previous craziness is taking place. thanks again!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2022
Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (07-04-2022 06:37:41)
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Platform: Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe ->) (Logitech Inc -> Logitech Europe S.A.) C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\UpdateBrowserForApp.exe
(C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\UpdateBrowserForApp.exe ->) (Microsoft Corporation -> ) C:\Users\ronny\AppData\Local\Temp\IXP001.TMP\UpdateBrowserForApp.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <19>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SndVol.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Baltic Latvian Universal Electronics LLC -> ) C:\Program Files\Blue Sherpa\sherpa_service.exe
(services.exe ->) (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
(services.exe ->) (NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9240512 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492928 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [VRS] => C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [10585376 2022-03-27] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [ASUS WebStorage Timeline Backup] => C:\Program Files (x86)\ASUS WebStorage Timeline Backup\ASUS WebStorage Timeline Backup\1.0.0.23\ASUSWebStorageTimelineBackup_.exe [3310592 2021-09-29] (ASUS Cloud Corporation) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Sound Blaster Audigy Fx Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe [861184 2013-11-08] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe"
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2623368 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148288 2021-12-10] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\ronny\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Samsung DeX] => C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe [10484392 2021-07-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CTRegRun] => C:\WINDOWS\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd) [File not signed]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [BingWallpaperApp] => C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13877136 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [MicrosoftEdgeAutoLaunch_48A1A4294CCEB77515622EF96F55E31B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3540392 2022-04-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [31193688 2021-08-16] (PALTALK, INC. -> AVM Software)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {36EE3A7E-07D4-4A76-BCE5-42FDCFECFFA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
Task: {561E6F49-EC06-4A67-AF3C-7321394EE673} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
Task: {61138F18-50B3-4CBE-9A58-B5EF6E42974C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {736797C2-5509-47BC-A6F8-4CBC4779D4CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {7466EFFA-3EB7-4D22-A96A-0F6DB0AD37B5} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200320 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E5A3594-0820-4D63-B9E4-D7D991622924} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {9805F2E9-A583-4063-86FF-0C47CE56A48C} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {9EC3A1CD-9913-4FB7-AA5D-3940F7FD5B45} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200320 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {B5E009DC-02AA-4430-AC3B-B6A876D34023} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C53BB61C-4C18-407E-9900-9BA987531E05} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {E85E19FD-0C98-4D06-8129-FC4964EDB436} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F282F2B9-0D6C-40A0-80C3-D3FC013B9F6E} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [97960 2021-09-06] (CyberLink Corp. -> CyberLink Corp.)
Task: {F6DD5446-212A-4D13-AC47-C142DC6F1408} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22c5832e-a5cc-4454-ad43-7e2ec265982e}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\ronny\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-07]
Edge DownloadDir: Default -> C:\Users\ronny\Downloads
Edge Notifications: Default -> hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://https//:yahoo.com
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
Edge Extension: (Total Adblock - Ad Blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kkkldohdhcfhpjchcefpkfhjfeapdmek [2022-04-06]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-03-09]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 6nm8fvx2.default-1611594858898
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 [2022-04-04]
FF Homepage: Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 -> hxxps://www.bing.com/?pc=W091
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\ntamu3y2.default-1618974619849 [2022-04-05]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddojnmkongaimkdddgmcccldlfhokcfb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable [2022-04-04]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-25]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-03-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106944 2017-06-29] (Andrea Electronics -> Andrea Electronics Corporation)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2022-03-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-07-15] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncHelper.exe [3389824 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-03-29] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.055.0313.0001\OneDriveUpdaterService.exe [3867512 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-14] (PALTALK, INC. -> AVM Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [626344 2021-09-06] (CyberLink Corp. -> CyberLink)
R2 sherpa_service; C:\Program Files\Blue Sherpa\sherpa_service.exe [348080 2020-08-01] (Baltic Latvian Universal Electronics LLC -> )
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AFXfilt; C:\WINDOWS\system32\drivers\AFXfilt.sys [33792 2017-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [53616 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 EvoMouseDriverMini; C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [25952 2018-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Evoluent)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-03-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-03-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-04-06] (Malwarebytes Inc -> Malwarebytes)
R3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-03-12] (NCH Software Pty Ltd -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-06 03:35 - 2022-04-06 03:35 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-04-06 03:33 - 2022-04-06 03:33 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-04-06 03:32 - 2022-04-06 03:32 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-04-05 23:32 - 2022-04-05 23:32 - 006727656 _____ ( ) C:\Users\ronny\Downloads\crossout_launcher_1.0.3.147 (2).exe
2022-04-05 23:25 - 2022-04-06 03:29 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout
2022-04-05 23:25 - 2022-04-06 03:29 - 000000000 ____D C:\Users\ronny\AppData\Local\Crossout
2022-04-05 23:25 - 2022-04-05 23:25 - 006727656 _____ ( ) C:\Users\ronny\Downloads\crossout_launcher_1.0.3.147 (1).exe
2022-04-05 23:24 - 2022-04-05 23:24 - 006727656 _____ ( ) C:\Users\ronny\Downloads\crossout_launcher_1.0.3.147.exe
2022-04-05 16:56 - 2022-04-05 16:57 - 000000000 ____D C:\AdwCleaner
2022-04-05 16:54 - 2022-04-05 16:55 - 008540344 _____ (Malwarebytes) C:\Users\ronny\Downloads\AdwCleaner.exe
2022-04-05 00:23 - 2022-04-05 00:23 - 001257743 _____ (Dwyco, Inc. ) C:\Users\ronny\Downloads\dwyco297 (5).exe
2022-04-05 00:23 - 2022-04-05 00:23 - 001257743 _____ (Dwyco, Inc. ) C:\Users\ronny\Downloads\dwyco297 (4).exe
2022-04-03 14:32 - 2022-04-07 06:38 - 000000000 ____D C:\FRST
2022-04-03 12:52 - 2022-04-03 12:52 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2022-04-03 12:33 - 2022-04-03 12:33 - 000000000 ____D C:\Users\ronny\Downloads\ProcessExplorer (1)
2022-04-03 12:32 - 2022-04-03 12:32 - 002650810 _____ C:\Users\ronny\Downloads\ProcessExplorer (1).zip
2022-04-02 02:09 - 2022-04-02 02:09 - 013471344 _____ C:\Users\ronny\Downloads\MB-SupportTool.exe
2022-04-02 01:56 - 2022-04-03 03:41 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2022-04-01 02:14 - 2022-04-01 02:14 - 000002118 _____ C:\Users\Public\Desktop\WGT Golf.lnk
2022-04-01 02:13 - 2022-04-01 02:13 - 002383872 _____ C:\Users\ronny\Downloads\WGTLauncher (3).msi
2022-03-31 22:57 - 2022-03-31 22:57 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2022-03-31 22:55 - 2017-12-21 00:55 - 001435104 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000467120 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000381376 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000231880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000190512 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000096024 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000093456 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000092440 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000092440 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000090880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000088280 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000083592 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 001353288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000691640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000392832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000220352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000116504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000093864 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2022-03-31 22:55 - 2017-12-21 00:43 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2022-03-31 22:55 - 2017-12-21 00:40 - 003677120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2022-03-31 22:55 - 2017-12-21 00:40 - 003205568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2022-03-31 22:55 - 2017-12-21 00:39 - 072520680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2022-03-31 22:55 - 2017-12-21 00:39 - 002922944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2022-03-31 22:55 - 2017-12-21 00:38 - 000122280 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2022-03-31 22:55 - 2017-12-21 00:01 - 015335659 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2022-03-31 22:35 - 2022-03-31 22:35 - 000000000 ___HD C:\$WinREAgent
2022-03-31 10:27 - 2022-03-31 10:27 - 000000000 ____D C:\Users\ronny\Downloads\wumt
2022-03-31 10:07 - 2022-03-31 10:07 - 008603549 _____ C:\Users\ronny\Downloads\wumt (1).zip
2022-03-31 10:02 - 2022-03-31 10:02 - 008603549 _____ C:\Users\ronny\Downloads\wumt.zip
2022-03-31 09:58 - 2022-03-31 09:58 - 010158832 _____ (Tonec Inc.) C:\Users\ronny\Downloads\Unconfirmed 611218.crdownload
2022-03-31 09:56 - 2022-03-31 09:57 - 067503948 _____ C:\Users\ronny\Downloads\Unconfirmed 528429.crdownload
2022-03-31 09:56 - 2022-03-31 09:56 - 067503948 _____ C:\Users\ronny\Downloads\Unconfirmed 751268.crdownload
2022-03-30 23:24 - 2022-03-30 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-03-29 17:08 - 2022-03-31 10:39 - 000001385 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-03-29 14:42 - 2022-03-29 14:43 - 000000000 ____D C:\Program Files\Malwarebytes
2022-03-29 14:41 - 2022-03-29 14:41 - 202117816 _____ (Malwarebytes) C:\Users\ronny\Downloads\MBSetup-0076911.0076911-4.5.2.157.exe
2022-03-28 18:48 - 2022-03-28 18:49 - 000018140 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2022-03-28 18:48 - 2022-03-28 18:48 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (5).exe
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-03-25 09:21 - 2022-03-25 09:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Opera Software
2022-03-25 09:20 - 2022-03-25 09:20 - 002754824 _____ (Opera Software) C:\Users\ronny\Downloads\OperaSetup.exe
2022-03-25 09:20 - 2022-03-25 09:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Opera Software
2022-03-16 22:08 - 2022-04-07 02:38 - 009031680 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.sql
2022-03-16 22:08 - 2022-04-06 03:50 - 009031680 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.old.sql
2022-03-16 22:08 - 2022-03-16 22:08 - 430067712 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-a6a29945429dd8db4edc.sql
2022-03-13 18:06 - 2022-03-13 18:06 - 000125635 _____ C:\Users\ronny\Downloads\Account e-Statement - January 2022.pdf
2022-03-11 19:23 - 2022-03-11 19:23 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-11 19:22 - 2022-03-11 19:22 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-11 19:21 - 2022-03-11 19:21 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-11 19:21 - 2022-03-11 19:21 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-03-11 19:21 - 2022-03-11 19:21 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-03-08 20:16 - 2022-03-08 20:16 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-07 06:12 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-07 02:31 - 2021-01-03 02:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-07 01:49 - 2021-01-03 02:20 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
2022-04-06 23:26 - 2021-12-12 15:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001
2022-04-06 23:26 - 2021-09-11 17:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-04-06 23:26 - 2021-02-26 03:43 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-04-06 23:26 - 2021-02-26 03:43 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-06 15:40 - 2020-09-30 01:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-04-06 14:20 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-06 14:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-06 12:30 - 2020-07-01 22:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2022-04-06 12:30 - 2020-06-08 11:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-04-06 03:37 - 2021-01-03 02:17 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-06 03:37 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-06 03:31 - 2021-01-03 02:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-06 03:31 - 2021-01-03 02:02 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-06 03:29 - 2021-05-05 00:41 - 000000000 ____D C:\Users\ronny\Downloads\Vista
2022-04-06 03:29 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-04-06 03:21 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\registration
2022-04-06 02:24 - 2020-07-01 22:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Google
2022-04-06 02:24 - 2019-10-23 15:40 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-03 14:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-04-03 03:41 - 2020-09-24 04:44 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2022-04-02 13:33 - 2020-11-12 22:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2022-04-01 18:05 - 2020-07-19 08:00 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-01 18:05 - 2020-07-19 08:00 - 000002355 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-01 02:43 - 2020-12-19 14:40 - 000000000 ____D C:\Users\ronny\AppData\Local\ESET
2022-04-01 02:42 - 2020-12-20 17:45 - 000000000 ____D C:\KPRM
2022-04-01 02:15 - 2021-06-20 22:05 - 000000000 ____D C:\Users\ronny\AppData\Local\SimplePatchToolDls
2022-03-31 22:57 - 2021-12-28 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2022-03-31 22:56 - 2021-06-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-03-31 22:55 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-31 00:52 - 2020-12-29 10:43 - 000000000 ____D C:\Users\ronny\AppData\Local\vback
2022-03-30 23:25 - 2021-01-16 09:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2022-03-29 14:43 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-29 14:36 - 2021-01-10 10:13 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-03-29 14:36 - 2021-01-10 10:12 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2022-03-29 14:26 - 2021-08-26 04:35 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Temp
2022-03-28 18:48 - 2020-12-18 21:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2022-03-24 10:41 - 2020-09-16 13:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-24 00:08 - 2021-01-03 02:08 - 000000000 ____D C:\Users\ronny
2022-03-23 21:13 - 2020-09-30 01:17 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2022-03-23 21:12 - 2020-09-30 01:17 - 000483664 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-03-20 20:48 - 2021-01-03 02:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2022-03-19 02:09 - 2021-01-16 09:34 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2022-03-19 02:09 - 2021-01-16 09:34 - 000000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2022-03-19 02:09 - 2021-01-03 02:03 - 000444392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-19 02:06 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-15 07:40 - 2019-10-23 14:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 19:20 - 2021-01-03 02:06 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-03-11 18:48 - 2020-07-02 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-11 18:44 - 2020-07-02 02:27 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-10 22:17 - 2021-01-16 09:34 - 000003874 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2022-03-10 22:17 - 2021-01-16 09:34 - 000003642 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2022-03-10 04:59 - 2020-07-02 19:49 - 000000000 ____D C:\Program Files\UNP
2022-03-10 02:22 - 2021-01-19 18:57 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e19fdc9c5413
2022-03-10 02:22 - 2021-01-03 02:20 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

==================== Files in the root of some directories ========

2020-12-27 15:29 - 2020-12-27 15:29 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
2020-12-27 15:29 - 2020-12-27 15:29 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2020-07-10 05:21 - 2020-07-10 05:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-06-30 21:12 - 2021-06-30 21:12 - 000007597 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by ronny (07-04-2022 06:42:26)
Running from C:\Users\ronny\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) (2021-01-03 07:21:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS WebStorage Timeline Backup (HKLM-x32\...\ASUS WebStorage Timeline Backup) (Version: 1.0.0.23 - ASUS Cloud Corporation)
Bing Wallpaper (HKLM-x32\...\{9FBBDD1D-2CE0-4DC7-B7F8-026F6668DBD3}) (Version: 1.0.9.6 - Microsoft Corporation)
Blue Sherpa (HKLM-x32\...\Blue Sherpa) (Version: 1.4.16 - Blue Microphones)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Crossout Launcher 1.0.3.147 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\CrossOutLauncher_is1) (Version: - )
CyberLink PowerDirector 365 (HKLM-x32\...\{278A8296-12A6-4CD0-8A8E-6947948477C5}) (Version: 20.0.2106.0 - CyberLink Corp.)
DeskFX Audio Effect Processor (HKLM-x32\...\DeskFX) (Version: 3.14 - NCH Software)
Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 145.4.4921 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D0873D1A-C420-483C-A2B7-08AACD6CAC00}) (Version: 12.18.34.21 - HP Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001100-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.100.1.1 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Java 8 Update 321 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - )
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
Maxthon (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Maxthon) (Version: 6.1.0.2000 - Maxthon Ltd.)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.5.1000 - Maxthon International Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 7.10 - NCH Software)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Firefox 78.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 78.6.0 ESR (x64 en-US)) (Version: 78.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.0 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 8.00 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8328 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
Samsung DeX (HKLM-x32\...\{2EB6072C-55E0-4AA0-A851-A34A5D64F6C9}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{3d6025db-b129-4813-84ac-91328af71882}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Sound Blaster Audigy Fx (HKLM-x32\...\{77CE1865-F3B9-4B6D-A558-28674AE7787E}) (Version: 1.00.06 - Creative Technology Limited)
Sound Blaster Audigy Fx Extras (HKLM-x32\...\{52272D09-08E0-4A57-BC14-BC09F5D7AE26}) (Version: 1.0 - Creative Technology Limited)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 10.56 - NCH Software)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.75 - NCH Software)
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
War Thunder Launcher 1.0.3.282 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
Wargaming.net Game Center (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Wargaming.net Game Center) (Version: 21.8.2.7331 - Wargaming.net)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 12.23 - NCH Software)
WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
World of Tanks NA (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net)
World_of_Warplanes (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWP.WW.PRODUCTION) (Version: - Wargaming.net)
World_of_Warships (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWS.WW.PRODUCTION) (Version: - Wargaming.net)
Y8 Browser 1.0.10 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)
Packages:
=========
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.2.1.0_x64__0aqw1zw0x2snt [2022-04-06] (韵华软件)
AutoCAD Mobile -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_8.23.0.0_x64__tf1gferkr813w [2022-04-06] (Autodesk Inc.)
City Racing 3D 2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.5.0_x64__3ag0hv5nd203a [2022-04-06] (成都羽珀科技有限责任公司) [MS Ad]
DrawPad Graphic Design Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_8.2.2.0_x86__7kedsbyvzns34 [2022-04-06] (NCH Software)
Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_2.0.1.0_x64__0ah1jqwq7j8nj [2022-04-06] (Ironjaw Studios Private Limited)
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.60.0_x64__xsbsxxypt8dh6 [2022-04-06] (eyacker.com)
Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.13.0_x64__q68sgvev02mx6 [2022-04-06] (Swisspix) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-04-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-04-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-04-06] (Microsoft Studios) [MS Ad]
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2022-04-06] (Keith Lam)
Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_3.0.9.0_neutral__gvheqymwk6zrr [2022-04-06] (Zero Byte) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-04-06] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-06] (Microsoft Corporation)
Speech to Text -> C:\Program Files\WindowsApps\49600POONFAMILY.SpeechtoText_1.1.0.2_x86__cjkmrjc535bpe [2022-04-06] (POONFAMILY) [MS Ad]
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.3.0_x64__1722q061jff9j [2022-04-06] (Best Game Studio) [MS Ad]
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2022-04-06] (LSongBee) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\ronny\AppData\Local\Maxthon\Application\6.1.0.2000\notification_helper.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\ronny\Dropbox [2021-01-21 15:24]
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{e4211cc1-dab9-49db-af72-8e71f657e3c5}\localserver32 -> C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe (NCH Software, Inc. -> NCH Software)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-29] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2011-09-16 05:04 - 2011-09-16 05:04 - 000238080 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\CTLoadRs.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2022-03-29 14:21 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2021-01-12 09:13 - 2021-01-12 09:13 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20220407.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VRS"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "ASUS WebStorage Timeline Backup"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Samsung DeX"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CTRegRun"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{2922ECB1-0E0C-4A76-A62C-3350B2E84E37}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe => No File
FirewallRules: [UDP Query User{E29CD2A1-6C5F-45EE-BE3F-0BBFE0580461}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe => No File
FirewallRules: [TCP Query User{A2EF3C15-B27E-46A3-9AF5-9BFBADA7C7A1}C:\users\ronny\appdata\local\crossout\launcher.exe] => (Allow) C:\users\ronny\appdata\local\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{D23D5FBF-6D51-4D2B-A189-AEC57F83DB59}C:\users\ronny\appdata\local\crossout\launcher.exe] => (Allow) C:\users\ronny\appdata\local\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [TCP Query User{16109D72-D5B3-476F-BB96-4745F34A4DF1}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
FirewallRules: [UDP Query User{5850073C-9A96-4F46-BC72-1ACF5CCE1F84}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
==================== Restore Points =========================
04-04-2022 22:08:24 Scheduled Checkpoint
06-04-2022 03:15:23 Restore Operation
==================== Faulty Device Manager Devices ============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/07/2022 05:42:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5656
Error: (04/07/2022 05:42:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5656
Error: (04/07/2022 05:42:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2022 05:42:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3734
Error: (04/07/2022 05:42:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3734
Error: (04/07/2022 05:42:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2022 05:42:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1859
Error: (04/07/2022 05:42:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1859
System errors:
=============
Error: (04/06/2022 01:13:49 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.
Error: (04/04/2022 05:22:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The cphs service terminated with the following error:
%%2147942659 = No more data is available.
Error: (04/04/2022 05:21:08 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.
Windows Defender:
================
Date: 2022-04-05 18:30:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-04 17:45:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2022-04-06 01:31:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.1317.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2022-04-06 01:31:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.1317.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80070102
Error description: The wait operation timed out.
==================== Memory info ===========================
BIOS: Hewlett-Packard L01 v02.65 07/13/2015
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 60%
Total physical RAM: 8082.33 MB
Available physical RAM: 3160.52 MB
Total Virtual: 9362.33 MB
Available Virtual: 2581.95 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:709.05 GB) NTFS
Drive d: (SB_INSTALL) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
\\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ () (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=749 MB) - (Type=27)
==================== End of Addition.txt =======================

 

[DR M]

Hi, rb.

It is important while the cleaning procedure runs, not to download/install anything, and I already mentioned that to you. I see that you did download and install new stuff (e.g. Crossout Lancher).

I'm glad the computer is running much better right now. Let's move on to complete all the necessary steps.


1. Uninstall programs / Java

Since you decided to remove the pre-installed softare before, you may need to consider uninstall the following:

HP Support Assistant
HP Support Solutions Framework

In this step, you may also consider to uninstall any other program you do not need/use.

I would like to make a special comment regarding Java. There are very few reasons these days to continue having Java installed on your computer and sometimes, especially if you forget to update it, it consists a security risk. If you don't really need it, please uninstall it.


2. AdBlockers

You have two adblockers extensions in Edge: AdBlock and Total AdBlock. Choose one, and remove the other, since both may cause issues.


3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {9805F2E9-A583-4063-86FF-0C47CE56A48C} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {C53BB61C-4C18-407E-9900-9BA987531E05} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {F282F2B9-0D6C-40A0-80C3-D3FC013B9F6E} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [97960 2021-09-06] (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{2922ECB1-0E0C-4A76-A62C-3350B2E84E37}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe => No File
FirewallRules: [UDP Query User{E29CD2A1-6C5F-45EE-BE3F-0BBFE0580461}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe => No File
FirewallRules: [TCP Query User{16109D72-D5B3-476F-BB96-4745F34A4DF1}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
FirewallRules: [UDP Query User{5850073C-9A96-4F46-BC72-1ACF5CCE1F84}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
EmptyTemp:
End::

• Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Please post the log in your next reply.

4. Upgrading the system

You are still running update 21H1. The latest Windows 10 update is 21H2. It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

I recommend you to follow the next steps to upgrate your operating system. The procedure will reinstall and update the operating system and fix any corruptions (if any), without removing any file or program.

• Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
• Save the tool on your Desktop and double click to run it.
• On the License terms page, if you accept the license terms, select Accept.
• On the What do you want to do page, select Upgrade this PC now, and then select Next.
• Follow the instructions and select Keep personal files and apps, when you are asked to.
• It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
• After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

In your next reply please post:

1. Which programs did you uninstall (if any)
2. If removing the adblocker went fine
3. The fixlog.txt
4. If the upgrade successfully completed

 

[rb56]

ok dr. sorry for the delay. ok i uninstalled the two hp's above, the cross whatever (i didn't know it did). the adblocker was an extension and was removed. i've had updates selected for automatic and checked often to insure they had. the upgrade installed as best as i can tell and runs fine.

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by ronny (08-04-2022 16:10:42) Run:3
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {9805F2E9-A583-4063-86FF-0C47CE56A48C} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {C53BB61C-4C18-407E-9900-9BA987531E05} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {F282F2B9-0D6C-40A0-80C3-D3FC013B9F6E} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [97960 2021-09-06] (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{2922ECB1-0E0C-4A76-A62C-3350B2E84E37}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe => No File
FirewallRules: [UDP Query User{E29CD2A1-6C5F-45EE-BE3F-0BBFE0580461}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe => No File
FirewallRules: [TCP Query User{16109D72-D5B3-476F-BB96-4745F34A4DF1}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
FirewallRules: [UDP Query User{5850073C-9A96-4F46-BC72-1ACF5CCE1F84}C:\program files\dwyco2\cdc32.exe] => (Allow) C:\program files\dwyco2\cdc32.exe => No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8663AC4B-AB4E-42A4-A137-E14AC8DFB327}" => not found
"C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9805F2E9-A583-4063-86FF-0C47CE56A48C}" => not found
"C:\WINDOWS\System32\Tasks\CLToast" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CLToast" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0}" => not found
"C:\WINDOWS\System32\Tasks\Maxthon Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Maxthon Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C53BB61C-4C18-407E-9900-9BA987531E05}" => not found
"C:\WINDOWS\System32\Tasks\CLToastRun" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CLToastRun" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F282F2B9-0D6C-40A0-80C3-D3FC013B9F6E}" => not found
"C:\WINDOWS\System32\Tasks\PowerDirectorStyleAgent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PowerDirectorStyleAgent" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2922ECB1-0E0C-4A76-A62C-3350B2E84E37}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E29CD2A1-6C5F-45EE-BE3F-0BBFE0580461}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{16109D72-D5B3-476F-BB96-4745F34A4DF1}C:\program files\dwyco2\cdc32.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5850073C-9A96-4F46-BC72-1ACF5CCE1F84}C:\program files\dwyco2\cdc32.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20098192 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 309638 B
Edge => 0 B
Firefox => 5006386 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3754 B
ronny => 9634737 B

RecycleBin => 459876 B
EmptyTemp: => 34.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:11:44 ====

 

[DR M]

Hi, rb.

You must have run the fix twice, that's why the "Not found" indication in the fixlog.

Since you removed the 2 HP programs, let's see fresh FRST logs and remove any possible remnants. As to Crossout, is a game, and it seems that it was installed in your computer a few days ago.

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

 

[rb56]

ok dr. thanks...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2022
Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (09-04-2022 09:11:10)
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Platform: Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe ->) (Logitech Inc -> Logitech Europe S.A.) C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <22>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Baltic Latvian Universal Electronics LLC -> ) C:\Program Files\Blue Sherpa\sherpa_service.exe
(services.exe ->) (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe <14>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1525_none_7e00daaa7c97a563\TiWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9240512 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492928 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [VRS] => C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [10585376 2022-03-27] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [ASUS WebStorage Timeline Backup] => C:\Program Files (x86)\ASUS WebStorage Timeline Backup\ASUS WebStorage Timeline Backup\1.0.0.23\ASUSWebStorageTimelineBackup_.exe [3310592 2021-09-29] (ASUS Cloud Corporation) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Sound Blaster Audigy Fx Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe [861184 2013-11-08] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2623368 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2623368 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2623368 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148288 2021-12-10] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\ronny\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Samsung DeX] => C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe [10484392 2021-07-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CTRegRun] => C:\WINDOWS\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd) [File not signed]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [BingWallpaperApp] => C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13877136 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [MicrosoftEdgeAutoLaunch_48A1A4294CCEB77515622EF96F55E31B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3540384 2022-04-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {118204E2-8FDF-417E-BC14-50CC2552E5C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {174FE713-2726-4D89-B2A9-B8E5AB566B44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36EE3A7E-07D4-4A76-BCE5-42FDCFECFFA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
Task: {39D6564C-92B5-47C3-B094-7005DBBA73FF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {561E6F49-EC06-4A67-AF3C-7321394EE673} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
Task: {736797C2-5509-47BC-A6F8-4CBC4779D4CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {7466EFFA-3EB7-4D22-A96A-0F6DB0AD37B5} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200320 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {9EC3A1CD-9913-4FB7-AA5D-3940F7FD5B45} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200320 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {E670A618-F3AA-476B-8CE2-F64F63DBA855} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E85E19FD-0C98-4D06-8129-FC4964EDB436} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22c5832e-a5cc-4454-ad43-7e2ec265982e}: [DhcpNameServer] 192.168.1.1
Edge:
=======
DownloadDir: C:\Users\ronny\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-09]
Edge DownloadDir: Default -> C:\Users\ronny\Downloads
Edge Notifications: Default -> hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://https//:yahoo.com
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-03-09]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 6nm8fvx2.default-1611594858898
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 [2022-04-08]
FF Homepage: Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 -> hxxps://www.bing.com/?pc=W091
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\ntamu3y2.default-1618974619849 [2022-04-08]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddojnmkongaimkdddgmcccldlfhokcfb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable [2022-04-04]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-25]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-03-25]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106944 2017-06-29] (Andrea Electronics -> Andrea Electronics Corporation)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2022-03-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-07-15] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncHelper.exe [3389824 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-03-29] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.055.0313.0001\OneDriveUpdaterService.exe [3867512 2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-14] (PALTALK, INC. -> AVM Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [626344 2021-09-06] (CyberLink Corp. -> CyberLink)
R2 sherpa_service; C:\Program Files\Blue Sherpa\sherpa_service.exe [348080 2020-08-01] (Baltic Latvian Universal Electronics LLC -> )
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFXfilt; C:\WINDOWS\system32\drivers\AFXfilt.sys [33792 2017-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [53616 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 EvoMouseDriverMini; C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [25952 2018-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Evoluent)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-03-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-04-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-03-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-04-08] (Malwarebytes Inc -> Malwarebytes)
S3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-03-12] (NCH Software Pty Ltd -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-08 19:55 - 2022-04-08 19:55 - 006216853 _____ C:\Users\ronny\Downloads\20220407_160124.mp4
2022-04-08 19:55 - 2022-04-08 19:55 - 006216853 _____ C:\Users\ronny\Downloads\20220407_160124 (1).mp4
2022-04-08 16:15 - 2022-04-08 16:15 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-04-08 16:15 - 2022-04-08 16:15 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-04-08 16:14 - 2022-04-08 16:14 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-04-08 15:55 - 2022-04-08 13:17 - 000000000 ____D C:\Windows.old
2022-04-08 13:51 - 2022-04-08 13:51 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-04-08 13:48 - 2022-04-08 13:48 - 000000020 ___SH C:\Users\ronny\ntuser.ini
2022-04-08 13:15 - 2022-04-09 05:47 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
2022-04-08 13:15 - 2022-04-08 16:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-08 13:15 - 2022-04-08 13:16 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001
2022-04-08 13:15 - 2022-04-08 13:15 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-04-08 13:15 - 2022-04-08 13:15 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-08 13:15 - 2022-04-08 13:15 - 000003328 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2022-04-08 13:15 - 2022-04-08 13:15 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e19fdc9c5413
2022-04-08 13:15 - 2022-04-08 13:15 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-08 13:15 - 2022-04-08 13:15 - 000003104 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2022-04-08 13:15 - 2022-04-08 13:15 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-04-08 13:15 - 2022-04-08 13:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2022-04-08 13:15 - 2022-04-08 13:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-04-08 13:15 - 2022-04-08 13:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-04-08 13:15 - 2022-04-08 13:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-04-08 13:15 - 2019-10-23 15:26 - 000002852 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2550722309-3792821881-174194002-500
2022-04-08 13:15 - 2019-10-23 14:36 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2303179964-73108507-2273461309-500
2022-04-08 13:13 - 2022-04-08 13:15 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2022-04-08 13:13 - 2022-04-08 13:15 - 000007623 _____ C:\WINDOWS\diagerr.xml
2022-04-08 13:10 - 2022-04-08 16:19 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-08 13:02 - 2022-04-08 13:02 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2022-04-08 13:01 - 2020-06-01 05:04 - 000103744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2022-04-08 13:01 - 2020-06-01 05:04 - 000099640 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2022-04-08 12:57 - 2022-04-09 09:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-08 12:57 - 2022-04-08 12:58 - 000444392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-04-08 12:36 - 2022-04-08 15:56 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-04-08 12:35 - 2022-04-08 13:48 - 000000000 ____D C:\Users\ronny
2022-04-08 12:34 - 2022-04-08 12:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-04-08 12:27 - 2022-04-08 12:27 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-04-08 12:20 - 2022-04-08 12:20 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-04-08 12:19 - 2022-04-08 12:19 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-04-08 12:19 - 2022-04-08 12:19 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-04-08 12:18 - 2022-04-08 12:18 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-04-08 12:18 - 2022-04-08 12:18 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-04-08 12:18 - 2022-04-08 12:18 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-04-08 12:17 - 2022-04-08 12:17 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-04-08 12:17 - 2022-04-08 12:17 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-04-08 12:17 - 2022-04-08 12:17 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-04-08 12:16 - 2022-04-08 12:16 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-04-08 11:54 - 2022-04-08 11:54 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-04-08 11:54 - 2022-04-08 11:54 - 000000000 ____D C:\Program Files\MSBuild
2022-04-08 11:54 - 2022-04-08 11:54 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-04-08 11:54 - 2022-04-08 11:54 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-04-08 11:45 - 2022-04-08 11:45 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-04-08 11:22 - 2022-04-08 13:49 - 000000000 ___DC C:\WINDOWS\Panther
2022-04-08 11:04 - 2022-04-08 11:04 - 000000000 ___HD C:\$Windows.~WS
2022-04-08 01:01 - 2022-04-08 01:02 - 063022408 _____ (Dwyco, Inc. ) C:\Users\ronny\Downloads\cdcxdwy (3).exe
2022-04-07 11:18 - 2022-04-08 11:21 - 000000000 ____D C:\ESD
2022-04-07 08:23 - 2022-04-08 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dwyco2
2022-04-07 08:23 - 2022-04-08 01:20 - 000000000 ____D C:\Program Files\dwyco2
2022-04-07 08:23 - 2022-04-07 08:23 - 000001705 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Dwyco CDC32.lnk
2022-04-05 23:32 - 2022-04-05 23:32 - 006727656 _____ ( ) C:\Users\ronny\Downloads\crossout_launcher_1.0.3.147 (2).exe
2022-04-05 23:25 - 2022-04-08 16:05 - 000000000 ____D C:\Users\ronny\AppData\Local\Crossout
2022-04-05 23:25 - 2022-04-05 23:25 - 006727656 _____ ( ) C:\Users\ronny\Downloads\crossout_launcher_1.0.3.147 (1).exe
2022-04-05 23:24 - 2022-04-05 23:24 - 006727656 _____ ( ) C:\Users\ronny\Downloads\crossout_launcher_1.0.3.147.exe
2022-04-05 16:56 - 2022-04-05 16:57 - 000000000 ____D C:\AdwCleaner
2022-04-05 16:54 - 2022-04-05 16:55 - 008540344 _____ (Malwarebytes) C:\Users\ronny\Downloads\AdwCleaner.exe
2022-04-05 00:23 - 2022-04-05 00:23 - 001257743 _____ (Dwyco, Inc. ) C:\Users\ronny\Downloads\dwyco297 (5).exe
2022-04-05 00:23 - 2022-04-05 00:23 - 001257743 _____ (Dwyco, Inc. ) C:\Users\ronny\Downloads\dwyco297 (4).exe
2022-04-03 14:32 - 2022-04-09 09:11 - 000000000 ____D C:\FRST
2022-04-03 12:52 - 2022-04-03 12:52 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2022-04-03 12:33 - 2022-04-03 12:33 - 000000000 ____D C:\Users\ronny\Downloads\ProcessExplorer (1)
2022-04-03 12:32 - 2022-04-03 12:32 - 002650810 _____ C:\Users\ronny\Downloads\ProcessExplorer (1).zip
2022-04-02 02:09 - 2022-04-02 02:09 - 013471344 _____ C:\Users\ronny\Downloads\MB-SupportTool.exe
2022-04-01 02:14 - 2022-04-01 02:14 - 000002118 _____ C:\Users\Public\Desktop\WGT Golf.lnk
2022-04-01 02:13 - 2022-04-01 02:13 - 002383872 _____ C:\Users\ronny\Downloads\WGTLauncher (3).msi
2022-03-31 22:55 - 2017-12-21 00:55 - 001435104 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000467120 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000381376 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000231880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000190512 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000096024 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000093456 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000092440 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000092440 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000090880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000088280 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000083592 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 003509160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 001353288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000691640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000392832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000220352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000192944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000116504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000093864 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2022-03-31 22:55 - 2017-12-21 00:43 - 003571504 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:43 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2022-03-31 22:55 - 2017-12-21 00:40 - 003677120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2022-03-31 22:55 - 2017-12-21 00:40 - 003205568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2022-03-31 22:55 - 2017-12-21 00:39 - 072520680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2022-03-31 22:55 - 2017-12-21 00:39 - 006089152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2022-03-31 22:55 - 2017-12-21 00:39 - 002922944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2022-03-31 22:55 - 2017-12-21 00:39 - 000023656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2022-03-31 22:55 - 2017-12-21 00:38 - 000122280 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2022-03-31 22:55 - 2017-12-21 00:01 - 015335659 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2022-03-31 22:35 - 2022-03-31 22:35 - 000000000 ___HD C:\$WinREAgent
2022-03-31 10:27 - 2022-03-31 10:27 - 000000000 ____D C:\Users\ronny\Downloads\wumt
2022-03-31 10:07 - 2022-03-31 10:07 - 008603549 _____ C:\Users\ronny\Downloads\wumt (1).zip
2022-03-31 10:02 - 2022-03-31 10:02 - 008603549 _____ C:\Users\ronny\Downloads\wumt.zip
2022-03-31 09:58 - 2022-03-31 09:58 - 010158832 _____ (Tonec Inc.) C:\Users\ronny\Downloads\Unconfirmed 611218.crdownload
2022-03-31 09:56 - 2022-03-31 09:57 - 067503948 _____ C:\Users\ronny\Downloads\Unconfirmed 528429.crdownload
2022-03-31 09:56 - 2022-03-31 09:56 - 067503948 _____ C:\Users\ronny\Downloads\Unconfirmed 751268.crdownload
2022-03-30 23:24 - 2022-04-08 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-03-29 14:43 - 2022-03-29 14:43 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-03-29 14:42 - 2022-03-29 14:43 - 000000000 ____D C:\Program Files\Malwarebytes
2022-03-29 14:41 - 2022-03-29 14:41 - 202117816 _____ (Malwarebytes) C:\Users\ronny\Downloads\MBSetup-0076911.0076911-4.5.2.157.exe
2022-03-28 18:48 - 2022-03-28 18:49 - 000018140 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2022-03-28 18:48 - 2022-03-28 18:48 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (5).exe
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-03-25 09:21 - 2022-03-25 09:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Opera Software
2022-03-25 09:20 - 2022-03-25 09:20 - 002754824 _____ (Opera Software) C:\Users\ronny\Downloads\OperaSetup.exe
2022-03-25 09:20 - 2022-03-25 09:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Opera Software
2022-03-16 22:08 - 2022-04-07 02:38 - 009031680 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.sql
2022-03-16 22:08 - 2022-04-06 03:50 - 009031680 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.old.sql
2022-03-16 22:08 - 2022-03-16 22:08 - 430067712 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-a6a29945429dd8db4edc.sql
2022-03-13 18:06 - 2022-03-13 18:06 - 000125635 _____ C:\Users\ronny\Downloads\Account e-Statement - January 2022.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-09 09:13 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-09 05:20 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-04-09 04:29 - 2020-07-19 08:00 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-09 04:29 - 2020-07-19 08:00 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-09 04:21 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-04-09 00:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-09 00:09 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-09 00:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-04-08 18:23 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-08 16:15 - 2020-07-01 22:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2022-04-08 16:14 - 2020-06-08 11:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-04-08 16:13 - 2021-01-03 02:02 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-08 16:12 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-04-08 15:57 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-04-08 15:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-04-08 15:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-04-08 15:56 - 2022-03-08 20:16 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
2022-04-08 15:56 - 2022-02-10 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech Camera Settings
2022-04-08 15:56 - 2021-12-28 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2022-04-08 15:56 - 2021-12-28 21:12 - 000000000 ____D C:\ProgramData\Creative
2022-04-08 15:56 - 2021-12-28 21:03 - 000000000 ____D C:\WINDOWS\system32\DAX3
2022-04-08 15:56 - 2021-12-28 21:03 - 000000000 ____D C:\WINDOWS\system32\DAX2
2022-04-08 15:56 - 2021-11-30 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2022-04-08 15:56 - 2021-10-29 04:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS WebStorage Timeline Backup
2022-04-08 15:56 - 2021-10-03 02:37 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LocK-A-FoLdeR
2022-04-08 15:56 - 2021-07-29 18:10 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2022-04-08 15:56 - 2021-06-09 02:08 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net
2022-04-08 15:56 - 2021-01-20 14:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-04-08 15:56 - 2021-01-07 23:23 - 000000000 ____D C:\ProgramData\regid.2018-06.com.bluedesigns
2022-04-08 15:56 - 2021-01-07 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Sherpa
2022-04-08 15:56 - 2020-12-29 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2022-04-08 15:56 - 2020-11-16 01:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Thumbnails
2022-04-08 15:56 - 2020-10-30 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ocenaudio
2022-04-08 15:56 - 2020-09-05 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karaoke Builder Player 5.0
2022-04-08 15:56 - 2020-09-05 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kanto Player
2022-04-08 15:56 - 2020-07-16 22:28 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2022-04-08 15:56 - 2020-07-12 11:01 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk
2022-04-08 15:56 - 2020-07-11 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e2eSoft VCam
2022-04-08 15:56 - 2020-07-09 13:04 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2022-04-08 15:56 - 2020-07-02 19:49 - 000000000 ____D C:\Program Files\UNP
2022-04-08 15:56 - 2020-07-01 22:15 - 000000000 ___RD C:\Users\ronny\OneDrive
2022-04-08 15:56 - 2020-06-08 11:08 - 000000000 ____D C:\Program Files\Intel
2022-04-08 15:56 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2022-04-08 15:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2022-04-08 15:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-04-08 15:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2022-04-08 15:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-04-08 15:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-04-08 15:56 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-04-08 15:56 - 2019-10-23 15:38 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.1
2022-04-08 15:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-04-08 14:05 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-04-08 13:49 - 2020-07-01 22:12 - 000000000 ___RD C:\Users\ronny\3D Objects
2022-04-08 13:49 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-04-08 13:49 - 2019-10-23 14:34 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-04-08 13:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-04-08 13:16 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-04-08 13:15 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-04-08 13:08 - 2019-12-07 04:14 - 000000000 __RSD C:\WINDOWS\Media
2022-04-08 13:02 - 2021-12-28 21:12 - 000000192 ___RH C:\WINDOWS\ctfile.rfc
2022-04-08 13:02 - 2020-07-02 22:57 - 000000000 ____D C:\Program Files\Common Files\logishrd
2022-04-08 13:01 - 2021-06-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-04-08 13:01 - 2020-09-24 04:44 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2022-04-08 12:52 - 2019-12-07 04:18 - 000000000 ____D C:\WINDOWS\Setup
2022-04-08 12:46 - 2019-12-07 04:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-04-08 12:46 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-04-08 12:39 - 2021-02-15 08:29 - 000000000 ____D C:\WINDOWS\system32\Samsung
2022-04-08 12:39 - 2020-07-01 22:06 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2022-04-08 12:37 - 2021-08-06 23:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-04-08 12:37 - 2020-12-18 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2022-04-08 12:36 - 2021-03-09 20:09 - 000000000 ____D C:\Program Files\Realtek
2022-04-08 12:36 - 2020-06-08 14:27 - 000000000 ____D C:\Program Files\Synaptics
2022-04-08 12:35 - 2020-07-01 22:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-04-08 12:27 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-04-08 12:27 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-04-08 01:34 - 2019-10-23 14:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-04-08 01:20 - 2021-09-11 17:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-04-08 01:20 - 2020-09-30 01:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-04-08 01:19 - 2021-05-05 00:41 - 000000000 ____D C:\Users\ronny\Downloads\Vista
2022-04-06 23:26 - 2021-02-26 03:43 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-06 02:24 - 2020-07-01 22:12 - 000000000 ____D C:\Users\ronny\AppData\Local\Google
2022-04-06 02:24 - 2019-10-23 15:40 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-02 13:33 - 2020-11-12 22:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2022-04-01 02:43 - 2020-12-19 14:40 - 000000000 ____D C:\Users\ronny\AppData\Local\ESET
2022-04-01 02:42 - 2020-12-20 17:45 - 000000000 ____D C:\KPRM
2022-04-01 02:15 - 2021-06-20 22:05 - 000000000 ____D C:\Users\ronny\AppData\Local\SimplePatchToolDls
2022-03-31 22:57 - 2021-12-28 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2022-03-31 00:52 - 2020-12-29 10:43 - 000000000 ____D C:\Users\ronny\AppData\Local\vback
2022-03-30 23:25 - 2021-01-16 09:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2022-03-29 14:36 - 2021-01-10 10:13 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-03-29 14:36 - 2021-01-10 10:12 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2022-03-29 14:26 - 2021-08-26 04:35 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Temp
2022-03-28 18:48 - 2020-12-18 21:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2022-03-24 10:41 - 2020-09-16 13:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-23 21:13 - 2020-09-30 01:17 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2022-03-23 21:12 - 2020-09-30 01:17 - 000483664 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-03-19 02:09 - 2021-01-16 09:34 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2022-03-19 02:09 - 2021-01-16 09:34 - 000000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2022-03-11 18:48 - 2020-07-02 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-11 18:44 - 2020-07-02 02:27 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories ========
2020-12-27 15:29 - 2020-12-27 15:29 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
2020-12-27 15:29 - 2020-12-27 15:29 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2020-07-10 05:21 - 2020-07-10 05:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-06-30 21:12 - 2021-06-30 21:12 - 000007597 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by ronny (09-04-2022 09:17:18)
Running from C:\Users\ronny\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) (2022-04-08 18:17:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS WebStorage Timeline Backup (HKLM-x32\...\ASUS WebStorage Timeline Backup) (Version: 1.0.0.23 - ASUS Cloud Corporation)
Bing Wallpaper (HKLM-x32\...\{9FBBDD1D-2CE0-4DC7-B7F8-026F6668DBD3}) (Version: 1.0.9.6 - Microsoft Corporation)
Blue Sherpa (HKLM-x32\...\Blue Sherpa) (Version: 1.4.16 - Blue Microphones)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
CyberLink PowerDirector 365 (HKLM-x32\...\{278A8296-12A6-4CD0-8A8E-6947948477C5}) (Version: 20.0.2106.0 - CyberLink Corp.)
DeskFX Audio Effect Processor (HKLM-x32\...\DeskFX) (Version: 3.14 - NCH Software)
Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 145.4.4921 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
Dwyco Video Conferencing (HKLM-x32\...\Dwyco Video Conferencing_is1) (Version: 2.97 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001100-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.100.1.1 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Java 8 Update 321 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - )
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
Maxthon (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Maxthon) (Version: 6.1.0.2000 - Maxthon Ltd.)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.5.1000 - Maxthon International Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.36 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 7.10 - NCH Software)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Firefox 78.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 78.6.0 ESR (x64 en-US)) (Version: 78.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.0 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 8.00 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8328 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
Samsung DeX (HKLM-x32\...\{2EB6072C-55E0-4AA0-A851-A34A5D64F6C9}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{3d6025db-b129-4813-84ac-91328af71882}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Sound Blaster Audigy Fx (HKLM-x32\...\{77CE1865-F3B9-4B6D-A558-28674AE7787E}) (Version: 1.00.06 - Creative Technology Limited)
Sound Blaster Audigy Fx Extras (HKLM-x32\...\{52272D09-08E0-4A57-BC14-BC09F5D7AE26}) (Version: 1.0 - Creative Technology Limited)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 10.56 - NCH Software)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.75 - NCH Software)
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
War Thunder Launcher 1.0.3.282 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
Wargaming.net Game Center (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Wargaming.net Game Center) (Version: 21.8.2.7331 - Wargaming.net)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 12.23 - NCH Software)
WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
World of Tanks NA (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net)
World_of_Warplanes (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWP.WW.PRODUCTION) (Version: - Wargaming.net)
World_of_Warships (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWS.WW.PRODUCTION) (Version: - Wargaming.net)
Y8 Browser 1.0.10 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)
Packages:
=========
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.2.1.0_x64__0aqw1zw0x2snt [2022-04-08] (韵华软件)
AutoCAD Mobile -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_8.23.0.0_x64__tf1gferkr813w [2022-04-08] (Autodesk Inc.)
City Racing 3D 2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.5.0_x64__3ag0hv5nd203a [2022-04-08] (成都羽珀科技有限责任公司) [MS Ad]
DrawPad Graphic Design Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_8.2.4.0_x86__7kedsbyvzns34 [2022-04-08] (NCH Software)
Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_2.0.1.0_x64__0ah1jqwq7j8nj [2022-04-08] (Ironjaw Studios Private Limited)
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.60.0_x64__xsbsxxypt8dh6 [2022-04-08] (eyacker.com)
Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.13.0_x64__q68sgvev02mx6 [2022-04-08] (Swisspix) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-04-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-04-08] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-04-08] (Microsoft Studios) [MS Ad]
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2022-04-08] (Keith Lam)
Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_3.0.9.0_neutral__gvheqymwk6zrr [2022-04-09] (Zero Byte) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-04-08] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-08] (Microsoft Corporation)
Speech to Text -> C:\Program Files\WindowsApps\49600POONFAMILY.SpeechtoText_1.1.0.2_x86__cjkmrjc535bpe [2022-04-08] (POONFAMILY) [MS Ad]
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.3.0_x64__1722q061jff9j [2022-04-08] (Best Game Studio) [MS Ad]
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2022-04-08] (LSongBee) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\ronny\AppData\Local\Maxthon\Application\6.1.0.2000\notification_helper.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\ronny\Dropbox [2021-01-21 15:24]
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{e4211cc1-dab9-49db-af72-8e71f657e3c5}\localserver32 -> C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe (NCH Software, Inc. -> NCH Software)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-29] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2011-09-16 05:04 - 2011-09-16 05:04 - 000238080 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\CTLoadRs.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2022-03-29 14:21 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2021-01-12 09:13 - 2021-01-12 09:13 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20220409.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VRS"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "ASUS WebStorage Timeline Backup"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Samsung DeX"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CTRegRun"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{D23D5FBF-6D51-4D2B-A189-AEC57F83DB59}C:\users\ronny\appdata\local\crossout\launcher.exe] => (Allow) C:\users\ronny\appdata\local\crossout\launcher.exe => No File
FirewallRules: [TCP Query User{A2EF3C15-B27E-46A3-9AF5-9BFBADA7C7A1}C:\users\ronny\appdata\local\crossout\launcher.exe] => (Allow) C:\users\ronny\appdata\local\crossout\launcher.exe => No File
==================== Restore Points =========================
08-04-2022 15:54:42 Removed HP Support Assistant.
09-04-2022 05:18:52 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/08/2022 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Dads.local already in use; will try Dads-2.local instead
Error: (04/08/2022 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Dads.local. Addr 192.168.1.190
Error: (04/08/2022 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.190:5353 16 Dads.local. AAAA 2600:0380:B361:F4D2:0000:0000:0000:0F3A
Error: (04/08/2022 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA FE80:0000:0000:0000:9458:45DC:0AD0:7BE7
Error: (04/08/2022 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.190:5353 16 Dads.local. AAAA 2600:0380:B361:F4D2:0000:0000:0000:0F3A
Error: (04/08/2022 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA FD30:8FE1:63B4:0000:7DE4:1EFA:3463:FE6C
Error: (04/08/2022 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.190:5353 16 Dads.local. AAAA 2600:0380:B361:F4D2:0000:0000:0000:0F3A
Error: (04/08/2022 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Dads.local. AAAA 2600:0380:B361:F4D2:7DE4:1EFA:3463:FE6C
System errors:
=============
Error: (04/08/2022 04:11:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (04/08/2022 04:11:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (04/08/2022 04:11:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
Error: (04/08/2022 04:11:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Logitech Video Camera Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (04/08/2022 04:11:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VRS Recording System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (04/08/2022 04:11:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Paltalk Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/08/2022 04:11:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (04/08/2022 04:11:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAMSUNG Mobile Connectivity Service V2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
==================== Memory info ===========================
BIOS: Hewlett-Packard L01 v02.65 07/13/2015
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 62%
Total physical RAM: 8082.33 MB
Available physical RAM: 3037.52 MB
Total Virtual: 9362.33 MB
Available Virtual: 3657.93 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:688.74 GB) NTFS
Drive d: (SB_INSTALL) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
\\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ () (Fixed) (Total:0.73 GB) (Free:0.27 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=749 MB) - (Type=27)
==================== End of Addition.txt =======================

 

[DR M]

OK, since you are in a rush to install new things (e.g. Dwyco), let's finish it.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

 

[rb56]

ok dr. i guess this wraps me up here. i can't thank you enough for the help. this pc seems to be running normal, or better now. thanks again!

# Run at 4/10/2022 12:36:55 PM
# KpRm (Kernel-panik) version 2.9.3
# Website https://kernel-panik.me/tool/kprm/
# Run by ronny from C:\Users\ronny\Downloads
# Computer Name: DADS
# OS: Windows 10 X64 (19044)
# Number of passes: 5

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\ronny\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2022-04-10-12-36-55

- Delete Tools -


## AdwCleaner
[OK] C:\Users\ronny\OneDrive\Desktop\AdwCleaner.exe deleted
[OK] C:\Users\ronny\Downloads\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\Users\ronny\OneDrive\Desktop\Addition.txt deleted
[OK] C:\Users\ronny\OneDrive\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\ronny\OneDrive\Desktop\FRST.txt deleted
[OK] C:\Users\ronny\OneDrive\Desktop\FRSTEnglish.exe deleted
[OK] C:\FRST deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Windows Modules Installer created at 04/09/2022 10:18:52 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 04/10/2022 17:37:47

-- KPRM finished in 93.97s --

 

[DR M]

i can't thank you enough for the help. this pc seems to be running normal, or better now. thanks again!

You are very welcome, rb!

And now it's the time I like the most! The final "speech".

Your computer is clean, and here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

• Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
• Peer-to-peer (P2P) programs like μTorrent, Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
• Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows 10 antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.

I'm glad I was able to help you.