just recently while watching vids i experienced slow loading to timing out. then while on facebook i was watching videos and it flashed real bright and the browser window went dead. nothing worked or responded to the mouse. it finally shut down and closed. since that happened i find some websites won't open but time out or just keep spinning. can anyone help please?
[SOLVED] hello, new here and pc has trouble, but not sure what kind...
- Thread starter rb56
- Start date
- Status
FreeBooter
Member
Is this happens with other web browsers?
Have you installed the latest version of graphic and network cards drivers?
Have you scanned your computer for malware infection?
Have you installed the latest version of graphic and network cards drivers?
Have you scanned your computer for malware infection?
hello freebooter and thanks. i've tried to stick with one browser lately and have mostly been using edge. i've used chrome some but it seemed to be far slower. i guess i need to download the new drivers for those, i haven't in a long time if ever. my pc was just scanned by eset at the recommendation of one at safernetworking. she told me i should come see if i could get help here as that was out of her field. the eset returned 7 items i think in quarantine.
britechguy
Well-known member
Well, it's fine to stick with a primary browser, but you are always going to want to have other browser options:
1. For diagnostic purposes.
2. Because there are occasions where certain websites "play well" with one browser and not another.
You need to look at the class(es) of the items Eset quarantined. If they were POPs, then there's little to worry about. If they were viruses or similarly serious malware then you would be well advised to have a look at these articles by Quietman7, a security expert who is an active contributor on Bleeping Computer, has written extensively on what you (any you) need to do to develop safe interaction habits with cyberspace. The following four are, in my opinion, must-reads:
Also consider running an offline scan with Windows Defender: Help protect my PC with Microsoft Defender Offline
1. For diagnostic purposes.
2. Because there are occasions where certain websites "play well" with one browser and not another.
You need to look at the class(es) of the items Eset quarantined. If they were POPs, then there's little to worry about. If they were viruses or similarly serious malware then you would be well advised to have a look at these articles by Quietman7, a security expert who is an active contributor on Bleeping Computer, has written extensively on what you (any you) need to do to develop safe interaction habits with cyberspace. The following four are, in my opinion, must-reads:
- Users Themselves Are The Most Substantial Weakness In The Security Chain (just that single message)
- What you must understand regarding computer security (also just this single message)
- Best Practices for Safe Computing
- Reflections on Antivirus/Antimalware Testing & Comparisons
Also consider running an offline scan with Windows Defender: Help protect my PC with Microsoft Defender Offline
thanks and i'm reading those links now. here is the eset report. i use the upgraded ver. of malwarebytes on my pc. i forgot i did try to use opera but didn't care for it. also when i search for yahoo to check emails i get search results and when i select login or yahoo mail it says can't connect. the site isn't down as i looked on my phone. is there a problem there possibly related to what is going on here?
3/29/2022 20:56:16 PM
Files scanned: 578832
Detected files: 7
Cleaned files: 7
Total scan time 03:42:07
Scan status: Finished
C:\FRST\Quarantine\C\Users\ronny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk.xBAD LNK/MetaOpera.A potentially unwanted application cleaned by deleting
C:\Users\ronny\Downloads\Dwyco VideoChat Community_2.10(1).exe a variant of MSIL/Adaware.A potentially unwanted application,a variant of MSIL/Adaware.H potentially unwanted application cleaned by deleting
C:\Users\ronny\Downloads\Dwyco VideoChat Community_2.10.exe a variant of MSIL/Adaware.A potentially unwanted application,a variant of MSIL/Adaware.H potentially unwanted application cleaned by deleting
C:\Users\ronny\Downloads\freemake-video-converter-4-1-11.exe a variant of Win32/Freemake.C potentially unwanted application cleaned by deleting
C:\Users\ronny\Downloads\PDF_Suite_2020_Installer.exe a variant of Win32/LuluSoftware.K potentially unwanted application cleaned by deleting
C:\Users\ronny\Downloads\protected-folder-setup.exe a variant of Win32/IObit.AD potentially unwanted application cleaned by deleting
C:\Users\ronny\OneDrive\Desktop\facebook.lnk LNK/MetaOpera.A potentially unwanted application cleaned by deleting
britechguy
Well-known member
@rb56: That's the first time I've seen the phrase "potentially unwanted application" as opposed to "potentially unwanted program," but the terms are analogous.
These are not major worries.
Whenever inexplicable issues present themselves “out of the blue” and with seemingly no reason, these are the two things I try first, in order:
1. Using DISM (Deployment Imaging Servicing and Management) and SFC (System File Checker) to Repair Windows 8.1, 10 & 11
2. Performing a Windows 10 or 11 Repair Install or Feature Update Using the Windows ISO file
If #1 fixes the issue, #2 is unnecessary.
These are not major worries.
Whenever inexplicable issues present themselves “out of the blue” and with seemingly no reason, these are the two things I try first, in order:
1. Using DISM (Deployment Imaging Servicing and Management) and SFC (System File Checker) to Repair Windows 8.1, 10 & 11
2. Performing a Windows 10 or 11 Repair Install or Feature Update Using the Windows ISO file
If #1 fixes the issue, #2 is unnecessary.
ok britechguy i ran the sfc first and then checked and don't seem to have problems with vids now. before this started yahoo.com and mail ran fine. however since this all started just a few days ago yahoo can not be reached on my pc. i've tried every browser, tried making it my homepage and nothing. my android uses an app and goes to it fine. any idea here?
i'm sorry freebooter i thought i did answer them. yes it does with others, yes i did do the updates and yes i was scanned by eset online scanner. i downloaded and installed edge from the link you gave and then used it to google yahoo and got the same reply.
Attachments
FreeBooter
Member
Configure your network settings to use the IP addresses 8.8.8.8 and 8.8.4.4 as your DNS servers.
Get Started | Public DNS | Google Developers
Get Started | Public DNS | Google Developers
- Feb 12, 2015
- 1,887
Hello.
A couple of questions from me in the effort to identify the problem:
1. What version of Windows 10 do you have? Type Winver in the Search area, press Enter and see what the screenshot say.
2. What is your antivirus?
A couple of questions from me in the effort to identify the problem:
1. What version of Windows 10 do you have? Type Winver in the Search area, press Enter and see what the screenshot say.
2. What is your antivirus?
Last edited:
FreeBooter
Member
Use the Windows Update to upgrade Windows 10 version 21H2.
Open the Command Prompt with administrative privileges and execute below command restart your computer.
Open the Command Prompt with administrative privileges and execute below command restart your computer.
Code:
netsh winsock reset- Feb 12, 2015
- 1,887
Hi, rb56.
We could use the FRST tool to make an overall diagnosis of your computer, exclude possible causes and hopefully see what is happening. If you would like to do so,
Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
We could use the FRST tool to make an overall diagnosis of your computer, exclude possible causes and hopefully see what is happening. If you would like to do so,
Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
- Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please attach the content of these two logs in your next reply.
ok dr. here's frst...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (03-04-2022 14:32:50)
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Platform: Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe ->) (Logitech Inc -> Logitech Europe S.A.) C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\UpdateBrowserForApp.exe
(C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\UpdateBrowserForApp.exe ->) (Microsoft Corporation -> ) C:\Users\ronny\AppData\Local\Temp\IXP000.TMP\UpdateBrowserForApp.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <35>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Baltic Latvian Universal Electronics LLC -> ) C:\Program Files\Blue Sherpa\sherpa_service.exe
(services.exe ->) (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe <15>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9240512 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492928 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [VRS] => C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [10585376 2022-03-27] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [ASUS WebStorage Timeline Backup] => C:\Program Files (x86)\ASUS WebStorage Timeline Backup\ASUS WebStorage Timeline Backup\1.0.0.23\ASUSWebStorageTimelineBackup_.exe [3310592 2021-09-29] (ASUS Cloud Corporation) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Sound Blaster Audigy Fx Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe [861184 2013-11-08] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2619296 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148288 2021-12-10] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\ronny\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Samsung DeX] => C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe [10484392 2021-07-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CTRegRun] => C:\WINDOWS\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd) [File not signed]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [BingWallpaperApp] => C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13877136 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\MountPoints2: {cd31f76c-a9b5-11ea-aae4-806e6f6e6963} - "D:\Audio\setup.exe"
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [31193688 2021-08-16] (PALTALK, INC. -> AVM Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.60\Installer\chrmstp.exe [2022-03-31] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r (No File)
Task: {303C9A58-6062-4CFD-A488-8D482E1F6FAA} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200344 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {36EE3A7E-07D4-4A76-BCE5-42FDCFECFFA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
Task: {561E6F49-EC06-4A67-AF3C-7321394EE673} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r /m (No File)
Task: {736797C2-5509-47BC-A6F8-4CBC4779D4CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)
Task: {9805F2E9-A583-4063-86FF-0C47CE56A48C} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {9EC3A1CD-9913-4FB7-AA5D-3940F7FD5B45} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200344 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe /show (No File)
Task: {C53BB61C-4C18-407E-9900-9BA987531E05} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (No File)
Task: {E85E19FD-0C98-4D06-8129-FC4964EDB436} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u (No File)
Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (No File)
Task: {F282F2B9-0D6C-40A0-80C3-D3FC013B9F6E} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [97960 2021-09-06] (CyberLink Corp. -> CyberLink Corp.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22c5832e-a5cc-4454-ad43-7e2ec265982e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1
Edge:
=======
DownloadDir: C:\Users\ronny\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-03]
Edge DownloadDir: Default -> C:\Users\ronny\Downloads
Edge Notifications: Default -> hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://https//:yahoo.com
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-03-09]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 6nm8fvx2.default-1611594858898
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 [2022-03-30]
FF Homepage: Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 -> hxxps://www.bing.com/?pc=W091
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\ntamu3y2.default-1618974619849 [2022-03-30]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2022-03-30]
CHR Notifications: Default -> hxxps://gayneedsex.com; hxxps://geek.wish.com; hxxps://mrgay.com; hxxps://www.aliexpress.com; hxxps://www.bestofarkansassports.com; hxxps://www.crosswalk.com; hxxps://www.facebook.com; hxxps://www.paramountplus.com; hxxps://www.reddit.com; hxxps://www.westernjournal.com; hxxps://www.youtube.com
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16]
CHR Extension: (Easy Online Image/Photo Editor) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\akcgjjdppiajicgmjkggechdkolcpfkm [2021-12-27]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-03-24]
CHR Extension: (Image Manager) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcknobmagahblapmkjepaflnakhagle [2021-12-27]
CHR Extension: (Microsoft Rewards) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2022-03-11]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-16]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-03-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-20]
CHR Extension: (BeFunky Extension) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffeadjabcnpcjlpbdbhoglnfbmbfkoo [2022-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16]
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-29]
CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddojnmkongaimkdddgmcccldlfhokcfb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable [2022-04-02]
OPR Notifications: Opera Stable -> hxxps://wp.aliexpress.com; hxxps://www.xvideos.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-25]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-03-25]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106944 2017-06-29] (Andrea Electronics -> Andrea Electronics Corporation)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2022-03-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-07-15] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncHelper.exe [3382176 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-03-29] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.045.0227.0004\OneDriveUpdaterService.exe [3861400 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-14] (PALTALK, INC. -> AVM Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [626344 2021-09-06] (CyberLink Corp. -> CyberLink)
R2 sherpa_service; C:\Program Files\Blue Sherpa\sherpa_service.exe [348080 2020-08-01] (Baltic Latvian Universal Electronics LLC -> )
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFXfilt; C:\WINDOWS\system32\drivers\AFXfilt.sys [33792 2017-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [53616 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 EvoMouseDriverMini; C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [25952 2018-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Evoluent)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-03-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-03-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-04-01] (Malwarebytes Inc -> Malwarebytes)
R3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-03-12] (NCH Software Pty Ltd -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-03 14:32 - 2022-04-03 14:33 - 000000000 ____D C:\FRST
2022-04-03 14:15 - 2022-04-03 14:15 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\IGDump
2022-04-03 12:52 - 2022-04-03 12:52 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2022-04-03 12:33 - 2022-04-03 12:33 - 000000000 ____D C:\Users\ronny\Downloads\ProcessExplorer (1)
2022-04-03 12:32 - 2022-04-03 12:32 - 002650810 _____ C:\Users\ronny\Downloads\ProcessExplorer (1).zip
2022-04-02 02:09 - 2022-04-02 02:09 - 013471344 _____ C:\Users\ronny\Downloads\MB-SupportTool.exe
2022-04-02 01:56 - 2022-04-03 03:41 - 000000000 ____D C:\WINDOWS\LastGood
2022-04-01 02:47 - 2022-04-01 02:47 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-04-01 02:47 - 2022-04-01 02:47 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-04-01 02:47 - 2022-04-01 02:47 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-04-01 02:14 - 2022-04-01 02:14 - 000002118 _____ C:\Users\Public\Desktop\WGT Golf.lnk
2022-04-01 02:13 - 2022-04-01 02:13 - 002383872 _____ C:\Users\ronny\Downloads\WGTLauncher (3).msi
2022-03-31 22:57 - 2022-03-31 22:57 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2022-03-31 22:55 - 2017-12-21 00:55 - 001435104 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000467120 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000381376 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000231880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000190512 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000096024 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000093456 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000092440 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000092440 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000090880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000088280 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000083592 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 001353288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000691640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000392832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000220352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000116504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000093864 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2022-03-31 22:55 - 2017-12-21 00:43 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2022-03-31 22:55 - 2017-12-21 00:40 - 003677120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2022-03-31 22:55 - 2017-12-21 00:40 - 003205568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2022-03-31 22:55 - 2017-12-21 00:39 - 072520680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2022-03-31 22:55 - 2017-12-21 00:39 - 002922944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2022-03-31 22:55 - 2017-12-21 00:38 - 000122280 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2022-03-31 22:55 - 2017-12-21 00:01 - 015335659 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2022-03-31 22:35 - 2022-03-31 22:35 - 000000000 ___HD C:\$WinREAgent
2022-03-31 10:27 - 2022-03-31 10:27 - 000000000 ____D C:\Users\ronny\Downloads\wumt
2022-03-31 10:07 - 2022-03-31 10:07 - 008603549 _____ C:\Users\ronny\Downloads\wumt (1).zip
2022-03-31 10:02 - 2022-03-31 10:02 - 008603549 _____ C:\Users\ronny\Downloads\wumt.zip
2022-03-31 09:58 - 2022-03-31 09:58 - 010158832 _____ (Tonec Inc.) C:\Users\ronny\Downloads\Unconfirmed 611218.crdownload
2022-03-31 09:56 - 2022-03-31 09:57 - 067503948 _____ C:\Users\ronny\Downloads\Unconfirmed 528429.crdownload
2022-03-31 09:56 - 2022-03-31 09:56 - 067503948 _____ C:\Users\ronny\Downloads\Unconfirmed 751268.crdownload
2022-03-30 23:24 - 2022-03-30 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-03-29 17:08 - 2022-03-31 10:39 - 000001385 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-03-29 14:42 - 2022-03-29 14:43 - 000000000 ____D C:\Program Files\Malwarebytes
2022-03-29 14:41 - 2022-03-29 14:41 - 202117816 _____ (Malwarebytes) C:\Users\ronny\Downloads\MBSetup-0076911.0076911-4.5.2.157.exe
2022-03-28 18:48 - 2022-03-28 18:49 - 000018140 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2022-03-28 18:48 - 2022-03-28 18:48 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (5).exe
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-03-25 09:21 - 2022-03-25 09:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Opera Software
2022-03-25 09:20 - 2022-03-25 09:20 - 002754824 _____ (Opera Software) C:\Users\ronny\Downloads\OperaSetup.exe
2022-03-25 09:20 - 2022-03-25 09:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Opera Software
2022-03-16 22:08 - 2022-03-31 02:42 - 009031680 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.sql
2022-03-16 22:08 - 2022-03-30 02:39 - 009031680 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.old.sql
2022-03-16 22:08 - 2022-03-16 22:08 - 430067712 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-a6a29945429dd8db4edc.sql
2022-03-16 21:54 - 2022-03-16 21:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2022-03-16 21:51 - 2022-03-16 21:51 - 000000000 ____D C:\Users\ronny\AppData\Local\Adaware
2022-03-13 18:06 - 2022-03-13 18:06 - 000125635 _____ C:\Users\ronny\Downloads\Account e-Statement - January 2022.pdf
2022-03-11 19:23 - 2022-03-11 19:23 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-11 19:22 - 2022-03-11 19:22 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-11 19:21 - 2022-03-11 19:21 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-11 19:21 - 2022-03-11 19:21 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-03-11 19:21 - 2022-03-11 19:21 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-03-08 20:16 - 2022-03-08 20:16 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-03 14:15 - 2021-10-09 06:02 - 000000000 ____D C:\Program Files (x86)\Freemake
2022-04-03 14:10 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-03 14:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-04-03 13:37 - 2019-10-23 15:40 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-03 10:11 - 2021-01-03 02:20 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
2022-04-03 03:44 - 2021-01-03 02:17 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-03 03:44 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-03 03:41 - 2020-09-24 04:44 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2022-04-03 03:41 - 2020-06-08 11:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-04-02 23:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-02 21:24 - 2021-01-03 02:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-02 13:33 - 2020-11-12 22:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2022-04-02 01:58 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-01 18:05 - 2020-07-19 08:00 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-01 18:05 - 2020-07-19 08:00 - 000002355 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-01 02:49 - 2019-10-23 15:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-01 02:49 - 2019-10-23 15:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-01 02:46 - 2021-01-03 02:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-01 02:46 - 2021-01-03 02:02 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-01 02:45 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-04-01 02:43 - 2020-12-19 14:40 - 000000000 ____D C:\Users\ronny\AppData\Local\ESET
2022-04-01 02:42 - 2020-12-20 17:45 - 000000000 ____D C:\KPRM
2022-04-01 02:15 - 2021-06-20 22:05 - 000000000 ____D C:\Users\ronny\AppData\Local\SimplePatchToolDls
2022-03-31 22:57 - 2021-12-28 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2022-03-31 22:56 - 2021-06-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-03-31 22:55 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-31 10:32 - 2020-07-01 22:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2022-03-31 00:52 - 2020-12-29 10:43 - 000000000 ____D C:\Users\ronny\AppData\Local\vback
2022-03-30 23:25 - 2021-01-16 09:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2022-03-29 14:43 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-29 14:36 - 2021-01-10 10:13 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-03-29 14:36 - 2021-01-10 10:12 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2022-03-29 14:27 - 2021-09-11 17:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-03-29 14:26 - 2021-08-26 04:35 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Temp
2022-03-28 18:48 - 2020-12-18 21:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2022-03-25 20:41 - 2021-12-12 15:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001
2022-03-25 20:41 - 2021-02-26 03:43 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-03-25 20:41 - 2021-02-26 03:43 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-24 10:41 - 2020-09-16 13:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-24 00:08 - 2021-01-03 02:08 - 000000000 ____D C:\Users\ronny
2022-03-20 20:48 - 2021-01-03 02:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2022-03-19 02:09 - 2021-01-16 09:34 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2022-03-19 02:09 - 2021-01-16 09:34 - 000000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2022-03-19 02:09 - 2021-01-03 02:03 - 000444392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-19 02:06 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-15 07:40 - 2019-10-23 14:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 19:36 - 2020-09-30 01:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-11 19:20 - 2021-01-03 02:06 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-03-11 18:48 - 2020-07-02 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-11 18:44 - 2020-07-02 02:27 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-10 22:17 - 2021-01-16 09:34 - 000003874 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2022-03-10 22:17 - 2021-01-16 09:34 - 000003642 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2022-03-10 04:59 - 2020-07-02 19:49 - 000000000 ____D C:\Program Files\UNP
2022-03-10 02:22 - 2021-01-19 18:57 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e19fdc9c5413
2022-03-10 02:22 - 2021-01-03 02:20 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== Files in the root of some directories ========
2020-12-27 15:29 - 2020-12-27 15:29 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
2020-12-27 15:29 - 2020-12-27 15:29 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2020-07-10 05:21 - 2020-07-10 05:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-06-30 21:12 - 2021-06-30 21:12 - 000007597 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022
Ran by ronny (03-04-2022 14:34:47)
Running from C:\Users\ronny\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) (2021-01-03 07:21:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS WebStorage Timeline Backup (HKLM-x32\...\ASUS WebStorage Timeline Backup) (Version: 1.0.0.23 - ASUS Cloud Corporation)
Bing Wallpaper (HKLM-x32\...\{9FBBDD1D-2CE0-4DC7-B7F8-026F6668DBD3}) (Version: 1.0.9.6 - Microsoft Corporation)
Blue Sherpa (HKLM-x32\...\Blue Sherpa) (Version: 1.4.16 - Blue Microphones)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
CyberLink PowerDirector 365 (HKLM-x32\...\{278A8296-12A6-4CD0-8A8E-6947948477C5}) (Version: 20.0.2106.0 - CyberLink Corp.)
DeskFX Audio Effect Processor (HKLM-x32\...\DeskFX) (Version: 3.14 - NCH Software)
Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 145.4.4921 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
Dwyco CDC-X version 2.31 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.31 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.60 - Google LLC)
HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D0873D1A-C420-483C-A2B7-08AACD6CAC00}) (Version: 12.18.34.21 - HP Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001100-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.100.1.1 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Java 8 Update 321 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - )
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
Maxthon (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Maxthon) (Version: 6.1.0.2000 - Maxthon Ltd.)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.5.1000 - Maxthon International Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.045.0227.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 7.10 - NCH Software)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Firefox 78.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 78.6.0 ESR (x64 en-US)) (Version: 78.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.0 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 8.00 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8328 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
Samsung DeX (HKLM-x32\...\{2EB6072C-55E0-4AA0-A851-A34A5D64F6C9}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{3d6025db-b129-4813-84ac-91328af71882}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Sound Blaster Audigy Fx (HKLM-x32\...\{77CE1865-F3B9-4B6D-A558-28674AE7787E}) (Version: 1.00.06 - Creative Technology Limited)
Sound Blaster Audigy Fx Extras (HKLM-x32\...\{52272D09-08E0-4A57-BC14-BC09F5D7AE26}) (Version: 1.0 - Creative Technology Limited)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 10.56 - NCH Software)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.75 - NCH Software)
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
War Thunder Launcher 1.0.3.282 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
Wargaming.net Game Center (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Wargaming.net Game Center) (Version: 21.8.2.7331 - Wargaming.net)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 12.23 - NCH Software)
WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
World of Tanks NA (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net)
World_of_Warplanes (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWP.WW.PRODUCTION) (Version: - Wargaming.net)
World_of_Warships (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWS.WW.PRODUCTION) (Version: - Wargaming.net)
Y8 Browser 1.0.10 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)
Packages:
=========
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.2.1.0_x64__0aqw1zw0x2snt [2021-10-14] (韵华软件)
AutoCAD Mobile -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_8.23.0.0_x64__tf1gferkr813w [2022-03-31] (Autodesk Inc.)
City Racing 3D 2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.5.0_x64__3ag0hv5nd203a [2021-10-14] (成都羽珀科技有限责任公司) [MS Ad]
DrawPad Graphic Design Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_8.1.8.0_x86__7kedsbyvzns34 [2022-03-25] (NCH Software)
Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_2.0.1.0_x64__0ah1jqwq7j8nj [2021-10-14] (Ironjaw Studios Private Limited)
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.60.0_x64__xsbsxxypt8dh6 [2021-12-22] (eyacker.com)
Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.13.0_x64__q68sgvev02mx6 [2021-10-14] (Swisspix) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-25] (Microsoft Studios) [MS Ad]
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2021-10-14] (Keith Lam)
Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_3.0.9.0_neutral__gvheqymwk6zrr [2021-12-10] (Zero Byte) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation)
Speech to Text -> C:\Program Files\WindowsApps\49600POONFAMILY.SpeechtoText_1.1.0.2_x86__cjkmrjc535bpe [2021-10-14] (POONFAMILY) [MS Ad]
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.3.0_x64__1722q061jff9j [2021-10-14] (Best Game Studio) [MS Ad]
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2021-10-14] (LSongBee) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\ronny\AppData\Local\Maxthon\Application\6.1.0.2000\notification_helper.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\ronny\Dropbox [2021-01-21 15:24]
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{e4211cc1-dab9-49db-af72-8e71f657e3c5}\localserver32 -> C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe (NCH Software, Inc. -> NCH Software)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-29] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2011-09-16 05:04 - 2011-09-16 05:04 - 000238080 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\CTLoadRs.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2022-03-29 14:21 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2021-01-12 09:13 - 2021-01-12 09:13 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20220403.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VRS"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "ASUS WebStorage Timeline Backup"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Samsung DeX"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CTRegRun"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{982257A6-2960-4CC5-B218-9C82D0FDF538}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{D878296B-3054-4CB8-AE02-04EDC6D71925}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{AF67BDB6-1C1C-491B-9674-FFF1A21D5947}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{DCD0CA11-52AF-44CB-B55B-190AFA8312BE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{A44ADCAB-F36B-4CE4-8019-BA7CD41B8738}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{67605349-E1B0-4A34-999E-4F40E09F08B8}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{B3A4C66C-2FF9-4A17-8A8C-90D574B68004}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{055DE081-7DF1-49FB-A657-4FE2FC430CC4}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{ED58E4D4-63E1-482D-8836-F4DDA5215099}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{4942BF96-9725-4E37-A256-5B0B2ECB4079}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{80726437-D855-42F0-9567-D7FCAC8B66D1}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{63A43B1B-D2A0-405E-8244-3D4F50143137}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{54A1549B-1042-48EC-9BD7-3F1186C1110B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{C0AC34D7-37A5-4B19-9296-58D831CEF53A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CE00FE93-FB6F-4FC8-AAD5-E7581803509A}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{BF3AA785-855A-47BD-8A71-572E874F8095}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [TCP Query User{D186F964-CDBE-4556-A7C3-B323D0D4992D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{E92F51C9-4EF6-4FE2-839D-04033893C61D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [TCP Query User{A2C21B27-525C-47F0-80B2-CAD32FAB60B9}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{83AFC75C-B451-4DA8-9473-83E62094B9FD}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [TCP Query User{8D4B2E09-73A4-49D9-84E2-B32DCB73C74F}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{E55F3C4C-A35C-41A9-AC27-50B0BFAD8878}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{9FD57219-DABB-401D-8946-6882C2804BE3}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{AF1C38B7-66CA-4ECF-9E43-2D9E7C1FB5D7}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{B46037EE-E896-4026-8074-186B1A433CF6}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{3C1E87DC-457B-4854-9389-A71ED3992371}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{15D87C4B-FF2D-4BAF-886B-E2B8BC79C647}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{6D5EEC59-D930-451E-A844-0217285E138C}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [TCP Query User{1A807194-50F0-4706-8F00-FD34AA32563E}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{3B23A8A4-906C-4F27-AB16-BEDC3CBB4298}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{30356CD6-449A-4F6C-A754-44357A926440}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{25FF29BF-942C-4149-9672-CE70C5C1859F}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{D48AB89F-548C-4749-8D94-D023200E2ADC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F710309B-F801-46AF-B5F8-0383D424A267}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0409FED-A462-4D77-9C6C-B3A987B6710A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8307A542-5E1F-4DF9-952B-9ECDECB9151D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{71F0ADF0-11DC-4F0D-9619-C5EC060B502A}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{6EC61F7D-56EA-498C-A24F-1202603C591F}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [{AD55A4C9-25B6-4095-B472-3D0524D511B5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{4FF24595-B7E6-4136-B045-0081F7D8FAC0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{DB0B87DF-6185-4AD0-97C0-16561ADFE967}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{75FB5C39-D3FA-4BCD-9E8A-2AFEAB2C0049}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: JieLi BR21
Description: USB Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Generic USB Audio)
Service: usbaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/03/2022 04:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9985
Error: (04/03/2022 04:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9985
Error: (04/03/2022 04:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/03/2022 04:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8000
Error: (04/03/2022 04:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8000
Error: (04/03/2022 04:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/03/2022 04:08:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6016
Error: (04/03/2022 04:08:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6016
System errors:
=============
Error: (04/03/2022 02:09:18 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (04/03/2022 12:27:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VRS Recording System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (04/01/2022 02:48:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (04/01/2022 02:46:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The cphs service terminated with the following error:
%%2147942659 = No more data is available.
Error: (04/01/2022 02:45:07 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.
Error: (03/31/2022 10:29:24 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (03/31/2022 10:18:31 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (03/31/2022 12:54:34 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Windows Defender:
================
Date: 2022-03-31 23:40:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-16 21:55:03
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...32/Pearfoos.A!ml&threatid=256595&enterprise=0
Name: PUA:Win32/Pearfoos.A!ml
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe; process:_pid:12584,ProcessStart:132919591082836513
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.114.0, AS: 1.361.114.0, NIS: 1.361.114.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-16 21:53:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...32/Pearfoos.A!ml&threatid=256595&enterprise=0
Name: PUA:Win32/Pearfoos.A!ml
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.114.0, AS: 1.361.114.0, NIS: 1.361.114.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-16 21:52:03
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...32/Pearfoos.A!ml&threatid=256595&enterprise=0
Name: PUA:Win32/Pearfoos.A!ml
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.361.114.0, AS: 1.361.114.0, NIS: 1.361.114.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
CodeIntegrity:
===============
Date: 2022-01-26 22:43:45
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ronny\Downloads\BT-22.100.1-32-64UWD-Win10-Win11.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-10-14 04:28:20
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdrom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-10-14 04:28:18
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cimfs.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-10-03 02:35:45
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Hewlett-Packard L01 v02.65 07/13/2015
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 65%
Total physical RAM: 8082.33 MB
Available physical RAM: 2757.07 MB
Total Virtual: 9770.32 MB
Available Virtual: 2908.68 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:714.43 GB) NTFS
Drive d: (SB_INSTALL) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
\\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ () (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=749 MB) - (Type=27)
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2022
Ran by ronny (administrator) on DADS (Hewlett-Packard HP EliteDesk 800 G1 SFF) (03-04-2022 14:32:50)
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Platform: Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe ->) (Logitech Inc -> Logitech Europe S.A.) C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\UpdateBrowserForApp.exe
(C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\UpdateBrowserForApp.exe ->) (Microsoft Corporation -> ) C:\Users\ronny\AppData\Local\Temp\IXP000.TMP\UpdateBrowserForApp.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <35>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Baltic Latvian Universal Electronics LLC -> ) C:\Program Files\Blue Sherpa\sherpa_service.exe
(services.exe ->) (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\VRS\vrs.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20858.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe <15>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9240512 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492928 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [VRS] => C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [10585376 2022-03-27] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [ASUS WebStorage Timeline Backup] => C:\Program Files (x86)\ASUS WebStorage Timeline Backup\ASUS WebStorage Timeline Backup\1.0.0.23\ASUSWebStorageTimelineBackup_.exe [3310592 2021-09-29] (ASUS Cloud Corporation) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Sound Blaster Audigy Fx Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe [861184 2013-11-08] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2619296 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148288 2021-12-10] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\ronny\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [Samsung DeX] => C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe [10484392 2021-07-01] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [CTRegRun] => C:\WINDOWS\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd) [File not signed]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Run: [BingWallpaperApp] => C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [13877136 2022-02-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\MountPoints2: {cd31f76c-a9b5-11ea-aae4-806e6f6e6963} - "D:\Audio\setup.exe"
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [31193688 2021-08-16] (PALTALK, INC. -> AVM Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.60\Installer\chrmstp.exe [2022-03-31] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r (No File)
Task: {303C9A58-6062-4CFD-A488-8D482E1F6FAA} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200344 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {36EE3A7E-07D4-4A76-BCE5-42FDCFECFFA4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
Task: {561E6F49-EC06-4A67-AF3C-7321394EE673} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
Task: {626D0279-7154-47A3-BDD9-19ABE890F470} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r /m (No File)
Task: {736797C2-5509-47BC-A6F8-4CBC4779D4CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {8663AC4B-AB4E-42A4-A137-E14AC8DFB327} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (No File)
Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)
Task: {9805F2E9-A583-4063-86FF-0C47CE56A48C} - System32\Tasks\CLToast => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {9DCEA3AF-311F-46BC-87C9-C880614AC30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-23] (Google Inc -> Google LLC)
Task: {9EC3A1CD-9913-4FB7-AA5D-3940F7FD5B45} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4200344 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0CB5320-9F28-403B-A9E7-FCAB9E88D0E0} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxStart.exe [155936 2017-04-19] (Maxthon (Asia) Limited. -> Maxthon International ltd.)
Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe /show (No File)
Task: {C53BB61C-4C18-407E-9900-9BA987531E05} - System32\Tasks\CLToastRun => C:\Program Files (x86)\CyberLink\Shared files\CLToast.exe [2317480 2021-09-06] (CyberLink Corp. -> )
Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (No File)
Task: {E85E19FD-0C98-4D06-8129-FC4964EDB436} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u (No File)
Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (No File)
Task: {F282F2B9-0D6C-40A0-80C3-D3FC013B9F6E} - System32\Tasks\PowerDirectorStyleAgent => C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe [97960 2021-09-06] (CyberLink Corp. -> CyberLink Corp.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22c5832e-a5cc-4454-ad43-7e2ec265982e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1
Edge:
=======
DownloadDir: C:\Users\ronny\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-03]
Edge DownloadDir: Default -> C:\Users\ronny\Downloads
Edge Notifications: Default -> hxxps://www.facebook.com
Edge HomePage: Default -> hxxp://https//:yahoo.com
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-03-09]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 6nm8fvx2.default-1611594858898
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 [2022-03-30]
FF Homepage: Mozilla\Firefox\Profiles\6nm8fvx2.default-1611594858898 -> hxxps://www.bing.com/?pc=W091
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\ntamu3y2.default-1618974619849 [2022-03-30]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2020-07-01] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2022-03-30]
CHR Notifications: Default -> hxxps://gayneedsex.com; hxxps://geek.wish.com; hxxps://mrgay.com; hxxps://www.aliexpress.com; hxxps://www.bestofarkansassports.com; hxxps://www.crosswalk.com; hxxps://www.facebook.com; hxxps://www.paramountplus.com; hxxps://www.reddit.com; hxxps://www.westernjournal.com; hxxps://www.youtube.com
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Extension: (Slides) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16]
CHR Extension: (Easy Online Image/Photo Editor) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\akcgjjdppiajicgmjkggechdkolcpfkm [2021-12-27]
CHR Extension: (Docs) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16]
CHR Extension: (Google Drive) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16]
CHR Extension: (YouTube) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-03-24]
CHR Extension: (Image Manager) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcknobmagahblapmkjepaflnakhagle [2021-12-27]
CHR Extension: (Microsoft Rewards) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgcedjacmlbgleddnoacbnijgmiolem [2022-03-11]
CHR Extension: (Sheets) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-16]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-03-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-20]
CHR Extension: (BeFunky Extension) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mffeadjabcnpcjlpbdbhoglnfbmbfkoo [2022-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
CHR Extension: (Gmail) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16]
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-29]
CHR HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ddojnmkongaimkdddgmcccldlfhokcfb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable [2022-04-02]
OPR Notifications: Opera Stable -> hxxps://wp.aliexpress.com; hxxps://www.xvideos.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-03-25]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\ronny\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-03-25]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [106944 2017-06-29] (Andrea Electronics -> Andrea Electronics Corporation)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2022-03-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2020-07-15] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncHelper.exe [3382176 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-03-29] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.045.0227.0004\OneDriveUpdaterService.exe [3861400 2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2021-07-14] (PALTALK, INC. -> AVM Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [626344 2021-09-06] (CyberLink Corp. -> CyberLink)
R2 sherpa_service; C:\Program Files\Blue Sherpa\sherpa_service.exe [348080 2020-08-01] (Baltic Latvian Universal Electronics LLC -> )
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-18] (NCH Software Pty Ltd -> NCH Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AFXfilt; C:\WINDOWS\system32\drivers\AFXfilt.sys [33792 2017-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [53616 2021-01-11] (Creative Technology Ltd -> Creative Technology Ltd)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33784 2020-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 EvoMouseDriverMini; C:\WINDOWS\system32\drivers\EvoMouseDriverMini.sys [25952 2018-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Evoluent)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-03-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-03-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-04-01] (Malwarebytes Inc -> Malwarebytes)
R3 mbtun; C:\WINDOWS\system32\DRIVERS\mbtun.sys [86680 2021-04-18] (Malwarebytes Inc -> Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-03-12] (NCH Software Pty Ltd -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-03 14:32 - 2022-04-03 14:33 - 000000000 ____D C:\FRST
2022-04-03 14:15 - 2022-04-03 14:15 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\IGDump
2022-04-03 12:52 - 2022-04-03 12:52 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2022-04-03 12:33 - 2022-04-03 12:33 - 000000000 ____D C:\Users\ronny\Downloads\ProcessExplorer (1)
2022-04-03 12:32 - 2022-04-03 12:32 - 002650810 _____ C:\Users\ronny\Downloads\ProcessExplorer (1).zip
2022-04-02 02:09 - 2022-04-02 02:09 - 013471344 _____ C:\Users\ronny\Downloads\MB-SupportTool.exe
2022-04-02 01:56 - 2022-04-03 03:41 - 000000000 ____D C:\WINDOWS\LastGood
2022-04-01 02:47 - 2022-04-01 02:47 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-04-01 02:47 - 2022-04-01 02:47 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-04-01 02:47 - 2022-04-01 02:47 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-04-01 02:14 - 2022-04-01 02:14 - 000002118 _____ C:\Users\Public\Desktop\WGT Golf.lnk
2022-04-01 02:13 - 2022-04-01 02:13 - 002383872 _____ C:\Users\ronny\Downloads\WGTLauncher (3).msi
2022-03-31 22:57 - 2022-03-31 22:57 - 000002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2022-03-31 22:55 - 2017-12-21 00:55 - 001435104 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000467120 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000381376 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2022-03-31 22:55 - 2017-12-21 00:55 - 000341112 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000231880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000190512 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000096024 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000093456 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000092440 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:50 - 000092440 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000343672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000090880 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000088280 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2022-03-31 22:55 - 2017-12-21 00:49 - 000083592 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 001353288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000691640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000392832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000220352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000116504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2022-03-31 22:55 - 2017-12-21 00:44 - 000093864 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2022-03-31 22:55 - 2017-12-21 00:43 - 000327240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2022-03-31 22:55 - 2017-12-21 00:40 - 003677120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2022-03-31 22:55 - 2017-12-21 00:40 - 003205568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2022-03-31 22:55 - 2017-12-21 00:39 - 072520680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2022-03-31 22:55 - 2017-12-21 00:39 - 002922944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2022-03-31 22:55 - 2017-12-21 00:38 - 000122280 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2022-03-31 22:55 - 2017-12-21 00:01 - 015335659 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2022-03-31 22:35 - 2022-03-31 22:35 - 000000000 ___HD C:\$WinREAgent
2022-03-31 10:27 - 2022-03-31 10:27 - 000000000 ____D C:\Users\ronny\Downloads\wumt
2022-03-31 10:07 - 2022-03-31 10:07 - 008603549 _____ C:\Users\ronny\Downloads\wumt (1).zip
2022-03-31 10:02 - 2022-03-31 10:02 - 008603549 _____ C:\Users\ronny\Downloads\wumt.zip
2022-03-31 09:58 - 2022-03-31 09:58 - 010158832 _____ (Tonec Inc.) C:\Users\ronny\Downloads\Unconfirmed 611218.crdownload
2022-03-31 09:56 - 2022-03-31 09:57 - 067503948 _____ C:\Users\ronny\Downloads\Unconfirmed 528429.crdownload
2022-03-31 09:56 - 2022-03-31 09:56 - 067503948 _____ C:\Users\ronny\Downloads\Unconfirmed 751268.crdownload
2022-03-30 23:24 - 2022-03-30 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-03-29 17:08 - 2022-03-31 10:39 - 000001385 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-03-29 14:43 - 2022-03-29 14:43 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-03-29 14:43 - 2022-03-29 14:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-03-29 14:42 - 2022-03-29 14:43 - 000000000 ____D C:\Program Files\Malwarebytes
2022-03-29 14:41 - 2022-03-29 14:41 - 202117816 _____ (Malwarebytes) C:\Users\ronny\Downloads\MBSetup-0076911.0076911-4.5.2.157.exe
2022-03-28 18:48 - 2022-03-28 18:49 - 000018140 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2022-03-28 18:48 - 2022-03-28 18:48 - 007333288 _____ (Tweaking.com) C:\Users\ronny\Downloads\tweaking.com_registry_backup_setup (5).exe
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-03-27 12:52 - 2022-03-27 12:52 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-03-25 09:21 - 2022-03-25 09:21 - 000000000 ____D C:\Users\ronny\AppData\Local\Opera Software
2022-03-25 09:20 - 2022-03-25 09:20 - 002754824 _____ (Opera Software) C:\Users\ronny\Downloads\OperaSetup.exe
2022-03-25 09:20 - 2022-03-25 09:20 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Opera Software
2022-03-16 22:08 - 2022-03-31 02:42 - 009031680 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.sql
2022-03-16 22:08 - 2022-03-30 02:39 - 009031680 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-a6a29945429dd8db4edc.old.sql
2022-03-16 22:08 - 2022-03-16 22:08 - 430067712 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-a6a29945429dd8db4edc.sql
2022-03-16 21:54 - 2022-03-16 21:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2022-03-16 21:51 - 2022-03-16 21:51 - 000000000 ____D C:\Users\ronny\AppData\Local\Adaware
2022-03-13 18:06 - 2022-03-13 18:06 - 000125635 _____ C:\Users\ronny\Downloads\Account e-Statement - January 2022.pdf
2022-03-11 19:23 - 2022-03-11 19:23 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-11 19:22 - 2022-03-11 19:22 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-11 19:21 - 2022-03-11 19:21 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-11 19:21 - 2022-03-11 19:21 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-03-11 19:21 - 2022-03-11 19:21 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-03-08 20:16 - 2022-03-08 20:16 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-03 14:15 - 2021-10-09 06:02 - 000000000 ____D C:\Program Files (x86)\Freemake
2022-04-03 14:10 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-03 14:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-04-03 13:37 - 2019-10-23 15:40 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-03 10:11 - 2021-01-03 02:20 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6C960934-DC27-4EFF-89D5-F77C012D2312}
2022-04-03 03:44 - 2021-01-03 02:17 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-03 03:44 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-03 03:41 - 2020-09-24 04:44 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2022-04-03 03:41 - 2020-06-08 11:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-04-02 23:56 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-02 21:24 - 2021-01-03 02:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-02 13:33 - 2020-11-12 22:07 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2022-04-02 01:58 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-01 18:05 - 2020-07-19 08:00 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-01 18:05 - 2020-07-19 08:00 - 000002355 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-04-01 02:49 - 2019-10-23 15:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-01 02:49 - 2019-10-23 15:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-01 02:46 - 2021-01-03 02:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-01 02:46 - 2021-01-03 02:02 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-01 02:45 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-04-01 02:43 - 2020-12-19 14:40 - 000000000 ____D C:\Users\ronny\AppData\Local\ESET
2022-04-01 02:42 - 2020-12-20 17:45 - 000000000 ____D C:\KPRM
2022-04-01 02:15 - 2021-06-20 22:05 - 000000000 ____D C:\Users\ronny\AppData\Local\SimplePatchToolDls
2022-03-31 22:57 - 2021-12-28 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2022-03-31 22:56 - 2021-06-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-03-31 22:55 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-31 10:32 - 2020-07-01 22:12 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2022-03-31 00:52 - 2020-12-29 10:43 - 000000000 ____D C:\Users\ronny\AppData\Local\vback
2022-03-30 23:25 - 2021-01-16 09:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2022-03-29 14:43 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-29 14:36 - 2021-01-10 10:13 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2022-03-29 14:36 - 2021-01-10 10:12 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2022-03-29 14:27 - 2021-09-11 17:17 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-03-29 14:26 - 2021-08-26 04:35 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Temp
2022-03-28 18:48 - 2020-12-18 21:01 - 000002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2022-03-25 20:41 - 2021-12-12 15:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-687888615-3449104039-937635755-1001
2022-03-25 20:41 - 2021-02-26 03:43 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-03-25 20:41 - 2021-02-26 03:43 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-24 10:41 - 2020-09-16 13:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-24 00:08 - 2021-01-03 02:08 - 000000000 ____D C:\Users\ronny
2022-03-20 20:48 - 2021-01-03 02:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2022-03-19 02:09 - 2021-01-16 09:34 - 000000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2022-03-19 02:09 - 2021-01-16 09:34 - 000000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2022-03-19 02:09 - 2021-01-03 02:03 - 000444392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-19 02:06 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-19 02:06 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-15 07:40 - 2019-10-23 14:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-11 19:36 - 2020-09-30 01:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-11 19:20 - 2021-01-03 02:06 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-03-11 18:48 - 2020-07-02 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-11 18:44 - 2020-07-02 02:27 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-10 22:17 - 2021-01-16 09:34 - 000003874 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2022-03-10 22:17 - 2021-01-16 09:34 - 000003642 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2022-03-10 04:59 - 2020-07-02 19:49 - 000000000 ____D C:\Program Files\UNP
2022-03-10 02:22 - 2021-01-19 18:57 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e19fdc9c5413
2022-03-10 02:22 - 2021-01-03 02:20 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== Files in the root of some directories ========
2020-12-27 15:29 - 2020-12-27 15:29 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
2020-12-27 15:29 - 2020-12-27 15:29 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2020-07-10 05:21 - 2020-07-10 05:21 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-06-30 21:12 - 2021-06-30 21:12 - 000007597 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022
Ran by ronny (03-04-2022 14:34:47)
Running from C:\Users\ronny\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1586 (X64) (2021-01-03 07:21:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-687888615-3449104039-937635755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-687888615-3449104039-937635755-503 - Limited - Disabled)
Guest (S-1-5-21-687888615-3449104039-937635755-501 - Limited - Disabled)
ronny (S-1-5-21-687888615-3449104039-937635755-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-687888615-3449104039-937635755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(7) Facebook (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\876d02b7a154c12acc74dbe21dbbc4a7) (Version: 1.0 - (7) Facebook)
8 Ball Pool - A free Sports Game (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\f2e784ea14e2058dcbf097ec01441184) (Version: 1.0 - 8 Ball Pool - A free Sports Game)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
ASUS WebStorage Timeline Backup (HKLM-x32\...\ASUS WebStorage Timeline Backup) (Version: 1.0.0.23 - ASUS Cloud Corporation)
Bing Wallpaper (HKLM-x32\...\{9FBBDD1D-2CE0-4DC7-B7F8-026F6668DBD3}) (Version: 1.0.9.6 - Microsoft Corporation)
Blue Sherpa (HKLM-x32\...\Blue Sherpa) (Version: 1.4.16 - Blue Microphones)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5be0c4916bb74b139b07376939538cf5) (Version: 1.0 - Cannon Balls 3D - Play Cannon Balls 3D on Crazy Games)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
CyberLink PowerDirector 365 (HKLM-x32\...\{278A8296-12A6-4CD0-8A8E-6947948477C5}) (Version: 20.0.2106.0 - CyberLink Corp.)
DeskFX Audio Effect Processor (HKLM-x32\...\DeskFX) (Version: 3.14 - NCH Software)
Documentation Manager (HKLM\...\{82FBBBC9-616A-4247-BEAD-87B8132D49D2}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 145.4.4921 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
Dwyco CDC-X version 2.31 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Dwyco CDC-X_is1) (Version: 2.31 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
Featured Songs _ SingSnap Karaoke (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\5c7ad6f550c744e9a98014f78df7bc92) (Version: 1.0 - Featured Songs _ SingSnap Karaoke)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.60 - Google LLC)
HP Support Assistant (HKLM-x32\...\{54ECA61C-83AE-4EE3-A9F7-848155A33386}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D0873D1A-C420-483C-A2B7-08AACD6CAC00}) (Version: 12.18.34.21 - HP Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001100-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.100.1.1 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{056c22c9-0ef2-4a10-ba00-4d68d16c5669}) (Version: 22.0.0.6 - Intel Corporation) Hidden
Java 8 Update 321 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Kanto Player version 12.0.0.0 (HKLM-x32\...\{B3749D9E-AFD6-49D6-8F40-4722B45859FF}_is1) (Version: 12.0.0.0 - Globosoft S.R.L.)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.528 - Gisburne Media)
LibreOffice 6.1.6.3 (HKLM\...\{FDD378C0-438D-4E89-A692-6D010D5AF9D0}) (Version: 6.1.6.3 - The Document Foundation)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 3.10.3 - )
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
Maxthon (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Maxthon) (Version: 6.1.0.2000 - Maxthon Ltd.)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.5.1000 - Maxthon International Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.045.0227.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 7.10 - NCH Software)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Firefox 78.6.0 ESR (x64 en-US) (HKLM\...\Mozilla Firefox 78.6.0 ESR (x64 en-US)) (Version: 78.6.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.6.0 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
ocenaudio (HKLM-x32\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 8.00 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8328 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
Samsung DeX (HKLM-x32\...\{2EB6072C-55E0-4AA0-A851-A34A5D64F6C9}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{3d6025db-b129-4813-84ac-91328af71882}) (Version: 2.0.1.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Sound Blaster Audigy Fx (HKLM-x32\...\{77CE1865-F3B9-4B6D-A558-28674AE7787E}) (Version: 1.00.06 - Creative Technology Limited)
Sound Blaster Audigy Fx Extras (HKLM-x32\...\{52272D09-08E0-4A57-BC14-BC09F5D7AE26}) (Version: 1.0 - Creative Technology Limited)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version: 10.56 - NCH Software)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 10.75 - NCH Software)
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
War Thunder Launcher 1.0.3.282 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
Wargaming.net Game Center (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\Wargaming.net Game Center) (Version: 21.8.2.7331 - Wargaming.net)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 12.23 - NCH Software)
WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
World of Tanks NA (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOT.NA.PRODUCTION) (Version: - Wargaming.net)
World_of_Warplanes (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWP.WW.PRODUCTION) (Version: - Wargaming.net)
World_of_Warships (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\WOWS.WW.PRODUCTION) (Version: - Wargaming.net)
Y8 Browser 1.0.10 (HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)
Packages:
=========
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.2.1.0_x64__0aqw1zw0x2snt [2021-10-14] (韵华软件)
AutoCAD Mobile -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_8.23.0.0_x64__tf1gferkr813w [2022-03-31] (Autodesk Inc.)
City Racing 3D 2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.5.0_x64__3ag0hv5nd203a [2021-10-14] (成都羽珀科技有限责任公司) [MS Ad]
DrawPad Graphic Design Editor Free -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_8.1.8.0_x86__7kedsbyvzns34 [2022-03-25] (NCH Software)
Farkle Free!! -> C:\Program Files\WindowsApps\IronjawStudiosPrivateLimi.FarkleFree_2.0.1.0_x64__0ah1jqwq7j8nj [2021-10-14] (Ironjaw Studios Private Limited)
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.1703.60.0_x64__xsbsxxypt8dh6 [2021-12-22] (eyacker.com)
Media Player - All Formats, Video Player All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.13.0_x64__q68sgvev02mx6 [2021-10-14] (Swisspix) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-25] (Microsoft Studios) [MS Ad]
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2021-10-14] (Keith Lam)
Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_3.0.9.0_neutral__gvheqymwk6zrr [2021-12-10] (Zero Byte) [Startup Task]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-14] (Microsoft Corporation)
Speech to Text -> C:\Program Files\WindowsApps\49600POONFAMILY.SpeechtoText_1.1.0.2_x86__cjkmrjc535bpe [2021-10-14] (POONFAMILY) [MS Ad]
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.3.0_x64__1722q061jff9j [2021-10-14] (Best Game Studio) [MS Ad]
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2021-10-14] (LSongBee) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\ronny\AppData\Local\Maxthon\Application\6.1.0.2000\notification_helper.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\ronny\Dropbox [2021-01-21 15:24]
CustomCLSID: HKU\S-1-5-21-687888615-3449104039-937635755-1001_Classes\CLSID\{e4211cc1-dab9-49db-af72-8e71f657e3c5}\localserver32 -> C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe (NCH Software, Inc. -> NCH Software)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.045.0227.0004\FileSyncShell64.dll [2022-03-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-29] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2011-09-16 05:04 - 2011-09-16 05:04 - 000238080 _____ (Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\CTLoadRs.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-01-20] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2022-03-29 14:21 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2021-01-12 09:13 - 2021-01-12 09:13 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-687888615-3449104039-937635755-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20220403.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VRS"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "ASUS WebStorage Timeline Backup"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Samsung DeX"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\StartupApproved\Run: => "CTRegRun"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{982257A6-2960-4CC5-B218-9C82D0FDF538}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{D878296B-3054-4CB8-AE02-04EDC6D71925}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{AF67BDB6-1C1C-491B-9674-FFF1A21D5947}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{DCD0CA11-52AF-44CB-B55B-190AFA8312BE}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{A44ADCAB-F36B-4CE4-8019-BA7CD41B8738}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{67605349-E1B0-4A34-999E-4F40E09F08B8}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{B3A4C66C-2FF9-4A17-8A8C-90D574B68004}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{055DE081-7DF1-49FB-A657-4FE2FC430CC4}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon Ltd.)
FirewallRules: [{ED58E4D4-63E1-482D-8836-F4DDA5215099}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{4942BF96-9725-4E37-A256-5B0B2ECB4079}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{80726437-D855-42F0-9567-D7FCAC8B66D1}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{63A43B1B-D2A0-405E-8244-3D4F50143137}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{54A1549B-1042-48EC-9BD7-3F1186C1110B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{C0AC34D7-37A5-4B19-9296-58D831CEF53A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [UDP Query User{72A359B6-8686-4D0C-9010-F5C4677C2F28}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [TCP Query User{8A6DCB1A-50FC-48A8-A88C-DA3907DFFDA1}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [{DA9EFC59-0094-43A4-943D-169A65514486}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2F6D75D-3BEF-4A19-BA1E-EA4C0D942C1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C42F249E-09CB-428F-A8EF-A1B612F17D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F64764EE-AF4C-40FF-B5DE-3A222E0C45E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1D3A289-3545-4A74-B10C-8AA1A9AEDD47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{902624FE-B543-4700-98C7-9AB58B45E88E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EAA32B60-CC16-415D-AD4F-0042E68BCE5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EA6A1DC-9430-4FF9-B046-EA49C1225BAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6554C7BA-EC36-40D8-A0AF-B45EA345CFEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EB78F90-60DD-414D-B0BE-959F79188F1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{CE00FE93-FB6F-4FC8-AAD5-E7581803509A}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{BF3AA785-855A-47BD-8A71-572E874F8095}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [TCP Query User{D186F964-CDBE-4556-A7C3-B323D0D4992D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{E92F51C9-4EF6-4FE2-839D-04033893C61D}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Allow) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [TCP Query User{A2C21B27-525C-47F0-80B2-CAD32FAB60B9}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{83AFC75C-B451-4DA8-9473-83E62094B9FD}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [TCP Query User{8D4B2E09-73A4-49D9-84E2-B32DCB73C74F}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{E55F3C4C-A35C-41A9-AC27-50B0BFAD8878}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{9FD57219-DABB-401D-8946-6882C2804BE3}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{AF1C38B7-66CA-4ECF-9E43-2D9E7C1FB5D7}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{B46037EE-E896-4026-8074-186B1A433CF6}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{3C1E87DC-457B-4854-9389-A71ED3992371}C:\games\world_of_tanks_na\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_na\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{15D87C4B-FF2D-4BAF-886B-E2B8BC79C647}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{6D5EEC59-D930-451E-A844-0217285E138C}C:\users\ronny\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [TCP Query User{1A807194-50F0-4706-8F00-FD34AA32563E}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{3B23A8A4-906C-4F27-AB16-BEDC3CBB4298}C:\users\ronny\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\ronny\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{30356CD6-449A-4F6C-A754-44357A926440}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{25FF29BF-942C-4149-9672-CE70C5C1859F}] => (Allow) C:\Users\ronny\OneDrive\Desktop\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{D48AB89F-548C-4749-8D94-D023200E2ADC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F710309B-F801-46AF-B5F8-0383D424A267}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0409FED-A462-4D77-9C6C-B3A987B6710A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8307A542-5E1F-4DF9-952B-9ECDECB9151D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{71F0ADF0-11DC-4F0D-9619-C5EC060B502A}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{6EC61F7D-56EA-498C-A24F-1202603C591F}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [{AD55A4C9-25B6-4095-B472-3D0524D511B5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{4FF24595-B7E6-4136-B045-0081F7D8FAC0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{DB0B87DF-6185-4AD0-97C0-16561ADFE967}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{75FB5C39-D3FA-4BCD-9E8A-2AFEAB2C0049}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: JieLi BR21
Description: USB Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Generic USB Audio)
Service: usbaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (04/03/2022 04:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9985
Error: (04/03/2022 04:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9985
Error: (04/03/2022 04:08:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/03/2022 04:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8000
Error: (04/03/2022 04:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8000
Error: (04/03/2022 04:08:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/03/2022 04:08:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6016
Error: (04/03/2022 04:08:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6016
System errors:
=============
Error: (04/03/2022 02:09:18 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (04/03/2022 12:27:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VRS Recording System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (04/01/2022 02:48:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (04/01/2022 02:46:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The cphs service terminated with the following error:
%%2147942659 = No more data is available.
Error: (04/01/2022 02:45:07 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.
Error: (03/31/2022 10:29:24 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (03/31/2022 10:18:31 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (03/31/2022 12:54:34 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Windows Defender:
================
Date: 2022-03-31 23:40:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-16 21:55:03
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...32/Pearfoos.A!ml&threatid=256595&enterprise=0
Name: PUA:Win32/Pearfoos.A!ml
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe; process:_pid:12584,ProcessStart:132919591082836513
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.114.0, AS: 1.361.114.0, NIS: 1.361.114.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-16 21:53:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...32/Pearfoos.A!ml&threatid=256595&enterprise=0
Name: PUA:Win32/Pearfoos.A!ml
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.114.0, AS: 1.361.114.0, NIS: 1.361.114.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-16 21:52:03
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...32/Pearfoos.A!ml&threatid=256595&enterprise=0
Name: PUA:Win32/Pearfoos.A!ml
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\ronny\AppData\Local\Temp\7zSCDB1F266\GenericSetup.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.361.114.0, AS: 1.361.114.0, NIS: 1.361.114.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
CodeIntegrity:
===============
Date: 2022-01-26 22:43:45
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ronny\Downloads\BT-22.100.1-32-64UWD-Win10-Win11.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-10-14 04:28:20
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cdrom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-10-14 04:28:18
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\cimfs.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-10-03 02:35:45
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Hewlett-Packard L01 v02.65 07/13/2015
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
Percentage of memory in use: 65%
Total physical RAM: 8082.33 MB
Available physical RAM: 2757.07 MB
Total Virtual: 9770.32 MB
Available Virtual: 2908.68 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.29 GB) (Free:714.43 GB) NTFS
Drive d: (SB_INSTALL) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
\\?\Volume{6936fdef-0000-0000-0000-100000000000}\ (System) (Fixed) (Total:0.49 GB) (Free:0.16 GB) NTFS
\\?\Volume{6936fdef-0000-0000-0000-f0b1e8000000}\ () (Fixed) (Total:0.73 GB) (Free:0.31 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6936FDEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=749 MB) - (Type=27)
==================== End of Addition.txt =======================
- Feb 12, 2015
- 1,887
Hi, rb.
Please do the following with the same order. Meanwhile, do not install or download anyhting on this computer, without being instructed.
1. FRST fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
2. Check TLS settings
In your next reply please post:
Please do the following with the same order. Meanwhile, do not install or download anyhting on this computer, without being instructed.
1. FRST fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\MountPoints2: {cd31f76c-a9b5-11ea-aae4-806e6f6e6963} - "D:\Audio\setup.exe"
Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r (No File)
Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r /m (No File)
Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)
Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe /show (No File)
Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (No File)
Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u (No File)
Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (No File)
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
CHR Notifications: Default -> hxxps://gayneedsex.com; hxxps://geek.wish.com; hxxps://mrgay.com; hxxps://www.aliexpress.com; hxxps://www.bestofarkansassports.com; hxxps://www.crosswalk.com; hxxps://www.facebook.com; hxxps://www.paramountplus.com; hxxps://www.reddit.com; hxxps://www.westernjournal.com; hxxps://www.youtube.com
OPR Notifications: Opera Stable -> hxxps://wp.aliexpress.com; hxxps://www.xvideos.com
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{71F0ADF0-11DC-4F0D-9619-C5EC060B502A}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{6EC61F7D-56EA-498C-A24F-1202603C591F}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [TCP Query User{DB0B87DF-6185-4AD0-97C0-16561ADFE967}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{75FB5C39-D3FA-4BCD-9E8A-2AFEAB2C0049}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
2022-03-16 21:54 - 2022-03-16 21:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2022-03-16 21:51 - 2022-03-16 21:51 - 000000000 ____D C:\Users\ronny\AppData\Local\Adaware
2022-04-03 14:15 - 2021-10-09 06:02 - 000000000 ____D C:\Program Files (x86)\Freemake
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: ipconfig /flushdns
EmptyTemp:
End::- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Please post the log in your next reply.
2. Check TLS settings
- Press the Windows logo key together with the letter r.
- Copy/paste this in the area beside Open: inetcpl.cpl
- Select the Advanced tab
- Scroll until you find the Security section
- Make sure to check all the TLS settings
- Restart the computer
In your next reply please post:
- The fixlog.txt
- If you successfully changed the TLS settings
- Feedback: Check if you can reach Yahoo and let me know
ok dr. here is fixlog and i changed setting to select all TSL boxes. also earlier today i noticed an email from yahoo included a link i'd never hit on so i tried it and yes, yahoo opened up and i was able to open emails. i don't know what changed that but glad something did!
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022
Ran by ronny (04-04-2022 17:17:10) Run:1
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\MountPoints2: {cd31f76c-a9b5-11ea-aae4-806e6f6e6963} - "D:\Audio\setup.exe"
Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r (No File)
Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r /m (No File)
Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)
Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe /show (No File)
Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (No File)
Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u (No File)
Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (No File)
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
CHR Notifications: Default -> hxxps://gayneedsex.com; hxxps://geek.wish.com; hxxps://mrgay.com; hxxps://www.aliexpress.com; hxxps://www.bestofarkansassports.com; hxxps://www.crosswalk.com; hxxps://www.facebook.com; hxxps://www.paramountplus.com; hxxps://www.reddit.com; hxxps://www.westernjournal.com; hxxps://www.youtube.com
OPR Notifications: Opera Stable -> hxxps://wp.aliexpress.com; hxxps://www.xvideos.com
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{71F0ADF0-11DC-4F0D-9619-C5EC060B502A}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{6EC61F7D-56EA-498C-A24F-1202603C591F}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [TCP Query User{DB0B87DF-6185-4AD0-97C0-16561ADFE967}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{75FB5C39-D3FA-4BCD-9E8A-2AFEAB2C0049}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
2022-03-16 21:54 - 2022-03-16 21:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2022-03-16 21:51 - 2022-03-16 21:51 - 000000000 ____D C:\Users\ronny\AppData\Local\Adaware
2022-04-03 14:15 - 2021-10-09 06:02 - 000000000 ____D C:\Program Files (x86)\Freemake
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: ipconfig /flushdns
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}\\NameServer" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\New Value #1" => removed successfully
HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd31f76c-a9b5-11ea-aae4-806e6f6e6963} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29AC548F-9476-4DD6-8189-44F32348EB59}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29AC548F-9476-4DD6-8189-44F32348EB59}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Health Analysis" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64B4806A-2CF4-45B0-97A8-4BEE96D34FBE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64B4806A-2CF4-45B0-97A8-4BEE96D34FBE}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Product Configurator" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FC97267-27C8-4D04-9BCE-88F13078CD42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC97267-27C8-4D04-9BCE-88F13078CD42}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B6D01E4-94A8-4857-AE55-329F3D14C65D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B6D01E4-94A8-4857-AE55-329F3D14C65D}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7D476E4-2920-47C7-88A2-9491F9258CC9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7D476E4-2920-47C7-88A2-9491F9258CC9}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED5995CB-86D1-4018-A8AF-7B9B7C5930EB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED5995CB-86D1-4018-A8AF-7B9B7C5930EB}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F26B541D-2DF2-43FF-94FF-E09EAFECF0EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F26B541D-2DF2-43FF-94FF-E09EAFECF0EE}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker" => removed successfully
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20] => Error: No automatic fix found for this entry.
"Chrome Notifications" => removed successfully
"OPR Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\HPSupportSolutionsFrameworkService => removed successfully
HPSupportSolutionsFrameworkService => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{71F0ADF0-11DC-4F0D-9619-C5EC060B502A}C:\users\ronny\appdata\local\programs\opera\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6EC61F7D-56EA-498C-A24F-1202603C591F}C:\users\ronny\appdata\local\programs\opera\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DB0B87DF-6185-4AD0-97C0-16561ADFE967}C:\users\ronny\appdata\local\programs\opera\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{75FB5C39-D3FA-4BCD-9E8A-2AFEAB2C0049}C:\users\ronny\appdata\local\programs\opera\opera.exe" => removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X => moved successfully
C:\Users\ronny\AppData\Local\Adaware => moved successfully
C:\Program Files (x86)\Freemake => moved successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Access is denied.
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Access is denied.
wevtutil : Failed to clear log Microsoft-Windows-USBVideo/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...Video/Analytic.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
The instance name passed was not recognized as valid by a WMI data provider.
========= End of Powershell: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset C:\resettcpip.txt =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65580360 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8982278 B
Edge => 0 B
Chrome => 0 B
Firefox => 22444813 B
Opera => 91802464 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7696 B
NetworkService => 18296 B
ronny => 279664614 B
RecycleBin => 202142072 B
EmptyTemp: => 640.3 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:20:48 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-04-2022
Ran by ronny (04-04-2022 17:17:10) Run:1
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Tcpip\..\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}: [NameServer] 10.64.0.1
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 0
HKLM\...\Policies\Explorer: [New Value #1]
HKU\S-1-5-21-687888615-3449104039-937635755-1001\...\MountPoints2: {cd31f76c-a9b5-11ea-aae4-806e6f6e6963} - "D:\Audio\setup.exe"
Task: {29AC548F-9476-4DD6-8189-44F32348EB59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r (No File)
Task: {3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (No File)
Task: {64B4806A-2CF4-45B0-97A8-4BEE96D34FBE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (No File)
Task: {6FC97267-27C8-4D04-9BCE-88F13078CD42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r /m (No File)
Task: {8B6D01E4-94A8-4857-AE55-329F3D14C65D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (No File)
Task: {A7D476E4-2920-47C7-88A2-9491F9258CC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe /show (No File)
Task: {D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (No File)
Task: {ED5995CB-86D1-4018-A8AF-7B9B7C5930EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u (No File)
Task: {F26B541D-2DF2-43FF-94FF-E09EAFECF0EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (No File)
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20]
CHR Notifications: Default -> hxxps://gayneedsex.com; hxxps://geek.wish.com; hxxps://mrgay.com; hxxps://www.aliexpress.com; hxxps://www.bestofarkansassports.com; hxxps://www.crosswalk.com; hxxps://www.facebook.com; hxxps://www.paramountplus.com; hxxps://www.reddit.com; hxxps://www.westernjournal.com; hxxps://www.youtube.com
OPR Notifications: Opera Stable -> hxxps://wp.aliexpress.com; hxxps://www.xvideos.com
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{71F0ADF0-11DC-4F0D-9619-C5EC060B502A}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{6EC61F7D-56EA-498C-A24F-1202603C591F}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [TCP Query User{DB0B87DF-6185-4AD0-97C0-16561ADFE967}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{75FB5C39-D3FA-4BCD-9E8A-2AFEAB2C0049}C:\users\ronny\appdata\local\programs\opera\opera.exe] => (Block) C:\users\ronny\appdata\local\programs\opera\opera.exe => No File
2022-03-16 21:54 - 2022-03-16 21:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2022-03-16 21:51 - 2022-03-16 21:51 - 000000000 ____D C:\Users\ronny\AppData\Local\Adaware
2022-04-03 14:15 - 2021-10-09 06:02 - 000000000 ____D C:\Program Files (x86)\Freemake
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: ipconfig /flushdns
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a1c649d7-8186-4ea9-c6fa-88ec630da128}\\NameServer" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\New Value #1" => removed successfully
HKU\S-1-5-21-687888615-3449104039-937635755-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd31f76c-a9b5-11ea-aae4-806e6f6e6963} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29AC548F-9476-4DD6-8189-44F32348EB59}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29AC548F-9476-4DD6-8189-44F32348EB59}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FC5FCA1-32EA-4B4C-B1CD-D0A3A909232F}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Health Analysis" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64B4806A-2CF4-45B0-97A8-4BEE96D34FBE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64B4806A-2CF4-45B0-97A8-4BEE96D34FBE}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Product Configurator" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FC97267-27C8-4D04-9BCE-88F13078CD42}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC97267-27C8-4D04-9BCE-88F13078CD42}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B6D01E4-94A8-4857-AE55-329F3D14C65D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B6D01E4-94A8-4857-AE55-329F3D14C65D}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7D476E4-2920-47C7-88A2-9491F9258CC9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7D476E4-2920-47C7-88A2-9491F9258CC9}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D09EC22C-0F9E-4EA5-9B38-A291FFD6DE6F}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED5995CB-86D1-4018-A8AF-7B9B7C5930EB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED5995CB-86D1-4018-A8AF-7B9B7C5930EB}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F26B541D-2DF2-43FF-94FF-E09EAFECF0EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F26B541D-2DF2-43FF-94FF-E09EAFECF0EE}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker" => removed successfully
Edge Extension: (No Name) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2020-07-20] => Error: No automatic fix found for this entry.
"Chrome Notifications" => removed successfully
"OPR Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\HPSupportSolutionsFrameworkService => removed successfully
HPSupportSolutionsFrameworkService => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{71F0ADF0-11DC-4F0D-9619-C5EC060B502A}C:\users\ronny\appdata\local\programs\opera\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6EC61F7D-56EA-498C-A24F-1202603C591F}C:\users\ronny\appdata\local\programs\opera\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DB0B87DF-6185-4AD0-97C0-16561ADFE967}C:\users\ronny\appdata\local\programs\opera\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{75FB5C39-D3FA-4BCD-9E8A-2AFEAB2C0049}C:\users\ronny\appdata\local\programs\opera\opera.exe" => removed successfully
C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X => moved successfully
C:\Users\ronny\AppData\Local\Adaware => moved successfully
C:\Program Files (x86)\Freemake => moved successfully
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
========= wevtutil el | Foreach-Object {wevtutil cl "$_"} =========
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...iveId/Analytic.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Access is denied.
wevtutil : Failed to clear log Microsoft-Windows-LiveId/Operational.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...Id/Operational.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Access is denied.
wevtutil : Failed to clear log Microsoft-Windows-USBVideo/Analytic.
At C:\FRST\tmp.ps1:1 char:31
+ wevtutil el | Foreach-Object {wevtutil cl "$_"}
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (Failed to clear...Video/Analytic.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
The instance name passed was not recognized as valid by a WMI data provider.
========= End of Powershell: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset C:\resettcpip.txt =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65580360 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8982278 B
Edge => 0 B
Chrome => 0 B
Firefox => 22444813 B
Opera => 91802464 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7696 B
NetworkService => 18296 B
ronny => 279664614 B
RecycleBin => 202142072 B
EmptyTemp: => 640.3 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:20:48 ====
- Status
Has Sysnative Forums helped you? Please consider donating to help us support the site!