View Single Post
  #52  
Old January 23rd, 2021, 07:42 AM
Han Solo Han Solo is offline
Senior Member
 
Join Date: Jun 2005
Posts: 134
Hey, finally got internet back...

Something happened with pc but not sure what.. left it on and unattended yesterday evening for approx 2 hrs and when came back screen was black and only thing working/ visible was the mouse pointer which could move around.. hit keyboard keys including ctrl-alt-del and nothin.. no response.. so had to hard reboot.

Was running good, not sure what happened.. if it blue screened and rebooted or what. Guess it could be similar to last wk when had problems with windows explorer and booted to safe mode and had black screen, post #11.. otherwise ran good today.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2021
Ran by Hans (administrator) on PC (Dell Inc. Inspiron 620) (23-01-2021 01:13:04)
Running from C:\Users\Hans\Desktop
Loaded Profiles: Hans
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Dell Inc -> ) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Dell Inc -> SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dell Inc -> SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
(Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.e xe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64 .exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> ) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Nenad Hrg -> Nenad Hrg (SoftwareOK.com)) C:\Users\Hans\AppData\Roaming\Q-Dir\Q-Dir.exe
(Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe
(ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
(ProtonVPN AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(ProtonVPN AG -> The OpenVPN Project) C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\openvpn.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Sonic Solutions -> ) C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Synology Inc. -> ) C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] (Unlimited Realities -> )
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1519312 2017-06-25] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions -> Sonic Solutions)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] () [File not signed]
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Symantec Corporation -> Dell, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] (Sonic Solutions -> )
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-4200521874-2590480824-2585516950-1000\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7452480 2020-10-06] (ProtonVPN AG -> )
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24283120 2020-01-23] (Plex, Inc. -> Plex, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MX880 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAN.DLL [30208 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX880 series: C:\Windows\system32\CNCALAN.DLL [302080 2010-11-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX880 series: C:\Windows\system32\CNMLMAN.DLL [385024 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [328192 2010-09-08] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Inst aller\chrmstp.exe [2021-01-14] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2012-04-01]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-09-02]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0110782D-8874-4428-9253-0FC0001794D1} - System32\Tasks\NWC => C:\Program Files (x86)\ASCOMP Software\Synchredible\nwc.exe [332288 2014-09-30] () [File not signed]
Task: {0D0524A3-E68F-41E8-B8A2-324632A5A01A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {49A214E5-828F-47E3-9685-505850C22A4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [3545880 2013-04-23] (Piriform Ltd -> Piriform Ltd)
Task: {4F723766-9267-4A0F-9E80-D4E473128B8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {55C3090F-E86F-4E6C-A6B8-5D233BA03727} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {59C6FDD2-8F88-4D5B-BD24-73C6E8EE89F5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E62607A-A35F-40C0-8F80-E2C36B212A02} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyb oardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft)
Task: {6E8648CE-0E52-48D2-851F-17A79C334E78} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe
Task: {74D9A0AF-EDA3-411C-9181-87666EB0120E} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
Task: {776D0E2E-4453-445C-9DAF-D36387F055DC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe
Task: {77CCD346-000C-4879-AD86-4593016FA8D7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7AC189AF-7198-46AE-AAC5-C9E80539CC24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.)
Task: {8104CE8F-1675-47ED-85F8-1C7A7ABC903C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8331C3DD-5990-4F43-8B2C-2CB9B6765CA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A2080677-F342-4763-97C0-B18542DEE646} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_ 0_0_465_Plugin.exe
Task: {B7B8E81D-307B-4C1F-9CF8-633D619CFA41} - System32\Tasks\{F4F46FA1-7FD6-4681-A330-8AD497C43C02} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\5XOIFA2S\WBSP_IE_Setup.exe" -d C:\Users\Hans\Desktop
Task: {BEBA5329-B275-46AA-9B33-842800D3B30A} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_ exe => rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkID=230628
Task: {D788AB35-C928-481C-AE04-49F6A2E2CD42} - System32\Tasks\{FCEF3078-6348-4EF2-A133-EA5922813B83} => C:\Windows\system32\pcalua.exe -a C:\Users\Hans\Downloads\WBSP_IE_Setup.exe -d C:\Users\Hans\Desktop
Task: {DA526EE1-9119-49D3-A2EB-D46AC198046E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: {DDD9C578-3B5F-4035-99FD-B3C48CC2126D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-19] (Google Inc -> Google Inc.)
Task: {E4F6B829-35D7-4354-9AA1-B10A7AC332F3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {EC0AC83F-1CB1-4464-A104-888B1807169E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_ex e => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEE16815-66A5-4908-BAEB-30D61334AE14} - System32\Tasks\{E22B9F1E-B872-4306-8F1C-2D709707F048} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\MQ3KEK3B\PCHCInstallerPackage.ex e" -d C:\Users\Hans\Desktop
Task: {EEEAA326-2308-475C-99AF-BABE00811BD0} - System32\Tasks\{1D7851FC-923C-4BF0-9EF7-98C14DFD5E08} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hans\Downloads\Shockwave_Installer_S lim 11.6.1.629.exe" -d C:\Users\Hans\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.18.0.1
Tcpip\..\Interfaces\{66647859-4A98-410D-A6EA-64B8B46ABB45}: [NameServer] 209.18.47.61,209.18.47.62
Tcpip\..\Interfaces\{E9CDC65B-EFDF-4B40-9F9B-CA8F169B46B8}: [DhcpNameServer] 10.18.0.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]

FireFox:
========
FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default [2021-01-17]
FF Extension: (HydraReader Class) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{37D4A353-C49B-8A56-4230-FE2A6C825946} [2014-11-06] [Legacy] [not signed]
FF Extension: (WOT) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Prof iles\mwg4kyqa.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-02] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.) [File not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google Inc. -> Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2021-01-23]
CHR DownloadDir: N:\
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Extension: (Slides) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-17]
CHR Extension: (Sparta: War of Empires) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcokacflmihcgkgjofglkhobj kheeic [2016-01-16]
CHR Extension: (Docs) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2020-10-30]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp [2021-01-12]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkop ceiche [2021-01-12]
CHR Extension: (YouTube) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-12-19]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2020-12-24]
CHR Extension: (OneTab) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkd nihall [2020-09-21]
CHR Extension: (uBlock Origin) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2021-01-12]
CHR Extension: (Google Search) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-12-19]
CHR Extension: (Tab Restore) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbndgjfafojhfndfgpcibceghe lbbnep [2018-02-04]
CHR Extension: (Session Buddy) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbc dcpbko [2020-05-13]
CHR Extension: (Recent History) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmkfdfomhhlonpbnpiibloace mdhjjm [2019-12-23]
CHR Extension: (Sheets) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-17]
CHR Extension: (History Button) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofpnhmbgmmeaialapfddhbhfo ngoinh [2018-02-04]
CHR Extension: (2nd Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplioachhfdbehddoehahffjbc feinid [2018-02-04]
CHR Extension: (Fair Ads) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkh ggcmge [2017-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2020-11-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2021-01-15]
CHR Extension: (Toolbar Spacer) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\golladjmjodbefcoombodcdhim kmgemd [2018-02-04]
CHR Extension: (Open in VLC™ media player) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpiinojhnfhpdmmacgmpoonph himkaj [2021-01-01]
CHR Extension: (Recently Closed) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\khiocfdofmabcpofejbffpboco abcjib [2021-01-22]
CHR Extension: (Zoom for Google Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojik agldgd [2020-08-13]
CHR Extension: (Fair AdBlocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdh pknnjh [2020-10-18]
CHR Extension: (Extensions) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjcdccmhfohhffdhmleihkcge fgnghb [2020-05-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2019-10-14]
CHR Extension: (Weather Forecast) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofobaelkgcpicbdoabokjlnmdc bjellg [2020-06-13]
CHR Extension: (Bookmarks) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogpfecfneobbmjefimpeomoelo ahjmcm [2019-10-31]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkc fikeof [2020-12-09]
CHR Extension: (uBlock Plus Adblocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofnbdifeelbaidfgpikinijek kjcicg [2018-02-06]
CHR Extension: (VLC Video Downloader) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggkpkppiimfmjhlnkdhaleiom ejgedd [2018-12-21]
CHR Extension: (Gmail) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2020-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2020-12-14]
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [671744 2016-12-18] (Genie9) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-17] (Malwarebytes Inc -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2136056 2020-01-23] (Plex, Inc. -> Plex, Inc.)
R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> )
R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia -> Secunia)
R2 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1695040 2012-02-16] (Dell Inc -> SoftThinks SAS)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [253912 2019-10-30] (Synology Inc. -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [55776 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-18] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTun nelDriver.sys [22456 2020-08-19] (ProtonVPN AG -> Proton Technologies AG)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-08-19] (ProtonVPN AG -> The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-23 01:13 - 2021-01-23 01:14 - 000029500 _____ C:\Users\Hans\Desktop\FRST.txt
2021-01-22 09:13 - 2021-01-22 09:13 - 000001128 _____ C:\Users\Public\Desktop\Backup Thunderbird.lnk
2021-01-22 09:13 - 2021-01-22 09:13 - 000001128 _____ C:\ProgramData\Desktop\Backup Thunderbird.lnk
2021-01-22 09:13 - 2021-01-22 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup Thunderbird
2021-01-22 09:13 - 2021-01-22 09:13 - 000000000 ____D C:\Program Files (x86)\Backup Thunderbird
2021-01-22 09:09 - 2021-01-22 09:09 - 001289313 _____ (backupthunderbird.com ) C:\Users\Hans\Desktop\backupthunderbird_setup.exe
2021-01-21 19:00 - 2021-01-21 19:00 - 000278504 _____ C:\Windows\Minidump\012121-20529-01.dmp
2021-01-20 23:00 - 2021-01-20 23:00 - 001021164 _____ C:\Users\Hans\Desktop\inspiron-620_service manual_en-us.pdf
2021-01-20 09:12 - 2021-01-20 09:19 - 000000000 ____D C:\f466e4c8851c01e97ddacb544b
2021-01-20 09:12 - 2021-01-20 09:12 - 000000000 ____D C:\Windows\system32\EventProviders
2021-01-18 17:52 - 2021-01-18 17:52 - 038447553 _____ C:\Users\Hans\Desktop\CBS.zip
2021-01-18 17:51 - 2021-01-18 17:51 - 000000000 ____D C:\Users\Hans\Desktop\CBS
2021-01-18 16:48 - 2021-01-18 16:48 - 000278560 _____ C:\Windows\Minidump\011821-28875-01.dmp
2021-01-18 01:21 - 2021-01-22 08:57 - 000000000 ____D C:\Users\Hans\AppData\Local\CrashDumps
2021-01-17 20:58 - 2021-01-17 20:58 - 000278560 _____ C:\Windows\Minidump\011721-23665-01.dmp
2021-01-17 17:33 - 2021-01-17 17:33 - 000001212 _____ C:\Users\Hans\Desktop\Malwarebytes scan report.txt
2021-01-17 17:19 - 2021-01-17 17:19 - 000000043 _____ C:\Users\Hans\Desktop\DECRYPT_INSTRUCTION.txt
2021-01-17 16:54 - 2021-01-17 16:54 - 000000000 ____D C:\Users\Hans\AppData\Local\mbam
2021-01-17 16:53 - 2021-01-18 17:00 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-17 16:53 - 2021-01-17 16:53 - 000001922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-17 16:53 - 2021-01-17 16:53 - 000001910 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-17 16:53 - 2021-01-17 16:53 - 000001910 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-17 16:53 - 2021-01-17 16:52 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-17 16:52 - 2021-01-17 16:52 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-17 16:30 - 2021-01-17 16:30 - 002040904 _____ (Malwarebytes) C:\Users\Hans\Desktop\MBSetup-076981.076981-Consumer.exe
2021-01-17 16:27 - 2021-01-17 16:27 - 000001641 _____ C:\Users\Hans\Desktop\AdwCleaner[C00].txt
2021-01-17 15:35 - 2021-01-17 15:35 - 008458096 _____ (Malwarebytes) C:\Users\Hans\Desktop\adwcleaner_8.0.9.exe
2021-01-17 15:34 - 2021-01-17 15:34 - 008447152 _____ (Malwarebytes) C:\Users\Hans\Desktop\AdwCleaner.exe
2021-01-17 15:28 - 2021-01-17 15:28 - 000003668 _____ C:\Windows\system32\Tasks\ProtonVPN Update
2021-01-17 15:15 - 2021-01-17 15:16 - 000014834 _____ C:\Users\Hans\Desktop\Fixlog.txt
2021-01-16 14:07 - 2021-01-16 14:07 - 000278560 _____ C:\Windows\Minidump\011621-23244-01.dmp
2021-01-16 09:45 - 2021-01-23 01:12 - 000000000 ____D C:\Users\Hans\Desktop\FRST-OlderVersion
2021-01-14 16:23 - 2021-01-14 16:23 - 000270880 _____ C:\Windows\Minidump\011421-28126-01.dmp
2021-01-13 10:15 - 2021-01-13 10:15 - 000269888 _____ C:\Windows\Minidump\011321-27846-01.dmp
2021-01-12 18:22 - 2021-01-23 01:11 - 000011237 _____ C:\Users\Hans\Desktop\BSOD post1.txt
2021-01-12 17:38 - 2021-01-12 17:38 - 000000207 _____ C:\Windows\tweaking.com-regbackup-PC-Windows-7-Home-Premium-(64-bit).dat
2021-01-12 17:38 - 2021-01-12 17:38 - 000000000 ____D C:\RegBackup
2021-01-12 17:31 - 2021-01-12 17:31 - 000002165 _____ C:\Users\Hans\Desktop\Tweaking.com - Windows Repair.lnk
2021-01-12 17:31 - 2021-01-12 17:31 - 000000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2021-01-12 17:31 - 2021-01-12 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2021-01-12 17:31 - 2021-01-12 17:31 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2021-01-12 17:10 - 2021-01-12 17:10 - 000278504 _____ C:\Windows\Minidump\011221-25646-01.dmp
2021-01-12 16:10 - 2021-01-12 16:10 - 000000266 _____ C:\Users\Hans\Downloads\BSOD post.txt
2021-01-12 15:51 - 2021-01-12 17:32 - 001070107 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2021-01-12 15:50 - 2021-01-12 15:50 - 040931680 _____ (Tweaking.com) C:\Users\Hans\Desktop\tweaking.com_windows_repair_ aio_setup.exe
2021-01-10 18:07 - 2021-01-23 01:12 - 002296320 _____ (Farbar) C:\Users\Hans\Desktop\FRST64.exe
2021-01-06 15:20 - 2021-01-06 15:20 - 000278504 _____ C:\Windows\Minidump\010621-23337-01.dmp
2021-01-06 14:50 - 2021-01-20 12:53 - 000607866 _____ C:\Windows\ntbtlog.txt
2021-01-06 14:50 - 2021-01-06 14:50 - 000278504 _____ C:\Windows\Minidump\010621-24133-01.dmp
2021-01-06 14:49 - 2021-01-06 14:49 - 000278504 _____ C:\Windows\Minidump\010621-19125-01.dmp
2021-01-06 14:47 - 2021-01-06 14:47 - 000278560 _____ C:\Windows\Minidump\010621-23306-01.dmp
2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\Users\Public\Desktop\Synology Assistant.lnk
2020-12-31 12:49 - 2020-12-31 12:49 - 000001194 _____ C:\ProgramData\Desktop\Synology Assistant.lnk
2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Synology
2020-12-31 12:49 - 2020-12-31 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2020-12-31 11:46 - 2020-12-31 12:49 - 000000000 ____D C:\Program Files (x86)\Synology

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-23 01:13 - 2014-11-20 18:54 - 000000000 ____D C:\FRST
2021-01-22 19:57 - 2012-09-12 15:47 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2021-01-22 19:43 - 2018-02-03 21:46 - 000000000 ____D C:\Users\Hans\AppData\Roaming\vlc
2021-01-22 09:51 - 2017-07-12 01:30 - 000027648 ___SH C:\Users\Hans\Downloads\Thumbs.db
2021-01-22 09:14 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-22 09:14 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-22 08:59 - 2009-07-14 00:13 - 000783424 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-22 08:59 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2021-01-22 08:55 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2021-01-22 08:55 - 2011-08-17 20:36 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2021-01-22 08:54 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-21 19:00 - 2020-09-21 19:04 - 683818863 _____ C:\Windows\MEMORY.DMP
2021-01-21 16:37 - 2010-11-20 22:27 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-01-21 01:02 - 2019-08-17 18:01 - 000000000 ____D C:\Users\Hans\AppData\Local\Plex Media Server
2021-01-21 00:51 - 2011-12-26 15:18 - 000000000 ____D C:\Users\Hans\AppData\Roaming\SoftGrid Client
2021-01-20 17:39 - 2011-12-26 10:20 - 000075248 _____ C:\Users\Hans\AppData\Local\GDIPFONTCACHEV1.DAT
2021-01-20 17:37 - 2009-07-13 23:45 - 000321280 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-20 17:26 - 2011-02-10 11:10 - 000783424 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2021-01-20 17:26 - 2009-07-13 21:34 - 000000471 _____ C:\Windows\win.ini
2021-01-20 13:22 - 2014-11-07 01:30 - 000000000 ____D C:\Users\Hans\Downloads\New Downloads
2021-01-20 13:00 - 2015-01-07 18:26 - 000000000 ____D C:\Users\Hans\Documents\New Stuff
2021-01-18 16:48 - 2015-11-05 09:22 - 000000000 ____D C:\Windows\Minidump
2021-01-18 16:18 - 2009-07-14 00:08 - 000032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-01-17 21:52 - 2018-02-04 13:43 - 000000000 ____D C:\Users\Hans\AppData\Roaming\XYplorerFree
2021-01-17 16:52 - 2012-08-05 10:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-17 15:39 - 2014-11-26 15:59 - 000000000 ____D C:\AdwCleaner
2021-01-17 15:27 - 2019-08-20 20:54 - 000000000 ____D C:\Users\Hans\AppData\Local\ProtonVPN
2021-01-17 08:59 - 2013-08-19 18:23 - 000000000 ____D C:\Users\Hans\AppData\LocalLow\Temp
2021-01-17 08:57 - 2009-07-13 22:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-01-17 08:57 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2021-01-16 20:39 - 2012-01-15 10:42 - 000000000 ____D C:\Program Files (x86)\FileHippo.com
2021-01-16 20:37 - 2011-12-30 18:46 - 000000000 ____D C:\Windows\system32\Macromed
2021-01-16 20:37 - 2011-08-17 19:56 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2021-01-16 20:32 - 2012-04-01 09:01 - 000000000 ____D C:\Program Files (x86)\ArcSoft
2021-01-16 00:29 - 2020-10-25 13:15 - 000000000 ____D C:\Users\Hans\Desktop\stuff
2021-01-16 00:12 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Catroot2.old
2021-01-14 16:35 - 2015-12-19 20:01 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-14 16:35 - 2015-12-19 20:01 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-14 16:35 - 2015-12-19 20:01 - 000002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-12 22:35 - 2019-04-06 21:32 - 000000000 ____D C:\Users\Hans\AppData\Roaming\Resilio Sync
2021-01-06 15:05 - 2011-12-26 14:34 - 000000000 ____D C:\Users\Hans\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ========

2014-11-12 17:42 - 2014-11-12 17:42 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\DECRYPT_INSTRUCTION. URL
2014-11-12 17:41 - 2014-11-12 17:41 - 000000272 _____ () C:\Users\Hans\AppData\Roaming\Microsoft\DECRYPT_IN STRUCTION.URL
2012-12-13 07:48 - 2019-12-15 17:14 - 000164864 _____ () C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 17:39 - 2014-11-12 17:39 - 000000272 _____ () C:\Users\Hans\AppData\Local\DECRYPT_INSTRUCTION.UR L
2012-04-01 19:23 - 2012-04-01 19:23 - 000000022 _____ () C:\Users\Hans\AppData\Local\kodakpcd.ini
2012-01-09 11:17 - 2020-06-09 19:57 - 000007613 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-01-22 10:14
==================== End of FRST.txt ========================
Reply With Quote