[SOLVED] back already, it seems as though i've been hijacked...again

[rb56]

last night all was well as i shut down. now first thing this morning i start up and get a prompt that my user profile could not be found. i close that and my desktop opens to an odd lenovo desktop with hardly any of my icons. i open edge and it starts me on the whole new edge thing. this is what brought me here the last visit. all i've done is backup and the frst d'load. thanks for any help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023
Ran by ronny (administrator) on DADSLENOVO (LENOVO 82R1) (01-10-2023 13:01:45)
Running from C:\Users\TEMP\Desktop\FRST64.exe
Loaded Profiles: ronny <==== ATTENTION (Temporary Profile?)
Platform: Microsoft Windows 11 Home Version 22H2 22621.2361 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyUtility.exe
(DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <29>
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe [1643360 2023-02-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" [64328616 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [MicrosoftEdgeAutoLaunch_FB8D4600C819C56C049D36FCF4727107] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210112 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [33785424 2023-06-28] (PALTALK, INC. -> Paltalk, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-12] (Google LLC -> Google LLC)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2023-06-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {095B292E-1FFD-47D1-87EB-9415212241BC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {F8378F44-E924-44D1-A741-C66B701234DC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {E4E9FEF9-DE5A-448B-A2E0-A6EAFF3CB452} - System32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c (No File)
Task: {9AD0AA72-7CC0-4790-BA6A-B7D1F8222155} - System32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (No File)
Task: {84A29AC9-EB7F-4C28-934D-4EB13C5EBA03} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe BatteryGaugeAddinDailyScheduleTask (No File)
Task: {E856AD4B-FB9E-41D3-92B5-78B5A30A08AC} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe DailyTelemetryTransmission (No File)
Task: {35877514-ADC0-4E9E-BE21-CCAB84F93032} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe GenericMessagingAddin (No File)
Task: {59E77B03-FE27-432B-B3A7-2292B1D06503} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (No File)
Task: {22278E05-5A2F-4C8F-B900-8F6A83A7557F} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe IdeaNotebookAddinDailyEvent (No File)
Task: {90573BDF-9B27-408C-83F0-73FF2073C773} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.MonthlyReport (No File)
Task: {1DC02616-FB4E-4EA5-8E06-5E85529F82E6} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.SScan (No File)
Task: {3F158CA8-4CBC-42B1-B81B-C1D39B18125C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoBoostAddin.Prompt (No File)
Task: {12726F46-58A1-4E5A-B4DD-2C502EDB4E40} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoCompanionAppAddinDailyScheduleTask (No File)
Task: {CE117F0F-8948-4D1A-A842-535F4BCD68B6} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoSystemUpdateAddin_WeeklyTask (No File)
Task: {3A019985-964D-4E80-9633-BF127FBBF263} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SettingsWidgetAddinDailyScheduleTask (No File)
Task: {8F779427-C0B3-4C6E-9536-A80347F2139D} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SmartPerformance.ExpireReminder (No File)
Task: {932E342A-DFDE-48B7-8D55-CFAEA0684563} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe VantageCoreAddinWeekScheduleTask (No File)
Task: {545BDD1F-4C81-4E0C-B83D-64FEF3FCCEA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {18DC19D6-7BA2-48CF-A179-23D49CBC8E99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {70BE69D4-BDFA-40EC-9C13-3740656C2F59} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F6FF2E0-EEA9-4986-88B9-355FAA7829D7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB19E30A-25B4-40AB-84B9-3803F1093B85} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C980847-1C45-4780-94F6-6401F6E9EAF5} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
Task: {2A9E4063-351A-4E4C-AAD3-294F274CFFF7} - System32\Tasks\Microsoft\Windows\PLA\RPT863C.tmp => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1552384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {24E178C5-1D19-43AC-8F81-7514BBAE1825} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9E6A901-E8D6-4D7B-85AB-BD7D91910055} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BDEEC90E-5E03-4B65-98F9-AEB75D753B5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F527D7E2-239F-43E5-8F04-B2EC8DD81470} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A73DBF5C-044E-4D66-BDA1-9DD15CDB4CA7} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [635296 2023-09-30] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1172AD74-F866-4F8C-87D0-2155120F3FDB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [767392 2023-09-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {4A26BC7B-D39E-4D64-94A5-6A4E380E7F34} - System32\Tasks\NCH Software\SoundTapSevenDays => C:\Program Files (x86)\NCH Software\SoundTap\SoundTap.exe [1215200 2022-08-31] (NCH Software, Inc. -> NCH Software)
Task: {CB5E1DD3-0BD0-4253-9338-D92D0E4DCE5A} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {16F21AAA-B402-426E-BFAF-D49171E07F75} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{89ebeca7-a551-40b5-89d1-3144d4422878}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{b06834c6-f58e-4ab5-babd-daefa009e8f0}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\TEMP\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-01]
Edge HomePage: Default -> hxxp://www.msn.com/
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\TEMP\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-10-01]
Edge Extension: (Google Docs Offline) - C:\Users\TEMP\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-01]
Edge Extension: (Edge relevant text changes) - C:\Users\TEMP\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-01]
Edge Extension: (uBlock Origin) - C:\Users\TEMP\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-10-01]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2023-05-31] (Solware IT Ltd -> Solware)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
S3 CloudBackupRestoreSvc; C:\Windows\System32\CloudRestoreLauncher.dll [1261568 2023-09-26] (Microsoft Windows -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe [2360336 2023-01-18] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [891336 2023-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe [295904 2023-08-17] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1831672 2022-08-17] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287960 2023-09-26] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2023-04-24] (PALTALK, INC. -> AVM Software)
R2 UDCService; C:\Windows\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72944 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsaService; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2307.40000.6.0_x64__8wekyb3d8bbwe\WsaService\WsaService.exe [243712 2023-09-01] (Microsoft Corporation -> )
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 VRSService; "C:\Program Files (x86)\NCH Software\VRS\vrs.exe" -service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [35344 2022-09-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\amdkmdag.sys [94633360 2022-11-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\Windows\System32\drivers\fse.sys [218464 2023-05-02] (Microsoft Windows -> Microsoft Corporation)
S3 iriuna0; C:\Windows\system32\drivers\iriuna0.sys [46976 2021-04-06] (Iriun Oy -> Windows (R) Win 7 DDK provider)
S3 iriunvid; C:\Windows\System32\DriverStore\FileRepository\iriunvid.inf_amd64_daa9f7b9ae89ea8c\iriunvid.sys [164976 2023-01-10] (Iriun Oy -> Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2023-09-29] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-09-29] (Malwarebytes Inc. -> Malwarebytes)
S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\Windows\system32\DRIVERS\stdriverx64.sys [54664 2023-05-30] (NCH Software Pty Ltd -> )
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-07-02] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-01 13:01 - 2023-10-01 13:02 - 000023990 _____ C:\Users\TEMP\Desktop\FRST.txt
2023-10-01 13:01 - 2023-10-01 13:02 - 000000000 ____D C:\FRST
2023-10-01 12:59 - 2023-10-01 13:01 - 002382848 _____ (Farbar) C:\Users\TEMP\Desktop\FRST64.exe
2023-10-01 12:56 - 2023-10-01 12:56 - 000000000 ____D C:\Users\TEMP\AppData\Local\OneDrive
2023-10-01 12:19 - 2023-10-01 12:19 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\Mozilla
2023-10-01 12:18 - 2023-10-01 12:19 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Mozilla
2023-10-01 12:18 - 2023-10-01 12:19 - 000000000 ____D C:\Users\TEMP\AppData\Local\Malwarebytes
2023-10-01 12:18 - 2023-10-01 12:18 - 000000000 ____D C:\Users\TEMP\AppData\Local\Mozilla
2023-10-01 12:16 - 2023-10-01 12:16 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\AMD
2023-10-01 12:16 - 2023-10-01 12:16 - 000000000 ____D C:\Users\TEMP\AppData\Local\PlaceholderTileLogoFolder
2023-10-01 12:14 - 2023-10-01 12:14 - 000000000 ____D C:\Users\TEMP\AppData\Local\CrashDumps
2023-10-01 12:13 - 2023-10-01 12:17 - 000002355 _____ C:\Users\TEMP\Desktop\Microsoft Edge.lnk
2023-10-01 12:13 - 2023-10-01 12:13 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Network
2023-10-01 12:12 - 2023-10-01 12:19 - 000000000 ____D C:\Users\TEMP\AppData\Local\Packages
2023-10-01 12:12 - 2023-10-01 12:14 - 000000000 ____D C:\Users\TEMP\AppData\LocalLow\IGDump
2023-10-01 12:12 - 2023-10-01 12:12 - 000000000 ___SD C:\Users\TEMP\AppData\Roaming\Microsoft\SystemCertificates
2023-10-01 12:12 - 2023-10-01 12:12 - 000000000 ___SD C:\Users\TEMP\AppData\Roaming\Microsoft\Protect
2023-10-01 12:12 - 2023-10-01 12:12 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2023-10-01 12:12 - 2023-10-01 12:12 - 000000000 ____D C:\Users\TEMP\AppData\Local\Google
2023-10-01 12:11 - 2023-10-01 12:36 - 000000000 ____D C:\Users\TEMP\AppData\Local\D3DSCache
2023-10-01 12:11 - 2023-10-01 12:21 - 000000000 ___RD C:\Users\TEMP\OneDrive
2023-10-01 12:11 - 2023-10-01 12:18 - 000000000 ____D C:\Users\TEMP\AppData\Local\ConnectedDevicesPlatform
2023-10-01 12:11 - 2023-10-01 12:17 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Spelling
2023-10-01 12:11 - 2023-10-01 12:13 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows
2023-10-01 12:11 - 2023-10-01 12:12 - 000000000 ____D C:\Users\TEMP
2023-10-01 12:11 - 2023-10-01 12:11 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2023-10-01 12:11 - 2023-10-01 12:11 - 000000000 ___SD C:\Users\TEMP\AppData\Roaming\Microsoft\Credentials
2023-10-01 12:11 - 2023-10-01 12:11 - 000000000 ____D C:\Users\TEMP\AppData\Local\Lenovo
2023-10-01 12:11 - 2023-05-29 17:35 - 000000000 ____D C:\Users\TEMP\AppData\Local\AMD
2023-09-30 07:04 - 2023-09-30 07:04 - 003145032 _____ (OneLaunch ) C:\Users\ronny\Downloads\Unconfirmed 737454.crdownload
2023-09-29 17:35 - 2023-09-29 17:35 - 003749745 _____ C:\Users\ronny\Downloads\Magnolia Wind-accompaniment-Eb major-69bpm-441hz.m4a.crdownload
2023-09-29 15:30 - 2023-09-29 15:30 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2023-09-29 15:30 - 2023-09-29 15:30 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-09-29 15:29 - 2023-09-29 15:29 - 000000000 ____D C:\Users\ronny\NCH Software Suite
2023-09-29 15:28 - 2023-09-29 15:28 - 000000000 ____D C:\Program Files (x86)\NCH Software
2023-09-29 15:24 - 2023-09-29 15:24 - 000892128 _____ (NCH Software) C:\Users\ronny\Downloads\Unconfirmed 861032.crdownload
2023-09-28 03:05 - 2023-09-28 03:05 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2023-09-27 01:29 - 2023-09-27 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pocket Tanks
2023-09-27 01:29 - 2023-09-27 01:29 - 000000000 ____D C:\Program Files (x86)\Pocket Tanks
2023-09-26 20:43 - 2023-09-26 20:43 - 000060462 _____ C:\Windows\SysWOW64\ctac.json
2023-09-26 20:42 - 2023-09-26 20:42 - 000060462 _____ C:\Windows\system32\ctac.json
2023-09-26 20:42 - 2023-09-26 20:42 - 000016239 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-09-25 11:18 - 2023-09-25 11:18 - 000000000 ___HD C:\$SysReset
2023-09-15 03:18 - 2023-09-15 03:18 - 000003511 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Last Castle.lnk
2023-09-15 02:42 - 2023-09-15 02:42 - 000003671 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tactic Defense.lnk
2023-09-14 05:58 - 2023-09-14 05:58 - 000003551 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jamata Tower Defense Free.lnk
2023-09-14 05:24 - 2023-09-14 05:24 - 000003691 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tower Raiders 2 FREE.lnk
2023-09-14 05:19 - 2023-09-14 05:19 - 000003503 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Appstore.lnk
2023-09-13 02:35 - 2023-09-13 02:35 - 000030503 _____ C:\Users\ronny\Downloads\download.jfif
2023-09-12 20:19 - 2023-09-12 20:19 - 000000000 ____D C:\KPRM
2023-09-09 14:44 - 2023-09-09 14:44 - 000003848 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2023-09-09 14:44 - 2023-09-09 14:44 - 000003406 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2023-09-09 12:22 - 2023-09-12 20:20 - 000000000 ____D C:\Users\ronny\AppData\Local\ESET
2023-09-05 14:43 - 2023-09-05 14:43 - 000006128 _____ C:\Profile.txt
2023-09-02 16:23 - 2023-09-12 14:08 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-02 16:23 - 2023-09-12 14:08 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-02 16:23 - 2023-09-02 16:23 - 000000000 ____D C:\Users\ronny\AppData\Local\Google
2023-09-02 16:23 - 2023-09-02 16:23 - 000000000 ____D C:\Program Files\Google
2023-09-02 16:22 - 2023-09-14 05:27 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-02 16:22 - 2023-09-02 16:22 - 001372712 _____ (Google LLC) C:\Users\ronny\Downloads\ChromeSetup.exe
2023-09-02 16:22 - 2023-09-02 16:22 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2}
2023-09-02 16:22 - 2023-09-02 16:22 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29}
2023-09-01 23:15 - 2023-09-01 23:15 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\UProof
2023-09-01 23:14 - 2023-09-01 23:14 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\PowerPoint

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-01 12:39 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\AppReadiness
2023-10-01 12:38 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-01 12:34 - 2022-05-25 14:06 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-01 12:29 - 2022-05-07 00:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-10-01 12:26 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemTemp
2023-10-01 12:20 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-01 12:19 - 2023-06-06 14:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-10-01 12:19 - 2023-05-27 10:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-10-01 12:19 - 2023-05-27 10:59 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-01 12:19 - 2023-05-27 10:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-10-01 12:19 - 2023-05-02 11:11 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001
2023-10-01 12:12 - 2022-05-25 14:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-10-01 12:11 - 2022-05-25 14:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-01 03:06 - 2023-05-02 09:32 - 000000000 ____D C:\Users\ronny
2023-10-01 01:29 - 2023-06-25 16:05 - 000004148 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{52507B6B-D19B-4D56-B70B-4DAF891436AC}
2023-09-30 23:49 - 2023-05-04 18:13 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2023-09-30 18:25 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\D3DSCache
2023-09-30 16:50 - 2023-05-04 18:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-30 16:50 - 2023-05-04 18:22 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-09-30 16:50 - 2023-05-04 18:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-30 08:44 - 2023-05-17 23:43 - 000000000 ____D C:\Users\ronny\AppData\Local\Malwarebytes
2023-09-29 17:14 - 2023-05-02 11:11 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2023-09-29 17:14 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2023-09-29 17:11 - 2022-09-07 00:43 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2023-09-29 17:11 - 2022-05-07 00:22 - 000000000 ____D C:\Windows\INF
2023-09-29 17:01 - 2022-05-25 14:05 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-29 17:01 - 2022-05-25 14:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-29 17:01 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ServiceState
2023-09-29 16:36 - 2023-05-02 11:11 - 000000000 ___RD C:\Users\ronny\OneDrive
2023-09-29 15:29 - 2023-05-30 01:57 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2023-09-29 15:29 - 2023-05-30 01:57 - 000001238 _____ C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
2023-09-29 15:29 - 2023-05-08 09:16 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software
2023-09-29 15:29 - 2022-05-07 00:17 - 000786432 _____ C:\Windows\system32\config\BBI
2023-09-29 05:06 - 2023-08-17 03:51 - 000000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2023-09-29 04:11 - 2023-05-08 12:53 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2023-09-28 07:29 - 2023-05-25 11:23 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-09-28 03:06 - 2022-05-25 14:05 - 000474032 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\UUS
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemResources
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\setup
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\oobe
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\migwiz
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Dism
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellComponents
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\Provisioning
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\bcastdvr
2023-09-26 21:30 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\NDF
2023-09-26 20:59 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-26 20:55 - 2022-05-25 14:06 - 000000000 ____D C:\ProgramData\Packages
2023-09-26 20:48 - 2022-05-07 00:17 - 000000000 ____D C:\Windows\CbsTemp
2023-09-26 20:43 - 2022-05-25 14:08 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-19 10:14 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\LiveKernelReports
2023-09-17 14:57 - 2022-09-07 00:24 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-15 03:06 - 2022-05-25 14:06 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-09-15 03:06 - 2022-05-25 14:06 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-09-14 14:56 - 2023-05-02 07:17 - 000000000 ____D C:\Windows\system32\MRT
2023-09-14 14:52 - 2023-05-02 07:17 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-14 07:33 - 2023-05-06 17:22 - 002688512 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-09-14 07:33 - 2023-05-06 17:22 - 000095848 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-09-14 07:33 - 2023-05-06 17:22 - 000075368 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-09-14 07:33 - 2023-05-06 17:22 - 000000000 ____D C:\XboxGames
2023-09-14 07:32 - 2023-05-06 17:22 - 000483328 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-09-14 07:32 - 2023-05-06 17:22 - 000210536 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-09-14 07:32 - 2023-05-06 17:22 - 000181864 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-09-14 07:32 - 2023-05-06 17:22 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-09-14 06:27 - 2022-09-07 00:35 - 000000000 ____D C:\Program Files (x86)\Lenovo
2023-09-07 03:10 - 2023-05-02 11:17 - 000000000 ____D C:\Users\ronny\AppData\Local\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\Windows\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\ProgramData\Lenovo
2023-09-06 11:24 - 2022-05-07 00:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-09-06 01:53 - 2023-05-02 07:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-05 17:53 - 2023-05-02 16:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2023-09-01 23:15 - 2023-05-11 16:50 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Office

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by ronny (01-10-2023 13:04:32)
Running from C:\Users\TEMP\Desktop
Microsoft Windows 11 Home Version 22H2 22621.2361 (X64) (2023-04-27 10:29:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-808004889-1866680771-1985815163-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-808004889-1866680771-1985815163-503 - Limited - Disabled)
Guest (S-1-5-21-808004889-1866680771-1985815163-501 - Limited - Disabled)
ronny (S-1-5-21-808004889-1866680771-1985815163-1001 - Administrator - Enabled) => C:\Users\TEMP
WDAGUtilityAccount (S-1-5-21-808004889-1866680771-1985815163-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
Lenovo Now (HKLM-x32\...\Lenovo Now) (Version: 3.10.0.63 - Lenovo Group Ltd.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
Malwarebytes version 4.6.2.281 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.2.281 - Malwarebytes)
Microsoft .NET Core Host - 3.1.16 (x86) (HKLM-x32\...\{5D887DA9-5C68-400F-8948-1CC517CB9A41}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.16 (x86) (HKLM-x32\...\{A0066D67-1765-4066-B260-DD548A154CB5}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.16 (x86) (HKLM-x32\...\{876E7C98-9A2F-4644-BD03-7E6253D54EFE}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.43 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{23B1E150-9D20-42E9-ABEA-5F155FE91878}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{eadb038c-8c60-4258-8cf9-e43e809329a4}) (Version: 3.1.16.30112 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 102.15.1 ESR (x64 en-US)) (Version: 102.15.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.11.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 102.15.1.8655 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
Pocket Tanks v1.6 (HKLM-x32\...\Pocket Tanks_is1) (Version: 1.6 - Blitwise Productions, LLC)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 8.05 - NCH Software)
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
Warpath (HKLM-x32\...\{proda17b81755cc110c39879a94a4be2}_is1) (Version: 0.1.3 - )
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 17.44 - NCH Software)
WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-05-06 17:22 - 2023-09-14 07:32 - 000483328 _____ (Microsoft Corporation) [File not signed] C:\Windows\SYSTEM32\gameplatformservices.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\TEMP\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 00:24 - 2022-05-07 00:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2023-08-17 03:51 - 2023-09-29 05:06 - 000000440 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.29.96.1 DadsLenovo.mshome.net # 2028 9 3 27 10 6 7 346

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-808004889-1866680771-1985815163-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9D9AE633-487E-47EE-9ABB-F93329736147}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{5263C856-C315-45A8-8005-43FD06AFCCBF}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [TCP Query User{902403D8-6AA8-4293-9CF8-D1C2B9BAD85B}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{374A7204-05B7-41A4-BA55-39C9A916E85C}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [{4C1F91BE-7572-4E98-BA81-004B1378DB60}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5459F704-B488-41D9-8D23-A4E420DCD8AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1B4C2AB4-259B-4108-9C58-38937B064BFD}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{F06C2850-FCA3-4B1B-ACDE-25494217C6D5}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [{AE7CBB9B-CC7D-44FE-8C4B-8C35717408C5}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{DC7848E6-605A-4E4B-AC77-8D18C598F4CC}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{D783EC16-E9F5-461D-A38D-40AF0068853B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{43B5EADB-8C62-4673-8684-DC1B027E63F4}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{3287DA1C-9BA0-4422-8E2A-7EA266A249B2}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{416B1589-CF28-4433-8572-66C38CC8442A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{B78A241F-4BE7-4532-8AE2-A7F472C5567F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{89AD5F3C-2F75-4FE8-A619-2D8591B08308}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C0CAA61D-DE29-402A-81E5-3CE4737BB06C}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{2D868E08-A32B-435D-B9F3-443C04EC44EB}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{E49501E1-E97B-4977-8CBD-F781BDEBD07E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2307.40000.6.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe (Microsoft Corporation -> )
FirewallRules: [{065B13A9-66F9-48FC-AC53-CFD39968A164}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{214E620A-5D7B-40B9-A97A-D10D20491395}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FEC581F9-FB44-4288-BFFF-2A4AECCC4AA6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{475947ED-5482-4006-A70A-9E5DBD064729}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1FC929B9-6C45-43C6-A94A-6E4686D58C88}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{294778E7-2B62-4638-ACA8-09440F5C0F3C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6E30EAD7-32BA-4F92-A3C3-BA18F2936E84}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1899617D-1C2B-47CA-8CA5-964145A51D8D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6100925D-CA5C-4E88-BDF3-66A54E9E8A47}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0B6219EA-FE4B-4988-B5FE-1B8EFA677239}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E9C31EF9-4F6D-4E21-B681-DC8C4B6E5170}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B9DA3A7-F73A-4AFD-BFD9-E7238EF19E51}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2815F2BA-4FAC-4B39-9D3C-075A1F1E1C57}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4804C799-24F0-45FC-B3C4-03072E250CE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3EF2BE2D-C747-4716-9FD6-321B6A00A6DB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A5439DE-B61D-48AE-80C0-51D664F4ADE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/01/2023 12:14:02 PM) (Source: Application Error) (EventID: 1000) (User: DADSLENOVO)
Description: Faulting application name: Explorer.EXE, version: 10.0.22621.2361, time stamp: 0x480de713
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x1758
Faulting application start time: 0x0x1d9f48a683d2d5c
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 6d95b395-af7c-4714-ae98-5f0ab695b69d
Faulting package full name:
Faulting package-relative application ID:

Error: (10/01/2023 12:11:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DADSLENOVO)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (10/01/2023 12:11:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 1156, ProfSvc PID: 1788.

Error: (10/01/2023 12:11:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5832, ProfSvc PID: 1788.

Error: (10/01/2023 12:11:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3732, ProfSvc PID: 1788.

Error: (10/01/2023 12:11:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3732, ProfSvc PID: 1788.

Error: (10/01/2023 12:11:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5832, ProfSvc PID: 1788.

Error: (10/01/2023 12:11:47 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 3732, ProfSvc PID: 1788.


System errors:
=============
Error: (10/01/2023 12:20:39 PM) (Source: DCOM) (EventID: 10001) (User: DADSLENOVO)
Description: Unable to start a DCOM Server: MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy!WindowsUdk.UI.Shell.Dashboard.DashboardExtension as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe" -ServerName:Microsoft.Windows.DashboardServer

Error: (10/01/2023 12:20:38 PM) (Source: DCOM) (EventID: 10001) (User: DADSLENOVO)
Description: Unable to start a DCOM Server: MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy!WindowsUdk.UI.Shell.Dashboard.DashboardExtension as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe" -ServerName:Microsoft.Windows.DashboardServer

Error: (10/01/2023 12:19:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (10/01/2023 12:19:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (10/01/2023 12:14:47 PM) (Source: DCOM) (EventID: 10001) (User: DADSLENOVO)
Description: Unable to start a DCOM Server: MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy!WindowsUdk.UI.Shell.Dashboard.DashboardExtension as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe" -ServerName:Microsoft.Windows.DashboardServer

Error: (10/01/2023 12:13:33 PM) (Source: DCOM) (EventID: 10001) (User: DADSLENOVO)
Description: Unable to start a DCOM Server: MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy!WindowsUdk.UI.Shell.Dashboard.DashboardExtension as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe" -ServerName:Microsoft.Windows.DashboardServer

Error: (10/01/2023 12:34:07 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/30/2023 05:27:00 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Windows Defender:
================
Date: 2023-09-30 05:19:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-30 05:08:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-26 11:36:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-25 21:03:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-07 12:31:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2023-09-25 11:04:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1520.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-09-22 23:47:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1238.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2023-09-22 23:47:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1238.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2023-09-22 23:47:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1238.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2023-09-22 23:47:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1238.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2023-09-30 05:18:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-09-09 12:27:53
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume4\Users\ronny\AppData\Local\Temp\ehdrv.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x1. Status 0xC00000BB.


==================== Memory info ===========================

BIOS: LENOVO HQCN15WW(V1.04) 05/30/2022
Motherboard: LENOVO LNVNB161216
Processor: AMD Athlon Silver 3050U with Radeon Graphics
Percentage of memory in use: 73%
Total physical RAM: 18366.32 MB
Available physical RAM: 4822.14 MB
Total Virtual: 29456.19 MB
Available Virtual: 4334.14 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:114.26 GB) (Free:2.94 GB) (Model: SanDisk DA4128) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:930.26 GB) (Model: KINGSTON SNV2S1000G) NTFS

\\?\Volume{97b95e27-64b2-4e61-bbdd-73e5a9f4cb99}\ (WINRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.26 GB) NTFS
\\?\Volume{cba30f47-dd2a-44a1-9639-590333b5b11a}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DEB2E40B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 116.5 GB) (Disk ID: CD2244AA)

Partition: GPT.

==================== End of Addition.txt =======================

 

[DR M]

Not hijacked, but logged in with a temporary profile. This is what happened the other time you came here for help, but possibly a restart resolved the problem.

See here:

Loaded Profiles: ronny <==== ATTENTION (Temporary Profile?)

Let's try the easy solution and see if it solves the issue:

Click on the Start button, then on your profile icon and sign out. Restart, and sign in. Still the same?

 

[rb56]

well your title certainly fits Dr., i thank you! i did that and it appears that all has returned to normal! man that was easy! thanks again!

 

[DR M]

Glad it worked.

There are some actions need to be taken, and, if needed, delete the temporary profile. But since it's late here now, I'll be back to you tomorrow.

 

[rb56]

ok dr. thanks!

 

[DR M]

Hello, rb56.

Please do the following:

1. Provide Profile.txt

• Open Command Prompt as Administrator (type cmd in the Search area and select Run as Administrator in the right pane that will appear).
• Copy and paste the following command line and press Enter.

reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt

• Go to C: and find Profile.txt
• Double click to open it.
• Select the content of the file, copy and paste it in your next reply.

2. Some things I would like to see now

Users

• Go to C and then double click to open Users.
• Please take a screenshot of what you see.

Users accounts from Control Panel

• In the Search area type Control Panel and select it.
• Select View by Large Icons and find Users accounts. Select it.
• Please take a screenshot of what you see.

In your next reply please post:

1. The Profile.txt
2. The 2 screenshots

 

[rb56]

in cmd it asks if i want to replace the existing profile yes or no

 

[DR M]

in cmd it asks if i want to replace the existing profile yes or no

Yes.

 

[rb56]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
00,61,00,75,00,6c,00,74,00,00,00
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
6c,00,69,00,63,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,\
00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-808004889-1866680771-1985815163-1001]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,72,00,6f,00,6e,00,6e,00,79,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,19,2d,29,30,c3,49,43,6f,7b,22,5d,\
76,e9,03,00,00
"LocalProfileLoadTimeLow"=dword:ab33fc00
"LocalProfileLoadTimeHigh"=dword:01d9f551
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:7ffaa8b0
"LocalProfileUnloadTimeHigh"=dword:01d9f397
"RunLogonScriptSync"=dword:00000000

 

[DR M]

OK.

Can I see a screenshot of what you get, when you click on Manage another account (screenshot 2 above) ?

Meanwhile, edit your post above by removing the second screenshot which includes your email account or just use Paint to just hide it.

 

[rb56]

here you go

 

[DR M]

Hello.

Please go to C:\Users and delete the TEMP folder. Have in mind that a temporary profile is created due to several reasons, including corruptions in the main user profile. Since this happened a couple of times, it would be a wise idea to make a backup of your ronny profile (choose whatever you want to keep from there), in case the profile gets inaccessible.

Another issue I see in your logs, is that the free C space is only 2.94 GB! I wonder how you are still using this system, since there isn't any "room" for it to "breath"! Removing anything except the operating system in disk D is of great importance, and you must do that immediately.

After deleting TEMP folder and moving files from C to D, I would like to check fresh FRST logs.

 

[rb56]

ok dr. what about the files that say i need admin permission and the ones that are open in another folder?

 

[DR M]

ok dr. what about the files that say i need admin permission and the ones that are open in another folder?

Can you please give me more details about that? This happens when you are signed in with your ronny profile?

 

[rb56]

hope this helps...

 

[DR M]

What's the folder you are trying to move? Is it the Windows folder in C? If yes, you can't do that. The operating system is installed in C.

 

[rb56]

ok dr. i guess i've moved all of what i can so run frst?

 

[DR M]

OK! Let's see FRST logs, then.

 

[rb56]

ok dr., i have to go to the dr. myself so i might be through for the day...


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023
Ran by ronny (administrator) on DADSLENOVO (LENOVO 82R1) (03-10-2023 13:59:26)
Running from C:\Users\ronny\OneDrive\Desktop\FRST64.exe
Loaded Profiles: ronny
Platform: Microsoft Windows 11 Home Version 22H2 22621.2361 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> The Qt Company Ltd.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngineProcess.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe <7>
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyUtility.exe
(DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.Paint_11.2304.33.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2307.27.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <28>
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2309.1002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe [1643360 2023-02-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [LenovoVantage] => C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.35\LenovoVantage.exe [23976 2023-06-14] (Lenovo -> Lenovo)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [MicrosoftEdgeAutoLaunch_48A1A4294CCEB77515622EF96F55E31B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Paltalk] => "C:\Program Files (x86)\Paltalk\Paltalk.exe" minimized (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-12] (Google LLC -> Google LLC)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2023-06-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {095B292E-1FFD-47D1-87EB-9415212241BC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {F8378F44-E924-44D1-A741-C66B701234DC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {E4E9FEF9-DE5A-448B-A2E0-A6EAFF3CB452} - System32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c (No File)
Task: {9AD0AA72-7CC0-4790-BA6A-B7D1F8222155} - System32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (No File)
Task: {84A29AC9-EB7F-4C28-934D-4EB13C5EBA03} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe BatteryGaugeAddinDailyScheduleTask (No File)
Task: {E856AD4B-FB9E-41D3-92B5-78B5A30A08AC} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe DailyTelemetryTransmission (No File)
Task: {35877514-ADC0-4E9E-BE21-CCAB84F93032} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe GenericMessagingAddin (No File)
Task: {59E77B03-FE27-432B-B3A7-2292B1D06503} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (No File)
Task: {22278E05-5A2F-4C8F-B900-8F6A83A7557F} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe IdeaNotebookAddinDailyEvent (No File)
Task: {90573BDF-9B27-408C-83F0-73FF2073C773} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.MonthlyReport (No File)
Task: {1DC02616-FB4E-4EA5-8E06-5E85529F82E6} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.SScan (No File)
Task: {3F158CA8-4CBC-42B1-B81B-C1D39B18125C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoBoostAddin.Prompt (No File)
Task: {12726F46-58A1-4E5A-B4DD-2C502EDB4E40} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoCompanionAppAddinDailyScheduleTask (No File)
Task: {CE117F0F-8948-4D1A-A842-535F4BCD68B6} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoSystemUpdateAddin_WeeklyTask (No File)
Task: {3A019985-964D-4E80-9633-BF127FBBF263} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SettingsWidgetAddinDailyScheduleTask (No File)
Task: {8F779427-C0B3-4C6E-9536-A80347F2139D} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SmartPerformance.ExpireReminder (No File)
Task: {932E342A-DFDE-48B7-8D55-CFAEA0684563} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe VantageCoreAddinWeekScheduleTask (No File)
Task: {545BDD1F-4C81-4E0C-B83D-64FEF3FCCEA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {18DC19D6-7BA2-48CF-A179-23D49CBC8E99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {70BE69D4-BDFA-40EC-9C13-3740656C2F59} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F6FF2E0-EEA9-4986-88B9-355FAA7829D7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB19E30A-25B4-40AB-84B9-3803F1093B85} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C980847-1C45-4780-94F6-6401F6E9EAF5} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
Task: {2A9E4063-351A-4E4C-AAD3-294F274CFFF7} - System32\Tasks\Microsoft\Windows\PLA\RPT863C.tmp => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1552384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {24E178C5-1D19-43AC-8F81-7514BBAE1825} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9E6A901-E8D6-4D7B-85AB-BD7D91910055} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BDEEC90E-5E03-4B65-98F9-AEB75D753B5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F527D7E2-239F-43E5-8F04-B2EC8DD81470} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A73DBF5C-044E-4D66-BDA1-9DD15CDB4CA7} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [635296 2023-09-30] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1172AD74-F866-4F8C-87D0-2155120F3FDB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [767392 2023-09-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {9B215CAB-BAB9-417C-8944-BA9EB6A33CF4} - System32\Tasks\NCH Software\RecordpadSevenDays => C:\Program Files (x86)\NCH Software\Recordpad\Recordpad.exe [1911368 2020-05-14] (NCH Software, Inc. -> NCH Software)
Task: {F003B2BD-6376-43AC-99AF-96B59A96C8A8} - System32\Tasks\NCH Software\SoundTapSevenDays => C:\Program Files (x86)\NCH Software\SoundTap\SoundTap.exe [1215200 2022-08-31] (NCH Software, Inc. -> NCH Software)
Task: {2AFFA9EF-3D1A-48D1-A0FB-5234B2FA0F50} - System32\Tasks\NCH Software\WavePadSevenDays => C:\Program Files (x86)\NCH Software\WavePad\WavePad.exe [7082152 2023-09-29] (NCH Software, Inc. -> NCH Software)
Task: {CB5E1DD3-0BD0-4253-9338-D92D0E4DCE5A} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {16F21AAA-B402-426E-BFAF-D49171E07F75} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89ebeca7-a551-40b5-89d1-3144d4422878}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b06834c6-f58e-4ab5-babd-daefa009e8f0}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-03]
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.lightinthebox.com
Edge HomePage: Default -> hxxp://www.msn.com/
Edge Extension: (Fluffy Edge) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\apemkbfhckbmmmgjdmjaommgnehfkhmm [2023-09-17]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-09-06]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-13]
Edge Extension: (uBlock Origin) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-09-28]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 2\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]

FireFox:
========
FF DefaultProfile: wnlx72mi.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\wnlx72mi.default [2023-09-05]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\mmlaijvy.default-esr [2023-09-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2023-09-05]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-02]
CHR Extension: (SuperNova SWF Enabler) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2023-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-02]
CHR HKU\S-1-5-21-808004889-1866680771-1985815163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
S3 CloudBackupRestoreSvc; C:\Windows\System32\CloudRestoreLauncher.dll [1261568 2023-09-26] (Microsoft Windows -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe [2360336 2023-01-18] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [891336 2023-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe [295904 2023-08-17] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1831672 2022-08-17] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287960 2023-09-26] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2023-04-24] (PALTALK, INC. -> AVM Software)
R2 UDCService; C:\Windows\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72944 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsaService; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2308.40000.3.0_x64__8wekyb3d8bbwe\WsaService\WsaService.exe [244736 2023-10-03] (Microsoft Corporation -> )
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 VRSService; "C:\Program Files (x86)\NCH Software\VRS\vrs.exe" -service [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [35344 2022-09-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\amdkmdag.sys [94633360 2022-11-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\Windows\System32\drivers\fse.sys [218464 2023-05-02] (Microsoft Windows -> Microsoft Corporation)
S3 iriuna0; C:\Windows\system32\drivers\iriuna0.sys [46976 2021-04-06] (Iriun Oy -> Windows (R) Win 7 DDK provider)
S3 iriunvid; C:\Windows\System32\DriverStore\FileRepository\iriunvid.inf_amd64_daa9f7b9ae89ea8c\iriunvid.sys [164976 2023-01-10] (Iriun Oy -> Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2023-10-03] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-10-03] (Malwarebytes Inc. -> Malwarebytes)
S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\Windows\system32\DRIVERS\stdriverx64.sys [54664 2023-10-03] (NCH Software Pty Ltd -> )
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-07-02] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-03 13:58 - 2023-10-03 13:58 - 002382848 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 968347.crdownload
2023-10-03 01:40 - 2023-10-03 01:40 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2023-10-03 01:40 - 2023-10-03 01:40 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-10-03 01:39 - 2023-10-03 01:39 - 000054664 _____ C:\Windows\system32\Drivers\stdriverx64.sys
2023-10-03 01:39 - 2023-10-03 01:39 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2023-10-03 01:39 - 2023-10-03 01:39 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2023-10-03 01:39 - 2023-10-03 01:39 - 000001238 _____ C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
2023-10-03 01:39 - 2023-10-03 01:39 - 000000000 ____D C:\Users\ronny\NCH Software Suite
2023-10-03 01:34 - 2023-10-03 01:34 - 000000000 ____D C:\XboxGames
2023-10-01 17:29 - 2023-10-01 17:29 - 000000000 ____D C:\Users\ronny\AppData\Local\Backup
2023-10-01 13:01 - 2023-10-03 14:00 - 000000000 ____D C:\FRST
2023-09-30 07:04 - 2023-09-30 07:04 - 003145032 _____ (OneLaunch ) C:\Users\ronny\Downloads\Unconfirmed 737454.crdownload
2023-09-29 17:35 - 2023-09-29 17:35 - 003749745 _____ C:\Users\ronny\Downloads\Magnolia Wind-accompaniment-Eb major-69bpm-441hz.m4a.crdownload
2023-09-29 16:36 - 2023-06-27 11:39 - 000000174 ____R C:\Users\ronny\OneDrive\Documents\me.url
2023-09-29 15:28 - 2023-10-03 01:39 - 000000000 ____D C:\Program Files (x86)\NCH Software
2023-09-29 15:24 - 2023-09-29 15:24 - 000892128 _____ (NCH Software) C:\Users\ronny\Downloads\Unconfirmed 861032.crdownload
2023-09-28 03:05 - 2023-09-28 03:05 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2023-09-27 01:29 - 2023-09-27 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pocket Tanks
2023-09-26 20:43 - 2023-09-26 20:43 - 000060462 _____ C:\Windows\SysWOW64\ctac.json
2023-09-26 20:42 - 2023-09-26 20:42 - 000060462 _____ C:\Windows\system32\ctac.json
2023-09-26 20:42 - 2023-09-26 20:42 - 000016239 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-09-25 11:18 - 2023-09-25 11:18 - 000000000 ___HD C:\$SysReset
2023-09-15 03:18 - 2023-09-15 03:18 - 000003511 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Last Castle.lnk
2023-09-15 02:42 - 2023-09-15 02:42 - 000003671 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tactic Defense.lnk
2023-09-14 05:58 - 2023-09-14 05:58 - 000003551 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jamata Tower Defense Free.lnk
2023-09-14 05:24 - 2023-09-14 05:24 - 000003691 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tower Raiders 2 FREE.lnk
2023-09-14 05:19 - 2023-09-14 05:19 - 000003503 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Appstore.lnk
2023-09-13 02:35 - 2023-09-13 02:35 - 000030503 _____ C:\Users\ronny\Downloads\download.jfif
2023-09-12 20:19 - 2023-09-12 20:19 - 000000000 ____D C:\KPRM
2023-09-09 14:44 - 2023-09-09 14:44 - 000003848 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2023-09-09 14:44 - 2023-09-09 14:44 - 000003406 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2023-09-09 12:22 - 2023-09-12 20:20 - 000000000 ____D C:\Users\ronny\AppData\Local\ESET
2023-09-05 14:43 - 2023-10-02 13:06 - 000006128 _____ C:\Profile.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-03 13:55 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-03 13:21 - 2022-05-25 14:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-03 08:04 - 2023-05-17 23:43 - 000000000 ____D C:\Users\ronny\AppData\Local\Malwarebytes
2023-10-03 07:49 - 2023-05-04 18:13 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2023-10-03 07:33 - 2023-06-25 16:05 - 000004148 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{52507B6B-D19B-4D56-B70B-4DAF891436AC}
2023-10-03 01:51 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemTemp
2023-10-03 01:49 - 2022-09-07 00:43 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-03 01:49 - 2022-05-07 00:22 - 000000000 ____D C:\Windows\INF
2023-10-03 01:40 - 2022-05-25 14:05 - 000012288 ___SH C:\DumpStack.log.tmp
2023-10-03 01:40 - 2022-05-25 14:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-03 01:40 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ServiceState
2023-10-03 01:40 - 2022-05-07 00:17 - 000786432 _____ C:\Windows\system32\config\BBI
2023-10-03 01:39 - 2023-05-08 09:16 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software
2023-10-03 01:39 - 2023-05-04 14:52 - 000000000 ____D C:\ProgramData\NCH Software
2023-10-03 01:39 - 2023-05-02 09:32 - 000000000 ____D C:\Users\ronny
2023-10-03 01:06 - 2023-05-20 01:38 - 000000000 ____D C:\Program Files (x86)\Paltalk
2023-10-03 00:40 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-03 00:40 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\AppReadiness
2023-10-03 00:29 - 2023-08-17 03:51 - 000000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2023-10-03 00:29 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\D3DSCache
2023-10-02 17:49 - 2023-06-06 14:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-10-02 17:19 - 2022-05-07 00:17 - 000000000 ____D C:\Windows\CbsTemp
2023-10-02 11:58 - 2023-05-27 10:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-10-02 00:10 - 2023-05-08 12:53 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2023-10-01 22:20 - 2023-05-02 09:35 - 853094400 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
2023-10-01 21:50 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\LiveKernelReports
2023-10-01 17:27 - 2023-05-08 09:16 - 000001380 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2023-10-01 17:27 - 2023-05-08 09:16 - 000001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RecordPad Sound Recorder.lnk
2023-10-01 17:27 - 2023-05-08 09:16 - 000001230 _____ C:\Users\Public\Desktop\RecordPad Sound Recorder.lnk
2023-10-01 14:46 - 2023-05-08 09:16 - 000000000 ____D C:\Users\ronny\AppData\Roaming\NCH Software
2023-10-01 14:45 - 2023-05-16 22:44 - 000001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2023-10-01 14:45 - 2023-05-16 22:44 - 000001320 _____ C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2023-10-01 12:34 - 2022-05-25 14:06 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-01 12:29 - 2022-05-07 00:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-10-01 12:19 - 2023-05-27 10:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-10-01 12:19 - 2023-05-27 10:59 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-01 12:19 - 2023-05-02 11:11 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001
2023-10-01 12:12 - 2022-05-25 14:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-30 16:50 - 2023-05-04 18:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-30 16:50 - 2023-05-04 18:22 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-09-29 17:14 - 2023-05-02 11:11 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2023-09-29 17:14 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2023-09-29 16:36 - 2023-05-02 11:11 - 000000000 ___RD C:\Users\ronny\OneDrive
2023-09-29 04:57 - 2023-05-02 09:35 - 848510976 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
2023-09-28 07:29 - 2023-05-25 11:23 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-09-28 03:06 - 2022-05-25 14:05 - 000474032 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\UUS
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemResources
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\setup
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\oobe
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\migwiz
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Dism
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellComponents
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\Provisioning
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\bcastdvr
2023-09-27 01:29 - 2023-05-02 11:13 - 000000000 ____D C:\Users\ronny\OneDrive\Documents\My Games
2023-09-26 21:30 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\NDF
2023-09-26 20:59 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-26 20:55 - 2022-05-25 14:06 - 000000000 ____D C:\ProgramData\Packages
2023-09-26 20:43 - 2022-05-25 14:08 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-17 14:57 - 2022-09-07 00:24 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-15 03:06 - 2022-05-25 14:06 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-09-15 03:06 - 2022-05-25 14:06 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-09-14 14:56 - 2023-05-02 07:17 - 000000000 ____D C:\Windows\system32\MRT
2023-09-14 14:52 - 2023-05-02 07:17 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-14 07:33 - 2023-05-06 17:22 - 002688512 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-09-14 07:33 - 2023-05-06 17:22 - 000095848 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-09-14 07:33 - 2023-05-06 17:22 - 000075368 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-09-14 07:32 - 2023-05-06 17:22 - 000483328 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-09-14 07:32 - 2023-05-06 17:22 - 000210536 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-09-14 07:32 - 2023-05-06 17:22 - 000181864 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-09-14 07:32 - 2023-05-06 17:22 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-09-14 06:27 - 2022-09-07 00:35 - 000000000 ____D C:\Program Files (x86)\Lenovo
2023-09-12 14:08 - 2023-09-02 16:23 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-12 14:08 - 2023-09-02 16:23 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-07 03:10 - 2023-05-02 11:17 - 000000000 ____D C:\Users\ronny\AppData\Local\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\Windows\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\ProgramData\Lenovo
2023-09-06 11:24 - 2022-05-07 00:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-09-06 01:53 - 2023-05-02 07:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-05 17:53 - 2023-05-02 16:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by ronny (03-10-2023 14:01:57)
Running from C:\Users\ronny\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.2361 (X64) (2023-04-27 10:29:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-808004889-1866680771-1985815163-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-808004889-1866680771-1985815163-503 - Limited - Disabled)
Guest (S-1-5-21-808004889-1866680771-1985815163-501 - Limited - Disabled)
ronny (S-1-5-21-808004889-1866680771-1985815163-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-808004889-1866680771-1985815163-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon Appstore (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.amazon.venezia) (Version: release-60.19.1.0.209644.0_560210 - amazon.com)
Dwyco CDC-X version 3.76 (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Dwyco CDC-X_is1) (Version: 3.76 - Dwyco, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
Jamata Tower Defense Free (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.fraische.jamatafree) (Version: 1.2.8 - fraische.com)
Last Castle (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.solo.lastcastle) (Version: 2.50 - solo.com)
Lenovo Now (HKLM-x32\...\Lenovo Now) (Version: 3.10.0.63 - Lenovo Group Ltd.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
Malwarebytes version 4.6.2.281 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.2.281 - Malwarebytes)
Microsoft .NET Core Host - 3.1.16 (x86) (HKLM-x32\...\{5D887DA9-5C68-400F-8948-1CC517CB9A41}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.16 (x86) (HKLM-x32\...\{A0066D67-1765-4066-B260-DD548A154CB5}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.16 (x86) (HKLM-x32\...\{876E7C98-9A2F-4644-BD03-7E6253D54EFE}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{23B1E150-9D20-42E9-ABEA-5F155FE91878}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{eadb038c-8c60-4258-8cf9-e43e809329a4}) (Version: 3.1.16.30112 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 102.15.1 ESR (x64 en-US)) (Version: 102.15.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.11.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 102.15.1.8655 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
Pocket Tanks v1.6 (HKLM-x32\...\Pocket Tanks_is1) (Version: 1.6 - Blitwise Productions, LLC)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 8.05 - NCH Software)
SuperNova Player (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\TacticsTechnologySuperNova) (Version: - )
Tactic Defense (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.tranquility.tacticdefenseamazon) (Version: 1.6 - tranquility.com)
Tower Raiders 2 FREE (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.gianormousgames.towerraiders2free) (Version: 1.09 - gianormousgames.com)
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
Warpath (HKLM-x32\...\{proda17b81755cc110c39879a94a4be2}_is1) (Version: 0.1.3 - )
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 17.81 - NCH Software)
WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
Y8 Browser 1.0.10 (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)

Packages:
=========
19363BlueskyStudio.FreeTowerDefence -> C:\Program Files\WindowsApps\19363BlueskyStudio.FreeTowerDefence_1.0.0.6_neutral__ad90gx91p0mxj [2023-07-02] (Bluesky Studio) [MS Ad]
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.3.0.0_x64__0aqw1zw0x2snt [2023-05-02] (韵华软件)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-11] (AMZN Mobile LLC.) [Startup Task]
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m [2023-07-31] (Advanced Micro Devices Inc.) [Startup Task]
Angry Birds 2 -> C:\Program Files\WindowsApps\1ED5AEA5.4160926B82DB_2.63.3.0_x64__p2gbknwb5d8r2 [2023-06-13] (Rovio Entertainment Oyj)
Angry Birds Friends -> C:\Program Files\WindowsApps\1ED5AEA5.AngryBirdsFriends_11.16.0.0_x64__p2gbknwb5d8r2 [2023-09-26] (Rovio Entertainment Oyj)
AutoCAD - DWG Viewer & Editor -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_9.13.0.0_x64__tf1gferkr813w [2023-09-16] (Autodesk Inc.)
B9BA84AC.CityRacing2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.7.0_x64__3ag0hv5nd203a [2023-07-11] (成都羽珀科技有限责任公司) [MS Ad]
Best Bubble Breaker -> C:\Program Files\WindowsApps\29219fast-soft.de.BestBubbleBreaker_1.1.0.5_x64__ef0y5a6dqd4v4 [2023-05-02] (fast-soft.de) [MS Ad]
Bubble Breaker Ultimate -> C:\Program Files\WindowsApps\55591DelaireDamien.BubbleBreakerUltimate_1.0.0.16_x64__823pgb98jhb94 [2023-05-02] (Delaire Damien)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.5.7.0_x86__xcg28tkrsnqww [2023-09-01] (Cool File Viewer)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-05] (Microsoft Corporation)
Crystal Spider Solitaire -> C:\Program Files\WindowsApps\www.solitaireparadise.com-2C6E2B84_1.0.0.0_neutral__hst9cremj4dnc [2023-10-02] (www.solitaireparadise.com)
Defense zone 2 Lite -> C:\Program Files\WindowsApps\10991ArtemKotov.Defensezone2Lite_15.0.0.0_x64__6acec3smeeeap [2023-07-01] (Artem Kotov)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.30201.210.0_x64__rz1tebttyb220 [2023-05-02] (Dolby Laboratories)
DrawPad Graphic Design Editor -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_10.5.1.0_x86__7kedsbyvzns34 [2023-09-01] (NCH Software)
Hexage.RadiantDefense -> C:\Program Files\WindowsApps\Hexage.RadiantDefense_2.3.2.195_x64__zwg7cyx1ds0cc [2023-07-02] (David Peroutka)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa [2023-09-26] (Apple Inc.) [Startup Task]
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23075.1229.0_x64__8wekyb3d8bbwe [2023-09-05] (Microsoft Corporation)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2308.29.0_x64__k1h2ywk1493x8 [2023-09-11] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.4.60.0_x64__5grkq8ppsgwt4 [2023-09-26] (LENOVO INC) [Startup Task]
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.17763.203.0_x64__xsbsxxypt8dh6 [2023-09-16] (eyacker.com)
Media Player - All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.15.0_x64__q68sgvev02mx6 [2023-09-05] (Swisspix)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1960.4.210.0_x64__8xx8rvfyw5nnt [2023-09-30] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-10-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-10-01] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2309.1002.0_x64__8wekyb3d8bbwe [2023-09-22] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-06-09] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-06] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-10-01] (Microsoft Corporation)
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2023-09-05] (Keith Lam)
Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_4.0.5.0_neutral__gvheqymwk6zrr [2023-09-05] (Zero Byte) [Startup Task]
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.807.100_x64__8wekyb3d8bbwe [2023-08-14] (Microsoft Corporation)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.7423.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation) [Startup Task]
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.148.0_x64__pwbj9vvecjh7j [2023-09-29] (Amazon Development Centre (London) Ltd)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.289.0_x64__dt26b99r8h8gj [2023-05-02] (Realtek Semiconductor Corp)
Secure Folder, Files and Encrypt -> C:\Program Files\WindowsApps\15675MedhaChaitanya.FileLockEncrypt_3.75.63.0_x64__44hy61fym8r9t [2023-09-16] (MedhaChaitanya)
Shadow Defense: Kingdom -> C:\Program Files\WindowsApps\32809xgeneration.ShadowDefenseKingdom_1.1.1.1_x86__f6w2wpjbc1rm8 [2023-05-02] (9xgeneration) [MS Ad]
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2023-05-02] (Fortemedia)
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.16.0_x64__cw5n1h2txyewy [2023-06-25] (Microsoft Windows)
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.4.0_x64__1722q061jff9j [2023-09-05] (Best Game Studio)
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2023-09-05] (LSongBee) [MS Ad]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2338.7.0_x64__cv1g1gvanyjgm [2023-09-30] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-10-01] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.930.722.582_neutral__8wekyb3d8bbwe [2023-09-30] (Microsoft Corporation)
Windows Subsystem for Android™ -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2308.40000.3.0_x64__8wekyb3d8bbwe [2023-10-03] (Microsoft Corp.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-808004889-1866680771-1985815163-1001_Classes\CLSID\{92e05f37-158b-585f-c21d-a4a1f0bb32cb}\localserver32 -> "C:\Users\ronny\AppData\Local\OneLaunch\5.17.4\onelaunch.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-09-07 00:24 - 2022-09-07 00:24 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2022-09-07 00:24 - 2022-09-07 00:24 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 00:24 - 2022-05-07 00:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2023-08-17 03:51 - 2023-10-03 00:29 - 000000440 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.20.160.1 DadsLenovo.mshome.net # 2028 10 0 1 5 29 22 250

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-808004889-1866680771-1985815163-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Desktop\dylan\dylanlap.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\StartupApproved\Run: => "LenovoVantage"
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9D9AE633-487E-47EE-9ABB-F93329736147}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{5263C856-C315-45A8-8005-43FD06AFCCBF}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [TCP Query User{902403D8-6AA8-4293-9CF8-D1C2B9BAD85B}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{374A7204-05B7-41A4-BA55-39C9A916E85C}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [{4C1F91BE-7572-4E98-BA81-004B1378DB60}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5459F704-B488-41D9-8D23-A4E420DCD8AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1B4C2AB4-259B-4108-9C58-38937B064BFD}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe => No File
FirewallRules: [UDP Query User{F06C2850-FCA3-4B1B-ACDE-25494217C6D5}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe => No File
FirewallRules: [{AE7CBB9B-CC7D-44FE-8C4B-8C35717408C5}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{DC7848E6-605A-4E4B-AC77-8D18C598F4CC}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{D783EC16-E9F5-461D-A38D-40AF0068853B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{43B5EADB-8C62-4673-8684-DC1B027E63F4}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{3287DA1C-9BA0-4422-8E2A-7EA266A249B2}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{416B1589-CF28-4433-8572-66C38CC8442A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{B78A241F-4BE7-4532-8AE2-A7F472C5567F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{89AD5F3C-2F75-4FE8-A619-2D8591B08308}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{C0CAA61D-DE29-402A-81E5-3CE4737BB06C}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{2D868E08-A32B-435D-B9F3-443C04EC44EB}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{065B13A9-66F9-48FC-AC53-CFD39968A164}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{214E620A-5D7B-40B9-A97A-D10D20491395}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FEC581F9-FB44-4288-BFFF-2A4AECCC4AA6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{475947ED-5482-4006-A70A-9E5DBD064729}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1FC929B9-6C45-43C6-A94A-6E4686D58C88}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{294778E7-2B62-4638-ACA8-09440F5C0F3C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6E30EAD7-32BA-4F92-A3C3-BA18F2936E84}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1899617D-1C2B-47CA-8CA5-964145A51D8D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6100925D-CA5C-4E88-BDF3-66A54E9E8A47}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0B6219EA-FE4B-4988-B5FE-1B8EFA677239}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E9C31EF9-4F6D-4E21-B681-DC8C4B6E5170}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2815F2BA-4FAC-4B39-9D3C-075A1F1E1C57}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4804C799-24F0-45FC-B3C4-03072E250CE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3EF2BE2D-C747-4716-9FD6-321B6A00A6DB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A5439DE-B61D-48AE-80C0-51D664F4ADE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84F8E50D-CE08-4F22-92B2-62FFE8216699}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D0C663BA-C027-49E7-A737-485BF35E8418}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2308.40000.3.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe (Microsoft Corporation -> )

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/03/2023 01:41:46 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(31ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (10/03/2023 01:41:45 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(78ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (10/03/2023 01:35:15 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (10/03/2023 01:35:15 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(47ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (10/02/2023 11:59:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (10/02/2023 11:59:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(63ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (10/02/2023 12:10:39 AM) (Source: Application Error) (EventID: 1000) (User: DADSLENOVO)
Description: Faulting application name: Widgets.exe, version: 421.20070.1820.0, time stamp: 0x64e54318
Faulting module name: Widgets.exe, version: 421.20070.1820.0, time stamp: 0x64e54318
Exception code: 0xc0000005
Fault offset: 0x0000000000122cc7
Faulting process id: 0x0x1538
Faulting application start time: 0x0x1d9f49cd938258f
Faulting application path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Faulting module path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Report Id: 4a7aefff-98dd-4bd1-82ea-f3bc43842cf7
Faulting package full name: MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: Widgets

Error: (10/01/2023 09:51:00 PM) (Source: Application Error) (EventID: 1000) (User: DADSLENOVO)
Description: Faulting application name: QtWebEngineProcess.exe, version: 5.15.2.0, time stamp: 0x5fad38e0
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xbbf7fb0e
Exception code: 0xc0000409
Fault offset: 0x0009e34b
Faulting process id: 0x0x2098
Faulting application start time: 0x0x1d9f4db324072ab
Faulting application path: C:\Users\ronny\OneDrive\Documents\Dwyco\CDC-X\QtWebEngineProcess.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 776b213a-03fc-45f8-83f1-22d895ad1522
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
================
Date: 2023-10-02 17:20:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-10-01 20:46:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-10-01 17:22:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-30 05:19:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-09-30 05:08:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2023-10-01 23:56:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.397.1916.0
Previous security intelligence Version: 1.397.1886.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23080.2005
Previous Engine Version: 1.1.23080.2005
Error code: 0x80508007
Error description: Your device is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.

Date: 2023-10-01 23:56:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.397.1916.0
Previous security intelligence Version: 1.397.1886.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.23080.2005
Previous Engine Version: 1.1.23080.2005
Error code: 0x80508007
Error description: Your device is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.

Date: 2023-09-25 11:04:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1520.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-09-22 23:47:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1238.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2023-09-22 23:47:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1238.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2023-10-02 17:19:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-09-09 12:27:53
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume4\Users\ronny\AppData\Local\Temp\ehdrv.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x1. Status 0xC00000BB.


==================== Memory info ===========================

BIOS: LENOVO HQCN15WW(V1.04) 05/30/2022
Motherboard: LENOVO LNVNB161216
Processor: AMD Athlon Silver 3050U with Radeon Graphics
Percentage of memory in use: 51%
Total physical RAM: 18366.32 MB
Available physical RAM: 8839.38 MB
Total Virtual: 27070.32 MB
Available Virtual: 12004.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:114.26 GB) (Free:10.28 GB) (Model: SanDisk DA4128) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:928.83 GB) (Model: KINGSTON SNV2S1000G) NTFS

\\?\Volume{97b95e27-64b2-4e61-bbdd-73e5a9f4cb99}\ (WINRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.26 GB) NTFS
\\?\Volume{cba30f47-dd2a-44a1-9639-590333b5b11a}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DEB2E40B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 116.5 GB) (Disk ID: CD2244AA)

Partition: GPT.

==================== End of Addition.txt =======================

 

[DR M]

Thanks, rb56.

I'll review your logs tomorrow morning my time (CEST + 1 here).