[SOLVED] i need help please...

Status
Not open for further replies.
R

rb56

Contributor
Joined
Mar 30, 2022
Posts
83
not sure if it's malware or what. it started this morning with a prompt "cannot load user profile try later", that was microsoft. i finally got logged in and find my wallpaper and half my icons were gone and a wallpaper from lenovo was on my pc. later i noticed all but a few of my pic folders were gone, my music was gone, then i noticed some apps gone, can someone please help me?
 
I have moved your post to the Security section where an individual trained in Security can help you. Once they determine your PC is clean, if you still have issues, you can create a second post in the Win 11 section.
 
Hi.

Let's look at the contents of the user profile list in the registry. This will give us more information about what is happening.
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command line and press Enter.
Code: 
reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt
  • In the Search area type File Explorer and choose it from the items appeared.
  • In the address area type C:\Profile.txt and press Enter.
  • From the list, choose C:\Profile.txt, double click to open it.
  • Select the content of the file, copy and paste it in your next reply.
 
ok but let me add that everything is back as it was. not as if nothing was wrong, i think something got in. when i do that i get "windows can't find C:\Profile.txt, check spelling and try again."
 
Hi, rb56.

Just go to C:\ and find Profile.txt there.

I suspect that something went wrong with your profile account and looking into the text file will show us if a corrupted account was created.
 
ok dr. not the sharpest knife in the drawer here but this is all i could come up with...
 

Attachments

  • txt.jpg
    txt.jpg
    80.2 KB · Views: 5
should start anew following the program as told in malware removal instructions?
 
If you don't see Profile.txt in the C directory, then something went wrong with the command above.

Let's follow another root.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 
Hello.

Do you still need assistance?
 
SORRY DR., HERE YOU GO...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2023
Ran by ronny (administrator) on DADSLENOVO (LENOVO 82R1) (04-09-2023 14:26:21)
Running from C:\Users\ronny\Downloads\FRST64.exe
Loaded Profiles: ronny
Platform: Microsoft Windows 11 Home Version 22H2 22621.2215 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> The Qt Company Ltd.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngineProcess.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23062.153.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23062.153.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.69\msedgewebview2.exe <7>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\LenovoUtilityService.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\LenovoUtilityService.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\FnHotkeyUtility.exe
(DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <26>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\LenovoUtilityService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe [1643360 2023-02-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707256 2021-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [st_global] => D:\FunPlus\StormShot\Launcher.exe (No File)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [LenovoVantage] => C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.35\LenovoVantage.exe [23976 2023-06-14] (Lenovo -> Lenovo)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [MicrosoftEdgeAutoLaunch_48A1A4294CCEB77515622EF96F55E31B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108328 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [33785424 2023-06-28] (PALTALK, INC. -> Paltalk, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.141\Installer\chrmstp.exe [2023-09-02] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2023-06-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {E4E9FEF9-DE5A-448B-A2E0-A6EAFF3CB452} - System32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-02] (Google LLC -> Google LLC)
Task: {9AD0AA72-7CC0-4790-BA6A-B7D1F8222155} - System32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-02] (Google LLC -> Google LLC)
Task: {85797EF6-A3B5-46A1-BED9-C57D06C1CB3E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {D30CFD4D-74D7-4D32-8F12-B3DBC4DD04FC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {F09FA9E9-A3C6-49CE-AA14-5AD28C42ECF0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3a528067-19cb-448d-9d4d-1df9e86c6136 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {6EDFEA28-6D17-48CD-831C-23C1E83628A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\72329b12-8382-4dbd-812d-3d6ab7b65392 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {7ABDAACA-A835-4FBD-B828-C1A6950EDC73} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b8b213e0-a80d-45e6-8e48-007f9c36e614 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {A1891F5E-129E-4D08-BFAC-47913AADBC25} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e5aac18f-4031-45b5-8354-0a26e7266ff7 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {E5F84C46-440F-4809-9013-D98A1E6A8EC4} - System32\Tasks\Lenovo\LenovoNowLauncher => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.exe [1627048 2023-07-12] (Lenovo -> Lenovo)
Task: {51B8328E-051C-4762-B5FF-F6D17A9FB18D} - System32\Tasks\Lenovo\LenovoNowQuarterlyLaunch => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [1557928 2023-07-12] (Lenovo -> Lenovo)
Task: {077E50AB-BBC1-4837-A70F-64BBC6024336} - System32\Tasks\Lenovo\LenovoNowTask => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [1557928 2023-07-12] (Lenovo -> Lenovo)
Task: {EEB46F0A-1218-475B-BBDC-C0DA74C53B73} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90864 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
Task: {04825B90-BC7D-4E49-AB2F-579E5A755DFB} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [177856 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
Task: {7FFD1730-C218-45A0-90F8-7B843A90834B} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {954B1EEE-D7C7-41B6-9DE8-A65852755245} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {7FEFC7AD-BCAE-4741-AFAD-626827344502} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {FCF7B5CC-36E1-401D-AD1C-C33693B89679} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {C3F40DAA-B8A7-4988-B0AF-F8935A0CD1A8} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {52047CBF-0510-44CB-AAAB-7CF5708804D2} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {B9B307B3-E516-46C2-BECD-5B04D578423A} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {9E78D5F8-E684-4E12-AFD8-0B0432336060} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0CED066F-0E30-410E-8CCC-161BC5FB3F46} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {67AF7C27-E767-4FAF-9301-D055FAF1BA95} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {75BE25BE-0988-4307-9108-87EBA2D0012A} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {384BBEB9-B485-4805-9EB7-B23C143C4AFE} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {3BE686C6-B72D-43C5-B6B6-CF511BE6DD2B} - System32\Tasks\McAfee Cleanup => C:\Users\ronny\AppData\Local\Temp\nswC248.tmp\mccleanup.exe [757240 2023-06-16] (McAfee, LLC -> McAfee, LLC) <==== ATTENTION
Task: {AE3E686F-0ECA-4F8F-9B8F-ED6798484D0C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4CEEF54-217C-48FA-8A47-A1C8C6103885} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {7CB8819B-980B-42BD-90E6-636ED9ECFB27} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {864DBBA4-C796-4E4A-8A86-41D76B15E501} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4132E24C-4B2E-495B-A908-BEBE3B18BD58} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C980847-1C45-4780-94F6-6401F6E9EAF5} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
Task: {2A9E4063-351A-4E4C-AAD3-294F274CFFF7} - System32\Tasks\Microsoft\Windows\PLA\RPT863C.tmp => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1552384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {A73DBF5C-044E-4D66-BDA1-9DD15CDB4CA7} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [635296 2023-08-18] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6AC09BE2-17D4-4856-A9BD-43FC8A4A345C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [767392 2023-08-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {490276FB-DD98-422C-A25C-7DFE7ED1E8EC} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {16F21AAA-B402-426E-BFAF-D49171E07F75} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b06834c6-f58e-4ab5-babd-daefa009e8f0}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-04]
Edge Notifications: Default -> hxxps://9110e9zj25mj6e14.qodks.co.in; hxxps://adultfriendfinder.com; hxxps://www.facebook.com; hxxps://www.msn.com; hxxps://www.ufreegames.com; hxxps://www.xvideos.com
Edge HomePage: Default -> hxxp://www.msn.com/
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-08-29]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-09]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2023-09-04]
Edge Extension: (uBlock Origin) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-07-20]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 2\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]

FireFox:
========
FF DefaultProfile: wnlx72mi.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\wnlx72mi.default [2023-09-02]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\mmlaijvy.default-esr [2023-05-31]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2023-05-31] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2023-05-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2023-05-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2023-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-02]
CHR Extension: (SuperNova SWF Enabler) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2023-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-02]
CHR HKU\S-1-5-21-808004889-1866680771-1985815163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817440 2023-08-19] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe [2360336 2023-01-18] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncHelper.exe [3516832 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [891336 2023-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\LenovoUtilityService.exe [279280 2023-05-08] (Lenovo -> Lenovo(beijing) Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1831672 2022-08-17] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-08-25] (Malwarebytes Inc. -> Malwarebytes)
S3 mcafeeintegrationservice; C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_768b84b9afa518ce\mcafeeintegrationservice.exe [3978480 2021-07-28] (McAfee, LLC -> McAfee)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\OneDriveUpdaterService.exe [3853840 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2023-04-24] (PALTALK, INC. -> AVM Software)
R2 UDCService; C:\Windows\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72944 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
S3 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-17] (NCH Software Pty Ltd -> NCH Software)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [35344 2022-09-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\amdkmdag.sys [94633360 2022-11-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-09-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\Windows\System32\drivers\fse.sys [218464 2023-05-02] (Microsoft Windows -> Microsoft Corporation)
S3 iriuna0; C:\Windows\system32\drivers\iriuna0.sys [46976 2021-04-06] (Iriun Oy -> Windows (R) Win 7 DDK provider)
S3 iriunvid; C:\Windows\System32\DriverStore\FileRepository\iriunvid.inf_amd64_daa9f7b9ae89ea8c\iriunvid.sys [164976 2023-01-10] (Iriun Oy -> Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233216 2023-08-25] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-08-25] (Malwarebytes Inc. -> Malwarebytes)
S3 McAfeeIntegrationDriver; C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys [52624 2021-07-28] (McAfee, LLC -> McAfee)
S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\Windows\system32\DRIVERS\stdriverx64.sys [54664 2023-05-30] (NCH Software Pty Ltd -> )
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-07-02] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-04 14:26 - 2023-09-04 14:27 - 000031808 _____ C:\Users\ronny\Downloads\FRST.txt
2023-09-04 14:26 - 2023-09-04 14:26 - 000000000 ____D C:\FRST
2023-09-04 14:24 - 2023-09-04 14:24 - 002382336 _____ (Farbar) C:\Users\ronny\Downloads\FRST64.exe
2023-09-02 16:23 - 2023-09-02 16:23 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-02 16:23 - 2023-09-02 16:23 - 000002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-02 16:23 - 2023-09-02 16:23 - 000000000 ____D C:\Users\ronny\AppData\Local\Google
2023-09-02 16:23 - 2023-09-02 16:23 - 000000000 ____D C:\Program Files\Google
2023-09-02 16:22 - 2023-09-04 13:27 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-02 16:22 - 2023-09-02 16:22 - 001372712 _____ (Google LLC) C:\Users\ronny\Downloads\ChromeSetup.exe
2023-09-02 16:22 - 2023-09-02 16:22 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2}
2023-09-02 16:22 - 2023-09-02 16:22 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29}
2023-09-01 23:15 - 2023-09-01 23:15 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\UProof
2023-09-01 23:14 - 2023-09-01 23:14 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\PowerPoint
2023-08-31 02:17 - 2023-08-31 02:52 - 000000000 ____D C:\ProgramData\Logishrd
2023-08-31 02:17 - 2023-08-31 02:17 - 027413248 _____ (Logitech, Inc.) C:\Users\ronny\Downloads\logioptionsplus_installer.exe
2023-08-30 02:33 - 2023-08-30 02:33 - 000007879 _____ C:\Users\ronny\Downloads\OIP.jfif
2023-08-30 02:30 - 2023-08-30 02:30 - 000038326 _____ C:\Users\ronny\Downloads\069_1000.webp
2023-08-29 17:01 - 2023-08-29 17:01 - 000112074 _____ C:\Users\ronny\Downloads\Lease.pdf
2023-08-25 11:20 - 2023-08-25 11:20 - 000382532 _____ C:\Users\ronny\Downloads\M101355_small.pdf
2023-08-25 08:49 - 2023-08-25 08:49 - 000233216 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2023-08-25 08:49 - 2023-08-25 08:49 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-08-20 20:30 - 2023-08-30 22:21 - 000000000 ____D C:\Users\ronny\.lim
2023-08-20 20:25 - 2023-08-20 20:25 - 000000000 ____D C:\Users\ronny\AppData\Roaming\.mono
2023-08-20 20:24 - 2023-08-20 20:24 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\lilithgames
2023-08-20 18:15 - 2023-08-22 03:29 - 000000000 ____D C:\Program Files (x86)\Warpath
2023-08-20 18:15 - 2023-08-22 03:28 - 000001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warpath.lnk
2023-08-20 18:15 - 2023-08-22 03:28 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Warpath.lnk
2023-08-20 18:15 - 2023-08-22 03:28 - 000001109 _____ C:\Users\Public\Desktop\Warpath.lnk
2023-08-20 18:15 - 2023-08-20 20:25 - 000000000 ____D C:\Users\ronny\.limpc
2023-08-20 18:14 - 2023-08-20 18:14 - 009172000 _____ ( ) C:\Users\ronny\Downloads\warpath_setup_0.1.0_6d8a1c626a2f6ff4b55e303087727c20.exe
2023-08-17 03:51 - 2023-09-04 12:22 - 000000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2023-08-14 20:21 - 2023-08-14 20:21 - 001967869 _____ C:\Users\ronny\Downloads\ProUsersManual.pdf
2023-08-12 17:11 - 2023-08-12 17:11 - 003196026 _____ C:\Users\ronny\Downloads\Rich Men North Of Richmond-accompaniment-Bb major-123bpm-443hz.m4a
2023-08-12 17:06 - 2023-08-12 17:06 - 003196026 _____ C:\Users\ronny\Downloads\Rich Men North Of Richmond.m4a

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-04 14:00 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemTemp
2023-09-04 12:55 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-04 12:35 - 2023-06-25 16:05 - 000004148 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{52507B6B-D19B-4D56-B70B-4DAF891436AC}
2023-09-04 12:32 - 2023-05-04 18:13 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2023-09-04 12:29 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\AppReadiness
2023-09-04 12:23 - 2023-05-17 23:43 - 000000000 ____D C:\Users\ronny\AppData\Local\Malwarebytes
2023-09-03 22:49 - 2022-05-25 14:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-09-03 20:49 - 2023-06-06 14:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-09-03 10:07 - 2023-05-06 17:22 - 002807296 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-09-03 10:07 - 2023-05-06 17:22 - 000247288 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy.dll
2023-09-03 10:07 - 2023-05-06 17:22 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-09-03 10:07 - 2023-05-06 17:22 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-09-03 10:07 - 2023-05-06 17:22 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-09-03 10:07 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-03 10:06 - 2023-05-06 17:22 - 000493056 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-09-03 10:06 - 2023-05-06 17:22 - 000202240 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-09-03 10:06 - 2023-05-06 17:22 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-09-02 20:19 - 2023-05-02 09:35 - 773406720 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
2023-09-02 16:25 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\D3DSCache
2023-09-02 05:17 - 2023-05-02 09:35 - 773406720 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
2023-09-01 23:15 - 2023-05-11 16:50 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Office
2023-09-01 21:03 - 2022-05-25 14:06 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-01 02:29 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\LiveKernelReports
2023-08-31 14:05 - 2022-09-07 00:24 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-31 14:03 - 2022-05-07 00:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-08-31 13:53 - 2023-05-27 10:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-08-31 13:53 - 2023-05-27 10:59 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-31 13:53 - 2023-05-27 10:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-08-31 13:53 - 2023-05-02 11:11 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001
2023-08-31 13:46 - 2023-05-02 09:32 - 000000000 ____D C:\Users\ronny
2023-08-31 13:46 - 2022-05-25 14:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-08-31 13:46 - 2022-05-07 00:22 - 000000000 ____D C:\Windows\INF
2023-08-31 02:54 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2023-08-31 02:54 - 2022-05-25 14:06 - 000000000 ____D C:\ProgramData\Packages
2023-08-31 02:17 - 2023-05-09 05:39 - 000000000 ____D C:\ProgramData\Package Cache
2023-08-30 21:29 - 2023-05-29 23:38 - 000000000 ____D C:\Users\ronny\AppData\Local\SimplePatchToolDls
2023-08-30 12:49 - 2022-09-07 00:43 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-30 12:39 - 2023-05-25 11:23 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-08-30 12:39 - 2022-05-25 14:05 - 000012288 ___SH C:\DumpStack.log.tmp
2023-08-30 12:39 - 2022-05-25 14:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-30 12:39 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ServiceState
2023-08-30 02:32 - 2022-05-25 14:05 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-25 08:50 - 2022-05-07 00:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-08-25 04:31 - 2022-05-07 00:17 - 000786432 _____ C:\Windows\system32\config\BBI
2023-08-25 04:28 - 2023-05-04 18:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-25 04:28 - 2022-05-25 14:05 - 000474032 _____ C:\Windows\system32\FNTCACHE.DAT
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\UUS
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemResources
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\oobe
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Dism
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\appraiser
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellExperiences
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellComponents
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\Provisioning
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\bcastdvr
2023-08-24 19:47 - 2022-05-07 00:17 - 000000000 ____D C:\Windows\CbsTemp
2023-08-24 19:43 - 2022-05-25 14:08 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-08-24 17:11 - 2023-05-08 12:53 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2023-08-20 20:25 - 2023-05-02 11:11 - 000000000 ___RD C:\Users\ronny\OneDrive
2023-08-20 01:15 - 2023-05-20 01:39 - 000000000 ____D C:\ProgramData\Paltalk Update
2023-08-20 00:45 - 2023-05-20 01:38 - 000000000 ____D C:\Program Files (x86)\Paltalk
2023-08-18 19:49 - 2023-05-04 18:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-18 19:49 - 2023-05-04 18:22 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-08-17 03:11 - 2023-05-06 17:22 - 000247400 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy.dll.0
2023-08-10 14:32 - 2023-05-02 07:17 - 000000000 ____D C:\Windows\system32\MRT
2023-08-10 14:26 - 2023-05-02 07:17 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-10 02:41 - 2023-05-02 14:33 - 000001344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Now.lnk
2023-08-10 02:41 - 2023-05-02 11:17 - 000000000 ____D C:\Users\ronny\AppData\Local\Lenovo
2023-08-10 02:41 - 2022-09-07 00:35 - 000000000 ____D C:\Program Files (x86)\Lenovo
2023-08-10 02:41 - 2022-09-07 00:23 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2023-08-10 02:41 - 2022-09-07 00:23 - 000000000 ____D C:\ProgramData\Lenovo

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023
Ran by ronny (04-09-2023 14:28:08)
Running from C:\Users\ronny\Downloads
Microsoft Windows 11 Home Version 22H2 22621.2215 (X64) (2023-04-27 10:29:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-808004889-1866680771-1985815163-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-808004889-1866680771-1985815163-503 - Limited - Disabled)
Guest (S-1-5-21-808004889-1866680771-1985815163-501 - Limited - Disabled)
ronny (S-1-5-21-808004889-1866680771-1985815163-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-808004889-1866680771-1985815163-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Dwyco CDC-X version 3.69 (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Dwyco CDC-X_is1) (Version: 3.69 - Dwyco, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.141 - Google LLC)
Java 8 Update 321 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Lenovo Now (HKLM-x32\...\Lenovo Now) (Version: 3.10.0.63 - Lenovo Group Ltd.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
Malwarebytes version 4.6.1.280 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes)
Microsoft .NET Core Host - 3.1.16 (x86) (HKLM-x32\...\{5D887DA9-5C68-400F-8948-1CC517CB9A41}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.16 (x86) (HKLM-x32\...\{A0066D67-1765-4066-B260-DD548A154CB5}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.16 (x86) (HKLM-x32\...\{876E7C98-9A2F-4644-BD03-7E6253D54EFE}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20170 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.69 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.69 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.169.0813.0001 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20170 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{23B1E150-9D20-42E9-ABEA-5F155FE91878}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{eadb038c-8c60-4258-8cf9-e43e809329a4}) (Version: 3.1.16.30112 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 102.14.0 ESR (x64 en-US)) (Version: 102.14.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.11.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 102.14.0.8605 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20170 - Microsoft Corporation) Hidden
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 8.05 - NCH Software)
SuperNova Player (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\TacticsTechnologySuperNova) (Version: - )
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
Warpath (HKLM-x32\...\{proda17b81755cc110c39879a94a4be2}_is1) (Version: 0.1.3 - )
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 17.44 - NCH Software)
WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
Y8 Browser 1.0.10 (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)

Packages:
=========
19363BlueskyStudio.FreeTowerDefence -> C:\Program Files\WindowsApps\19363BlueskyStudio.FreeTowerDefence_1.0.0.6_neutral__ad90gx91p0mxj [2023-07-02] (Bluesky Studio) [MS Ad]
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.3.0.0_x64__0aqw1zw0x2snt [2023-05-02] (韵华软件)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-11] (AMZN Mobile LLC.) [Startup Task]
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m [2023-07-31] (Advanced Micro Devices Inc.) [Startup Task]
Angry Birds 2 -> C:\Program Files\WindowsApps\1ED5AEA5.4160926B82DB_2.63.3.0_x64__p2gbknwb5d8r2 [2023-06-13] (Rovio Entertainment Oyj)
Angry Birds Friends -> C:\Program Files\WindowsApps\1ED5AEA5.AngryBirdsFriends_11.15.0.0_x64__p2gbknwb5d8r2 [2023-08-27] (Rovio Entertainment Oyj)
AutoCAD - DWG Viewer & Editor -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_9.9.0.0_x64__tf1gferkr813w [2023-08-11] (Autodesk Inc.)
B9BA84AC.CityRacing2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.7.0_x64__3ag0hv5nd203a [2023-07-11] (成都羽珀科技有限责任公司) [MS Ad]
Best Bubble Breaker -> C:\Program Files\WindowsApps\29219fast-soft.de.BestBubbleBreaker_1.1.0.5_x64__ef0y5a6dqd4v4 [2023-05-02] (fast-soft.de) [MS Ad]
Bubble Breaker Ultimate -> C:\Program Files\WindowsApps\55591DelaireDamien.BubbleBreakerUltimate_1.0.0.16_x64__823pgb98jhb94 [2023-05-02] (Delaire Damien)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.5.7.0_x86__xcg28tkrsnqww [2023-09-01] (Cool File Viewer)
Crystal Spider Solitaire -> C:\Program Files\WindowsApps\www.solitaireparadise.com-2C6E2B84_1.0.0.0_neutral__hst9cremj4dnc [2023-08-29] (www.solitaireparadise.com)
Defense zone 2 Lite -> C:\Program Files\WindowsApps\10991ArtemKotov.Defensezone2Lite_15.0.0.0_x64__6acec3smeeeap [2023-07-01] (Artem Kotov)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.30201.210.0_x64__rz1tebttyb220 [2023-05-02] (Dolby Laboratories)
DrawPad Graphic Design Editor -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_10.5.1.0_x86__7kedsbyvzns34 [2023-09-01] (NCH Software)
Hexage.RadiantDefense -> C:\Program Files\WindowsApps\Hexage.RadiantDefense_2.3.2.195_x64__zwg7cyx1ds0cc [2023-07-02] (David Peroutka)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-05-26] (Apple Inc.) [Startup Task]
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23075.1229.0_x64__8wekyb3d8bbwe [2023-05-02] (Microsoft Corporation)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2307.14.0_x64__k1h2ywk1493x8 [2023-09-01] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.4.18.0_x64__5grkq8ppsgwt4 [2023-07-21] (LENOVO INC) [Startup Task]
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.17763.135.0_x64__xsbsxxypt8dh6 [2023-05-02] (eyacker.com)
Media Player - All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.15.0_x64__q68sgvev02mx6 [2023-05-02] (Swisspix)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1920.8.125.0_x64__8xx8rvfyw5nnt [2023-08-05] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-05-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-05-02] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24002.0_x64__8wekyb3d8bbwe [2023-08-03] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-05-04] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-06-09] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-06] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-08-31] (Microsoft Corporation)
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2023-05-02] (Keith Lam)
Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_4.0.4.0_neutral__gvheqymwk6zrr [2023-05-02] (Zero Byte) [Startup Task]
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.807.100_x64__8wekyb3d8bbwe [2023-08-14] (Microsoft Corporation)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.7423.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.289.0_x64__dt26b99r8h8gj [2023-05-02] (Realtek Semiconductor Corp)
Secure Folder, Files and Encrypt -> C:\Program Files\WindowsApps\15675MedhaChaitanya.FileLockEncrypt_3.75.63.0_x64__44hy61fym8r9t [2023-05-15] (MedhaChaitanya)
Shadow Defense: Kingdom -> C:\Program Files\WindowsApps\32809xgeneration.ShadowDefenseKingdom_1.1.1.1_x86__f6w2wpjbc1rm8 [2023-05-02] (9xgeneration) [MS Ad]
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2023-05-02] (Fortemedia)
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.16.0_x64__cw5n1h2txyewy [2023-06-25] (Microsoft Windows)
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.4.0_x64__1722q061jff9j [2023-05-02] (Best Game Studio)
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2023-05-02] (LSongBee) [MS Ad]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-08-31] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-808004889-1866680771-1985815163-1001_Classes\CLSID\{92e05f37-158b-585f-c21d-a4a1f0bb32cb}\localserver32 -> "C:\Users\ronny\AppData\Local\OneLaunch\5.17.4\onelaunch.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-09-07 00:24 - 2022-09-07 00:24 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2022-09-07 00:24 - 2022-09-07 00:24 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ronny\Downloads\FlyordieJavaInstaller.exe:MBAM.Zone.Identifier [26]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\ssv.dll [2023-05-31] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_321\bin\jp2ssv.dll [2023-05-31] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 00:24 - 2022-05-07 00:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2023-08-17 03:51 - 2023-09-04 12:22 - 000000440 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.160.1 DadsLenovo.mshome.net # 2028 9 6 2 17 22 10 568

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Desktop\dylan\dylanlap.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\StartupApproved\Run: => "LenovoVantage"
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9D9AE633-487E-47EE-9ABB-F93329736147}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{5263C856-C315-45A8-8005-43FD06AFCCBF}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [TCP Query User{902403D8-6AA8-4293-9CF8-D1C2B9BAD85B}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{374A7204-05B7-41A4-BA55-39C9A916E85C}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [{4C1F91BE-7572-4E98-BA81-004B1378DB60}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5459F704-B488-41D9-8D23-A4E420DCD8AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3BB2C1D3-2D16-4F37-8415-202E14E36F49}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{C6875738-78AF-448C-BEE4-D39D7F78ACC6}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{DA48EC85-CFAB-419D-9300-236A6B4B41E7}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{CA8DD078-72FD-4414-B83A-D1561002E1D9}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{D0C55486-CBCE-4243-B76D-EB13750171D0}] => (Allow) C:\Program Files (x86)\Iriun Webcam\IriunWebcam.exe => No File
FirewallRules: [TCP Query User{1B4C2AB4-259B-4108-9C58-38937B064BFD}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{F06C2850-FCA3-4B1B-ACDE-25494217C6D5}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [{E3EDE860-0F67-451D-BE03-C6AEA36741C4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{71B947CE-2232-4536-9CED-275C0A74B9A5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{F73C1590-EB36-46BF-8AA7-B2179C9DCB41}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C4A73F9A-046C-43AE-B7F3-7B0F88000012}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1B3C3E06-9262-4E29-85A9-BB18042FF866}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6AC82062-4782-4B12-A794-CD3E9530AB9B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D07AC5D9-6B5D-40A8-A392-F9CDB31E378E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{230EF3D7-17F7-4634-948E-E7F0F05E9349}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{AE7CBB9B-CC7D-44FE-8C4B-8C35717408C5}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{DC7848E6-605A-4E4B-AC77-8D18C598F4CC}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{D783EC16-E9F5-461D-A38D-40AF0068853B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{43B5EADB-8C62-4673-8684-DC1B027E63F4}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{3287DA1C-9BA0-4422-8E2A-7EA266A249B2}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{416B1589-CF28-4433-8572-66C38CC8442A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{B78A241F-4BE7-4532-8AE2-A7F472C5567F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{89AD5F3C-2F75-4FE8-A619-2D8591B08308}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C0CAA61D-DE29-402A-81E5-3CE4737BB06C}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{2D868E08-A32B-435D-B9F3-443C04EC44EB}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{BCF300D1-3EF0-4AAD-AAEB-0A8B25A03690}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DF0C8204-65B2-4A21-A7F7-944262F5FC38}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{63FA5284-4E74-42E5-A12A-C9F2EA508466}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DEB6C539-F852-4856-B5D8-C51F889B8AF6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{80ED07A7-C02F-440E-8E71-2D762EB8D0B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78A84B55-1478-4146-A903-3B2D4D313090}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E49501E1-E97B-4977-8CBD-F781BDEBD07E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2307.40000.6.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe (Microsoft Corporation -> )
FirewallRules: [{D19DE0CF-9C22-49CD-9489-00C86687409D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6E9357A8-5C8D-400C-AAEB-8EA98449D565}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:114.26 GB) (Free:12.87 GB) (11%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/31/2023 01:48:23 PM) (Source: Application Error) (EventID: 1000) (User: DADSLENOVO)
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.22621.1, time stamp: 0x004687c2
Faulting module name: biwinrt.dll, version: 10.0.22621.1635, time stamp: 0xa3e75401
Exception code: 0xe0464645
Fault offset: 0x000000000001e9a7
Faulting process id: 0x0xd0
Faulting application start time: 0x0x1d9dc3b98f1faa8
Faulting application path: C:\Windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report Id: 14c41f80-1425-4e98-9ed5-ce98b8a55741
Faulting package full name: MicrosoftWindows.Client.CBS_1000.22662.1000.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: Global.Accounts

Error: (08/31/2023 01:47:31 PM) (Source: Application Error) (EventID: 1000) (User: DADSLENOVO)
Description: Faulting application name: Explorer.EXE, version: 10.0.22621.2215, time stamp: 0xb9c28810
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007f61e
Faulting process id: 0x0x29d8
Faulting application start time: 0x0x1d9dc3b791f6cc5
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 25ad9a57-b812-43bb-a07c-228bb1ea6eaf
Faulting package full name:
Faulting package-relative application ID:

Error: (08/31/2023 01:46:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: DADSLENOVO)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (08/31/2023 01:46:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5472, ProfSvc PID: 1760.

Error: (08/31/2023 01:46:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 4056, ProfSvc PID: 1760.

Error: (08/31/2023 01:46:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 5472, ProfSvc PID: 1760.

Error: (08/31/2023 01:46:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 13472, ProfSvc PID: 1760.

Error: (08/31/2023 01:46:28 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 8128, ProfSvc PID: 1760.


System errors:
=============
Error: (09/04/2023 12:29:34 PM) (Source: DCOM) (EventID: 10010) (User: DADSLENOVO)
Description: The server Microsoft.Windows.ShellExperienceHost_10.0.22621.2215_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.

Error: (09/04/2023 01:10:12 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (09/03/2023 08:49:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (09/03/2023 10:07:10 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "87" attempting to start the service GamingServices with arguments "Unavailable" in order to run the server:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}

Error: (09/03/2023 10:07:10 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "87" attempting to start the service GamingServices with arguments "Unavailable" in order to run the server:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}

Error: (09/03/2023 06:49:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (09/03/2023 05:57:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LenovoVantageService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/03/2023 05:57:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LenovoVantageService service to connect.


Windows Defender:
================
Date: 2023-05-07 12:31:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-06 12:33:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-05 11:32:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-04 14:36:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-03 12:18:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2023-08-16 01:29:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.395.469.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23070.1005
Error code: 0x80080005
Error description: Server execution failed

Date: 2023-07-12 03:11:50
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.

CodeIntegrity:
===============
Date: 2023-09-02 16:33:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO HQCN15WW(V1.04) 05/30/2022
Motherboard: LENOVO LNVNB161216
Processor: AMD Athlon Silver 3050U with Radeon Graphics
Percentage of memory in use: 39%
Total physical RAM: 18366.32 MB
Available physical RAM: 11196.14 MB
Total Virtual: 21182.32 MB
Available Virtual: 12180.12 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:114.26 GB) (Free:12.87 GB) (Model: SanDisk DA4128) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:931.38 GB) (Model: KINGSTON SNV2S1000G) NTFS

\\?\Volume{97b95e27-64b2-4e61-bbdd-73e5a9f4cb99}\ (WINRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.26 GB) NTFS
\\?\Volume{cba30f47-dd2a-44a1-9639-590333b5b11a}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DEB2E40B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 116.5 GB) (Disk ID: CD2244AA)

Partition: GPT.

==================== End of Addition.txt =======================
 
OK, I'll be back to you tomorrow. Here, it is already too late.
 
Hi.

This is from your logs:

Drive c: (Windows) (Fixed) (Total:114.26 GB) (Free:12.87 GB) (Model: SanDisk DA4128) NTFS

That means you have very limited space to save your data, to perform updates and to create system restore points. Therefore, you must move large files from the C to the D drive, so the disk with the OS installed can breath.

I have many things to comment on based on your logs. Let's take them from the very beginning:

1. FRST

Please move the tool from your Downloads folder on to your Desktop.


2. Notifications

Did you intentionally set these Edge notifications?

Code: 
hxxps://9110e9zj25mj6e14.qodks.co.in;
hxxps://adultfriendfinder.com;
hxxps://www.facebook.com;
hxxps://www.msn.com;
xxps://www.ufreegames.com;
hxxps://www.xvideos.com


3. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional. But this, only when we finish from here.

For now:

Uninstall the out of date version of Java: Java 8 Update 321


4. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
SystemRestore: On
CreateRestorePoint:
HKLM-x32\...\Run: [st_global] => D:\FunPlus\StormShot\Launcher.exe (No File)
Task: {3BE686C6-B72D-43C5-B6B6-CF511BE6DD2B} - System32\Tasks\McAfee Cleanup => C:\Users\ronny\AppData\Local\Temp\nswC248.tmp\mccleanup.exe [757240 2023-06-16] (McAfee, LLC -> McAfee, LLC) <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {85797EF6-A3B5-46A1-BED9-C57D06C1CB3E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {D30CFD4D-74D7-4D32-8F12-B3DBC4DD04FC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {F09FA9E9-A3C6-49CE-AA14-5AD28C42ECF0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3a528067-19cb-448d-9d4d-1df9e86c6136 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {6EDFEA28-6D17-48CD-831C-23C1E83628A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\72329b12-8382-4dbd-812d-3d6ab7b65392 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {7ABDAACA-A835-4FBD-B828-C1A6950EDC73} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b8b213e0-a80d-45e6-8e48-007f9c36e614 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {A1891F5E-129E-4D08-BFAC-47913AADBC25} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e5aac18f-4031-45b5-8354-0a26e7266ff7 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {E5F84C46-440F-4809-9013-D98A1E6A8EC4} - System32\Tasks\Lenovo\LenovoNowLauncher => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.exe [1627048 2023-07-12] (Lenovo -> Lenovo)
Task: {51B8328E-051C-4762-B5FF-F6D17A9FB18D} - System32\Tasks\Lenovo\LenovoNowQuarterlyLaunch => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [1557928 2023-07-12] (Lenovo -> Lenovo)
Task: {077E50AB-BBC1-4837-A70F-64BBC6024336} - System32\Tasks\Lenovo\LenovoNowTask => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [1557928 2023-07-12] (Lenovo -> Lenovo)
Task: {EEB46F0A-1218-475B-BBDC-C0DA74C53B73} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90864 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
Task: {04825B90-BC7D-4E49-AB2F-579E5A755DFB} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [177856 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
Task: {7FFD1730-C218-45A0-90F8-7B843A90834B} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {954B1EEE-D7C7-41B6-9DE8-A65852755245} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {7FEFC7AD-BCAE-4741-AFAD-626827344502} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {FCF7B5CC-36E1-401D-AD1C-C33693B89679} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {C3F40DAA-B8A7-4988-B0AF-F8935A0CD1A8} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {52047CBF-0510-44CB-AAAB-7CF5708804D2} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {B9B307B3-E516-46C2-BECD-5B04D578423A} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {9E78D5F8-E684-4E12-AFD8-0B0432336060} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0CED066F-0E30-410E-8CCC-161BC5FB3F46} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {67AF7C27-E767-4FAF-9301-D055FAF1BA95} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {75BE25BE-0988-4307-9108-87EBA2D0012A} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {384BBEB9-B485-4805-9EB7-B23C143C4AFE} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
S3 mcafeeintegrationservice; C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_768b84b9afa518ce\mcafeeintegrationservice.exe [3978480 2021-07-28] (McAfee, LLC -> McAfee)
S3 McAfeeIntegrationDriver; C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys [52624 2021-07-28] (McAfee, LLC -> McAfee)
AlternateDataStreams: C:\Users\ronny\Downloads\FlyordieJavaInstaller.exe:MBAM.Zone.Identifier [26]
FirewallRules: [{3BB2C1D3-2D16-4F37-8415-202E14E36F49}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{C6875738-78AF-448C-BEE4-D39D7F78ACC6}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{DA48EC85-CFAB-419D-9300-236A6B4B41E7}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{CA8DD078-72FD-4414-B83A-D1561002E1D9}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{D0C55486-CBCE-4243-B76D-EB13750171D0}] => (Allow) C:\Program Files (x86)\Iriun Webcam\IriunWebcam.exe => No File
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_768b84b9afa518ce\mcafeeintegrationservice.exe
C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys
Folder: C:\Users\ronny\.lim
Folder: C:\Users\ronny\AppData\Roaming\.mono
Folder: C:\Users\ronny\.limpc
CMD: reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt
CloseProcesses:
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.


In your next reply please post:

1. A reply about the notifications
2. If uninstalling Java ran smoothly
3. The fixlog.txt
 
ok dr. thanks 1. but what tool do i move to desktop? frst? if so, done. 2. as for the edge notifications, i don't know how to so i didn't knowingly do so. 3. java uninstall went smooth, but may download it if required for certain games. 4. fix list...

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023
Ran by ronny (05-09-2023 14:43:04) Run:1
Running from C:\Users\ronny\Downloads
Loaded Profiles: ronny
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
HKLM-x32\...\Run: [st_global] => D:\FunPlus\StormShot\Launcher.exe (No File)
Task: {3BE686C6-B72D-43C5-B6B6-CF511BE6DD2B} - System32\Tasks\McAfee Cleanup => C:\Users\ronny\AppData\Local\Temp\nswC248.tmp\mccleanup.exe [757240 2023-06-16] (McAfee, LLC -> McAfee, LLC) <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {85797EF6-A3B5-46A1-BED9-C57D06C1CB3E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {D30CFD4D-74D7-4D32-8F12-B3DBC4DD04FC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {F09FA9E9-A3C6-49CE-AA14-5AD28C42ECF0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3a528067-19cb-448d-9d4d-1df9e86c6136 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {6EDFEA28-6D17-48CD-831C-23C1E83628A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\72329b12-8382-4dbd-812d-3d6ab7b65392 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {7ABDAACA-A835-4FBD-B828-C1A6950EDC73} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b8b213e0-a80d-45e6-8e48-007f9c36e614 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {A1891F5E-129E-4D08-BFAC-47913AADBC25} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e5aac18f-4031-45b5-8354-0a26e7266ff7 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {E5F84C46-440F-4809-9013-D98A1E6A8EC4} - System32\Tasks\Lenovo\LenovoNowLauncher => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.exe [1627048 2023-07-12] (Lenovo -> Lenovo)
Task: {51B8328E-051C-4762-B5FF-F6D17A9FB18D} - System32\Tasks\Lenovo\LenovoNowQuarterlyLaunch => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [1557928 2023-07-12] (Lenovo -> Lenovo)
Task: {077E50AB-BBC1-4837-A70F-64BBC6024336} - System32\Tasks\Lenovo\LenovoNowTask => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [1557928 2023-07-12] (Lenovo -> Lenovo)
Task: {EEB46F0A-1218-475B-BBDC-C0DA74C53B73} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90864 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
Task: {04825B90-BC7D-4E49-AB2F-579E5A755DFB} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [177856 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
Task: {7FFD1730-C218-45A0-90F8-7B843A90834B} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {954B1EEE-D7C7-41B6-9DE8-A65852755245} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {7FEFC7AD-BCAE-4741-AFAD-626827344502} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {FCF7B5CC-36E1-401D-AD1C-C33693B89679} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {C3F40DAA-B8A7-4988-B0AF-F8935A0CD1A8} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {52047CBF-0510-44CB-AAAB-7CF5708804D2} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {B9B307B3-E516-46C2-BECD-5B04D578423A} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {9E78D5F8-E684-4E12-AFD8-0B0432336060} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0CED066F-0E30-410E-8CCC-161BC5FB3F46} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {67AF7C27-E767-4FAF-9301-D055FAF1BA95} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {75BE25BE-0988-4307-9108-87EBA2D0012A} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {384BBEB9-B485-4805-9EB7-B23C143C4AFE} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
S3 mcafeeintegrationservice; C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_768b84b9afa518ce\mcafeeintegrationservice.exe [3978480 2021-07-28] (McAfee, LLC -> McAfee)
S3 McAfeeIntegrationDriver; C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys [52624 2021-07-28] (McAfee, LLC -> McAfee)
AlternateDataStreams: C:\Users\ronny\Downloads\FlyordieJavaInstaller.exe:MBAM.Zone.Identifier [26]
FirewallRules: [{3BB2C1D3-2D16-4F37-8415-202E14E36F49}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{C6875738-78AF-448C-BEE4-D39D7F78ACC6}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{DA48EC85-CFAB-419D-9300-236A6B4B41E7}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{CA8DD078-72FD-4414-B83A-D1561002E1D9}] => (Allow) C:\Users\ronny\AppData\Local\Maxthon\Application\Maxthon.exe => No File
FirewallRules: [{D0C55486-CBCE-4243-B76D-EB13750171D0}] => (Allow) C:\Program Files (x86)\Iriun Webcam\IriunWebcam.exe => No File
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_768b84b9afa518ce\mcafeeintegrationservice.exe
C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys
Folder: C:\Users\ronny\.lim
Folder: C:\Users\ronny\AppData\Roaming\.mono
Folder: C:\Users\ronny\.limpc
CMD: reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt
CloseProcesses:
EmptyTemp:
End::
*****************

SystemRestore: On => completed
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\st_global" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BE686C6-B72D-43C5-B6B6-CF511BE6DD2B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BE686C6-B72D-43C5-B6B6-CF511BE6DD2B}" => removed successfully
C:\Windows\System32\Tasks\McAfee Cleanup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Cleanup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85797EF6-A3B5-46A1-BED9-C57D06C1CB3E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85797EF6-A3B5-46A1-BED9-C57D06C1CB3E}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D30CFD4D-74D7-4D32-8F12-B3DBC4DD04FC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D30CFD4D-74D7-4D32-8F12-B3DBC4DD04FC}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F09FA9E9-A3C6-49CE-AA14-5AD28C42ECF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F09FA9E9-A3C6-49CE-AA14-5AD28C42ECF0}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\ImController\TimeBasedEvents\3a528067-19cb-448d-9d4d-1df9e86c6136 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\3a528067-19cb-448d-9d4d-1df9e86c6136" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EDFEA28-6D17-48CD-831C-23C1E83628A5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EDFEA28-6D17-48CD-831C-23C1E83628A5}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\ImController\TimeBasedEvents\72329b12-8382-4dbd-812d-3d6ab7b65392 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\72329b12-8382-4dbd-812d-3d6ab7b65392" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ABDAACA-A835-4FBD-B828-C1A6950EDC73}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ABDAACA-A835-4FBD-B828-C1A6950EDC73}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\ImController\TimeBasedEvents\b8b213e0-a80d-45e6-8e48-007f9c36e614 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\b8b213e0-a80d-45e6-8e48-007f9c36e614" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1891F5E-129E-4D08-BFAC-47913AADBC25}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1891F5E-129E-4D08-BFAC-47913AADBC25}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\ImController\TimeBasedEvents\e5aac18f-4031-45b5-8354-0a26e7266ff7 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\e5aac18f-4031-45b5-8354-0a26e7266ff7" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5F84C46-440F-4809-9013-D98A1E6A8EC4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5F84C46-440F-4809-9013-D98A1E6A8EC4}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\LenovoNowLauncher => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LenovoNowLauncher" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51B8328E-051C-4762-B5FF-F6D17A9FB18D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B8328E-051C-4762-B5FF-F6D17A9FB18D}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\LenovoNowQuarterlyLaunch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LenovoNowQuarterlyLaunch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{077E50AB-BBC1-4837-A70F-64BBC6024336}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077E50AB-BBC1-4837-A70F-64BBC6024336}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\LenovoNowTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LenovoNowTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEB46F0A-1218-475B-BBDC-C0DA74C53B73}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEB46F0A-1218-475B-BBDC-C0DA74C53B73}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\UDC\Lenovo UDC Idle Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04825B90-BC7D-4E49-AB2F-579E5A755DFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04825B90-BC7D-4E49-AB2F-579E5A755DFB}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\UDC\Lenovo UDC Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FFD1730-C218-45A0-90F8-7B843A90834B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FFD1730-C218-45A0-90F8-7B843A90834B}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{954B1EEE-D7C7-41B6-9DE8-A65852755245}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{954B1EEE-D7C7-41B6-9DE8-A65852755245}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FEFC7AD-BCAE-4741-AFAD-626827344502}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FEFC7AD-BCAE-4741-AFAD-626827344502}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\DailyTelemetryTransmission" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCF7B5CC-36E1-401D-AD1C-C33693B89679}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCF7B5CC-36E1-401D-AD1C-C33693B89679}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\GenericMessagingAddin" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3F40DAA-B8A7-4988-B0AF-F8935A0CD1A8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3F40DAA-B8A7-4988-B0AF-F8935A0CD1A8}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52047CBF-0510-44CB-AAAB-7CF5708804D2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52047CBF-0510-44CB-AAAB-7CF5708804D2}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9B307B3-E516-46C2-BECD-5B04D578423A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9B307B3-E516-46C2-BECD-5B04D578423A}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E78D5F8-E684-4E12-AFD8-0B0432336060}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E78D5F8-E684-4E12-AFD8-0B0432336060}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CED066F-0E30-410E-8CCC-161BC5FB3F46}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CED066F-0E30-410E-8CCC-161BC5FB3F46}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67AF7C27-E767-4FAF-9301-D055FAF1BA95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67AF7C27-E767-4FAF-9301-D055FAF1BA95}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75BE25BE-0988-4307-9108-87EBA2D0012A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75BE25BE-0988-4307-9108-87EBA2D0012A}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{384BBEB9-B485-4805-9EB7-B23C143C4AFE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{384BBEB9-B485-4805-9EB7-B23C143C4AFE}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder" => removed successfully
HKLM\System\CurrentControlSet\Services\mcafeeintegrationservice => removed successfully
mcafeeintegrationservice => service removed successfully
"HKLM\System\CurrentControlSet\Services\McAfeeIntegrationDriver" => removed successfully
McAfeeIntegrationDriver => service removed successfully
C:\Users\ronny\Downloads\FlyordieJavaInstaller.exe => ":MBAM.Zone.Identifier" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3BB2C1D3-2D16-4F37-8415-202E14E36F49}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6875738-78AF-448C-BEE4-D39D7F78ACC6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA48EC85-CFAB-419D-9300-236A6B4B41E7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA8DD078-72FD-4414-B83A-D1561002E1D9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0C55486-CBCE-4243-B76D-EB13750171D0}" => removed successfully
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_768b84b9afa518ce\mcafeeintegrationservice.exe => moved successfully
C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys => moved successfully

========================= Folder: C:\Users\ronny\.lim ========================

2023-08-20 20:30 - 2023-08-20 21:07 - 000209369 ____A [73FCD83308948B94BF90CCE400CD78B7] () C:\Users\ronny\.lim\log-230820.txt
2023-08-22 03:29 - 2023-08-22 03:47 - 000118271 ____A [26FF083FC77F9158980821608A712822] () C:\Users\ronny\.lim\log-230822.txt
2023-08-30 22:21 - 2023-08-30 22:43 - 000105342 ____A [7B6F34A5EA4585AD4F11490B793BE7A1] () C:\Users\ronny\.lim\log-230830.txt

====== End of Folder: ======


========================= Folder: C:\Users\ronny\AppData\Roaming\.mono ========================

2023-08-20 20:25 - 2023-08-20 20:25 - 000000000 ____D [00000000000000000000000000000000] C:\Users\ronny\AppData\Roaming\.mono\certs
2023-08-20 20:25 - 2023-08-20 20:25 - 000000000 ____D [00000000000000000000000000000000] C:\Users\ronny\AppData\Roaming\.mono\certs\CA
2023-08-20 20:25 - 2023-08-20 20:25 - 000000000 ____D [00000000000000000000000000000000] C:\Users\ronny\AppData\Roaming\.mono\certs\Trust

====== End of Folder: ======


========================= Folder: C:\Users\ronny\.limpc ========================

2023-08-20 18:15 - 2023-08-30 22:20 - 000000000 ____D [00000000000000000000000000000000] C:\Users\ronny\.limpc\launcher
2023-08-20 18:15 - 2023-08-20 18:18 - 000008556 ____A [BA1ADC27A0CFD153227A47ABDAE32E72] () C:\Users\ronny\.limpc\launcher\main_20230820181542_log.txt
2023-08-20 18:20 - 2023-08-20 21:08 - 000007968 ____A [8C7C2D49E7D26B7A0945F56E449037EC] () C:\Users\ronny\.limpc\launcher\main_20230820182001_log.txt
2023-08-22 03:28 - 2023-08-22 03:28 - 000005028 ____A [E24339A3F9F59FD332680DD7F712760B] () C:\Users\ronny\.limpc\launcher\main_20230822032829_log.txt
2023-08-22 03:29 - 2023-08-22 03:47 - 000005916 ____A [BE15BCF255D0E78FAFAD4C049245DC65] () C:\Users\ronny\.limpc\launcher\main_20230822032900_log.txt
2023-08-30 22:20 - 2023-08-30 22:43 - 000005916 ____A [AE841755629F5FE6AF456E6F357D6BCD] () C:\Users\ronny\.limpc\launcher\main_20230830222005_log.txt
2023-08-20 20:25 - 2023-08-30 22:20 - 000000000 ____D [00000000000000000000000000000000] C:\Users\ronny\.limpc\proda17b81755cc110c39879a94a4be2
2023-08-20 20:25 - 2023-08-20 21:07 - 000160921 ____A [A21546A61A78D8A36E94831CA8915CAA] () C:\Users\ronny\.limpc\proda17b81755cc110c39879a94a4be2\log-230820.txt
2023-08-22 03:29 - 2023-08-22 03:47 - 000110649 ____A [812D4D1DCAF35615C656F412A24D3027] () C:\Users\ronny\.limpc\proda17b81755cc110c39879a94a4be2\log-230822.txt
2023-08-30 22:20 - 2023-08-30 22:43 - 000116989 ____A [B41D393AAF8FF9D602544ECB0BF5EE28] () C:\Users\ronny\.limpc\proda17b81755cc110c39879a94a4be2\log-230830.txt
2023-08-20 20:30 - 2023-08-20 20:30 - 000000000 ____D [00000000000000000000000000000000] C:\Users\ronny\.limpc\proda17b81755cc110c39879a94a4be2\.lim
2023-08-20 20:30 - 2023-08-20 20:30 - 000000021 ____A [EE236126597957C5310763EEF0F32E7C] () C:\Users\ronny\.limpc\proda17b81755cc110c39879a94a4be2\.lim\config.json
2023-08-20 20:25 - 2023-08-20 20:30 - 000000000 ____D [00000000000000000000000000000000] C:\Users\ronny\.limpc\proda17b81755cc110c39879a94a4be2\cache
2023-08-20 20:30 - 2023-08-20 20:30 - 000000346 ____A [9A9077DC2C73FF64C9E2ACD6460696E0] () C:\Users\ronny\.limpc\proda17b81755cc110c39879a94a4be2\cache\acif.dat

====== End of Folder: ======


========= reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt =========

The operation completed successfully.


========= End of CMD: =========

Processes closed successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 242623204 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 25828 B
Windows/system/drivers => 14735844 B
Edge => 0 B
Chrome => 26003043 B
Firefox => 676486926 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 902829 B
NetworkService => 1044663 B
ronny => 289192170 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:45:16 ====


thanks!
 
to move items from C to D do i just copy/paste? i would've sworn this pc had enough hard drive to cover a lot. :mad:
 
C drive has 115 GB capacity which is not that great. But D, is 1T.

Yes, copy/paste will do the job in case of documents, pictures, music, videos. But for programs, this won't work. You must install the programs in D so they can be running.

FRST tool is still in the Downloads folder, at least at the time you ran the fix, it was there.

Moving on.


1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code: 
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.


In your next reply, please post:
  1. The AdwCleaner[S0*].txt
  2. The Malwarebytes report
 
ok thanks dr.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/6/23
Scan Time: 11:25 AM
Log File: 0141bad0-4cd2-11ee-9c5b-000000000000.json

-Software Information-
Version: 4.6.1.280
Components Version: 1.0.2117
Update Package Version: 1.0.74937
License: Premium

-System Information-
OS: Windows 11 (Build 22621.2215)
CPU: x64
File System: NTFS
User: DadsLenovo\ronny

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 245025
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 41 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

--------------------------

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-06-2023
# Duration: 00:00:39
# OS: Windows 10 Home
# Scanned: 32109
# Detected: 7


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Conduit HKCU\Software\Conduit
PUP.Optional.Conduit HKLM\Software\Wow6432Node\Conduit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\ronny\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1


AdwCleaner[S00].txt - [1875 octets] - [07/05/2023 10:12:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 
Malwarebytes didn't detect anything bad.

As to AdwCleaner:

1. AdwCleaner (Cleaning)

The findings in Registry part of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

After that, please do the following, to gain some disk space, if it is possible:

2. Disc cleanup
  • Press the Windows icon on your keyboard, together with the letter R.
  • Type in the blank area cleanmgr and then press OK.
  • Select Drive C and press OK.
  • Select everything you don't need in the list that will appear. Actually, you can select everything there, but be careful if you need some files in the Downloads folder.
  • Press the button Clean up system files and wait a bit.
  • Again, select everything you don't need, including old Windows installations, if any.
  • Select the tab More options.
  • Under the title System Restore and Shadow Copies, press Clean up.
  • Press Delete and OK if you are asked to.
  • Wait some time (depending of the items that are deleted).
  • Make a restart when the process is finished.


3. Fresh FRST logs

Run FRST tool once again, and attach the 2 logs for me to check.



In your next reply please post:
  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, Addition and FRST
  3. Feedback: how is the computer running now? Any improvement?
 
ok dr. thanks again. the restarts are quickhope i did all this righter now and seems all is running fine...hope i did all this right...

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-06-2023
# Duration: 00:00:35
# OS: Windows 10 Home
# Scanned: 32109
# Detected: 7


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Conduit HKCU\Software\Conduit
PUP.Optional.Conduit HKLM\Software\Wow6432Node\Conduit

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\ronny\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1


AdwCleaner[S00].txt - [1875 octets] - [07/05/2023 10:12:45]
AdwCleaner[S01].txt - [2006 octets] - [06/09/2023 11:17:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 
Dr. I've got a problem. As I began my last post as you can see from my spelling things went crazy. Everything on my Taskbar started popping up and going away, my mouse is uncontrollable. My broods keeps opening and shutting down. I'm on my phone now as my pc is unusable.
 
Status
Not open for further replies.
Back
Top