[SOLVED] i need help please...

[rb56]

Should be my browser not broods

 

[rb56]

That last message with the report in it just sent in its on a I was typing. Just sitting here my notifications open then close. The side panel on the left opens and closes as do the items in my task bar. It won't let me do anything

 

[rb56]

well i just shut it down and about 30 minutes later i got a window come up with about 4 options. i selected the bottom one for advanced and selected system restore. i went to do some things and when i came back SR had finished but unsuccessfully and no files were changed. i wenr ahead and logged on and find everything is normal again. i have no idea what that was.

 

[DR M]

Hello.

I'm sorry to hear that you had issues, but glad you were able to resolve them.

As to what I asked you to do here, you didn't follow the instructions correctly, and as a result nothing was deleted. Please, read the instructions carefully, repeat the procedure and post the requested log. I also would like to see the fresh FRST logs, after you run the cleanmgr utility.

 

[rb56]

ok thanks dr., it started acting crazy when i started frst, it's been running good since. i can't imagine what that was it choked on earlier.

 

[DR M]

When you run FRST, let it run without using the system at all. Sometimes, it happens to stuck, but it will get ok after some time. It's important, anyway, not to use the computer when you run FRST.

 

[rb56]

ok dr. now i did this exactly as instructed

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-07-2023
# Duration: 00:00:50
# OS: Windows 11 (Build 22621.2215)
# Scanned: 32109
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\Users\ronny\AppData\Local\LENOVO\IMCONTROLLER


AdwCleaner[S00].txt - [1875 octets] - [07/05/2023 10:12:45]
AdwCleaner[S01].txt - [2006 octets] - [06/09/2023 11:17:21]
AdwCleaner[S02].txt - [2067 octets] - [06/09/2023 15:42:45]
AdwCleaner[C02].txt - [2282 octets] - [06/09/2023 15:49:59]
AdwCleaner[S03].txt - [1725 octets] - [07/09/2023 02:52:12]
AdwCleaner[C03].txt - [1926 octets] - [07/09/2023 02:59:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2023
Ran by ronny (administrator) on DADSLENOVO (LENOVO 82R1) (08-09-2023 00:14:19)
Running from C:\Users\ronny\OneDrive\Desktop\FRST64.exe
Loaded Profiles: ronny
Platform: Microsoft Windows 11 Home Version 22H2 22621.2215 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> The Qt Company Ltd.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngineProcess.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23072.150.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23072.150.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.69\msedgewebview2.exe <7>
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\LenovoUtilityService.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\LenovoUtilityService.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\FnHotkeyUtility.exe
(DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <26>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2306.15.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <2>
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\LenovoUtilityService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.2061_none_e9764a2042bb8e95\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe [1643360 2023-02-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [LenovoVantage] => C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.35\LenovoVantage.exe [23976 2023-06-14] (Lenovo -> Lenovo)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [MicrosoftEdgeAutoLaunch_48A1A4294CCEB77515622EF96F55E31B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4108328 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [33785424 2023-06-28] (PALTALK, INC. -> Paltalk, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.142\Installer\chrmstp.exe [2023-09-05] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2023-06-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {41693172-B4B8-425A-9EF8-E9C13D37E0B8} - \Lenovo\ImController\TimeBasedEvents\5f07977f-3815-4ee5-855b-306cbc3c5a79 -> No File <==== ATTENTION
Task: {ACD02964-DE87-4864-983C-7C9AF6057FCC} - \Lenovo\ImController\TimeBasedEvents\7ab85bbe-7f77-46f1-a234-26cf5d8e7c29 -> No File <==== ATTENTION
Task: {FEA14AC7-AA3E-4BF6-84D2-EF61C77A9622} - \Lenovo\ImController\TimeBasedEvents\719b49d1-4860-4da4-8d18-c888d1913ae4 -> No File <==== ATTENTION
Task: {FF05BE42-8151-4524-A315-763A35F988FA} - \Lenovo\ImController\TimeBasedEvents\2f926370-e567-4896-ac87-7df810eb1266 -> No File <==== ATTENTION
Task: {E4E9FEF9-DE5A-448B-A2E0-A6EAFF3CB452} - System32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-02] (Google LLC -> Google LLC)
Task: {9AD0AA72-7CC0-4790-BA6A-B7D1F8222155} - System32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-09-02] (Google LLC -> Google LLC)
Task: {6738BAF3-0544-4451-8119-FF0B5B097EA5} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {CF454C0D-6E2B-4A87-8D2D-71348819A537} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {BFBCF6BA-F285-4B98-A18D-31CAE2F0EC41} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {4B8B0A31-52EE-4D06-8D84-5A0A033587BF} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {BB3E2DB3-0D8E-4B0F-9D43-2552A2C32647} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {8DCEB4A9-5EF1-461A-B0AA-294BBA808D18} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0AC0E58F-191C-48C4-8580-52BDE7FC52AC} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {D223C2A4-C255-4FBB-A50A-C89E6E91E76C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {D3A82A99-151E-49E6-8A11-30B0811F6530} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {11F0E20D-248C-463D-8316-5049C8D2190F} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {F4E2E59E-9DAD-4A3D-97EF-DD295F8255C2} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {428B6292-EA82-4A16-AF9E-E96DF6074A4D} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {AE3E686F-0ECA-4F8F-9B8F-ED6798484D0C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4CEEF54-217C-48FA-8A47-A1C8C6103885} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913464 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {7CB8819B-980B-42BD-90E6-636ED9ECFB27} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {864DBBA4-C796-4E4A-8A86-41D76B15E501} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4132E24C-4B2E-495B-A908-BEBE3B18BD58} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C980847-1C45-4780-94F6-6401F6E9EAF5} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
Task: {2A9E4063-351A-4E4C-AAD3-294F274CFFF7} - System32\Tasks\Microsoft\Windows\PLA\RPT863C.tmp => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1552384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {24E178C5-1D19-43AC-8F81-7514BBAE1825} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9E6A901-E8D6-4D7B-85AB-BD7D91910055} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BDEEC90E-5E03-4B65-98F9-AEB75D753B5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F527D7E2-239F-43E5-8F04-B2EC8DD81470} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A73DBF5C-044E-4D66-BDA1-9DD15CDB4CA7} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [635296 2023-08-18] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6AC09BE2-17D4-4856-A9BD-43FC8A4A345C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [767392 2023-08-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {490276FB-DD98-422C-A25C-7DFE7ED1E8EC} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {16F21AAA-B402-426E-BFAF-D49171E07F75} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b06834c6-f58e-4ab5-babd-daefa009e8f0}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-08]
Edge Notifications: Default -> hxxps://9110e9zj25mj6e14.qodks.co.in; hxxps://adultfriendfinder.com; hxxps://www.facebook.com; hxxps://www.msn.com; hxxps://www.ufreegames.com; hxxps://www.xvideos.com
Edge HomePage: Default -> hxxp://www.msn.com/
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-09-06]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-09]
Edge Extension: (uBlock Origin) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-07-20]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 2\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]

FireFox:
========
FF DefaultProfile: wnlx72mi.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\wnlx72mi.default [2023-09-05]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\mmlaijvy.default-esr [2023-09-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2023-05-31] (Solware IT Ltd -> Solware)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2023-09-05]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-02]
CHR Extension: (SuperNova SWF Enabler) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2023-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-02]
CHR HKU\S-1-5-21-808004889-1866680771-1985815163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817440 2023-08-19] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe [2360336 2023-01-18] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncHelper.exe [3516832 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [891336 2023-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_ec25230d3e6604c8\LenovoUtilityService.exe [279280 2023-05-08] (Lenovo -> Lenovo(beijing) Limited)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1831672 2022-08-17] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-08-25] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\OneDriveUpdaterService.exe [3853840 2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2023-04-24] (PALTALK, INC. -> AVM Software)
R2 UDCService; C:\Windows\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72944 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
S3 VRSService; C:\Program Files (x86)\NCH Software\VRS\vrs.exe [1313808 2018-10-17] (NCH Software Pty Ltd -> NCH Software)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [35344 2022-09-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\amdkmdag.sys [94633360 2022-11-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-09-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\Windows\System32\drivers\fse.sys [218464 2023-05-02] (Microsoft Windows -> Microsoft Corporation)
S3 iriuna0; C:\Windows\system32\drivers\iriuna0.sys [46976 2021-04-06] (Iriun Oy -> Windows (R) Win 7 DDK provider)
S3 iriunvid; C:\Windows\System32\DriverStore\FileRepository\iriunvid.inf_amd64_daa9f7b9ae89ea8c\iriunvid.sys [164976 2023-01-10] (Iriun Oy -> Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233216 2023-09-07] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-09-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-09-07] (Malwarebytes Inc. -> Malwarebytes)
S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\Windows\system32\DRIVERS\stdriverx64.sys [54664 2023-05-30] (NCH Software Pty Ltd -> )
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-07-02] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-07 22:59 - 2023-09-07 22:59 - 000233216 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2023-09-07 22:59 - 2023-09-07 22:59 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-09-05 14:43 - 2023-09-05 14:45 - 000026990 _____ C:\Users\ronny\Downloads\Fixlog.txt
2023-09-05 14:43 - 2023-09-05 14:43 - 000006128 _____ C:\Profile.txt
2023-09-04 14:28 - 2023-09-04 14:29 - 000038533 _____ C:\Users\ronny\Downloads\Addition.txt
2023-09-04 14:26 - 2023-09-08 00:15 - 000000000 ____D C:\FRST
2023-09-02 16:23 - 2023-09-05 12:28 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-02 16:23 - 2023-09-05 12:28 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-02 16:23 - 2023-09-02 16:23 - 000000000 ____D C:\Users\ronny\AppData\Local\Google
2023-09-02 16:23 - 2023-09-02 16:23 - 000000000 ____D C:\Program Files\Google
2023-09-02 16:22 - 2023-09-07 23:27 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-02 16:22 - 2023-09-02 16:22 - 001372712 _____ (Google LLC) C:\Users\ronny\Downloads\ChromeSetup.exe
2023-09-02 16:22 - 2023-09-02 16:22 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2}
2023-09-02 16:22 - 2023-09-02 16:22 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29}
2023-09-01 23:15 - 2023-09-01 23:15 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\UProof
2023-09-01 23:14 - 2023-09-01 23:14 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\PowerPoint
2023-08-31 02:17 - 2023-08-31 02:52 - 000000000 ____D C:\ProgramData\Logishrd
2023-08-31 02:17 - 2023-08-31 02:17 - 027413248 _____ (Logitech, Inc.) C:\Users\ronny\Downloads\logioptionsplus_installer.exe
2023-08-30 02:33 - 2023-08-30 02:33 - 000007879 _____ C:\Users\ronny\Downloads\OIP.jfif
2023-08-30 02:30 - 2023-08-30 02:30 - 000038326 _____ C:\Users\ronny\Downloads\069_1000.webp
2023-08-29 17:01 - 2023-08-29 17:01 - 000112074 _____ C:\Users\ronny\Downloads\Lease.pdf
2023-08-25 11:20 - 2023-08-25 11:20 - 000382532 _____ C:\Users\ronny\Downloads\M101355_small.pdf
2023-08-20 20:30 - 2023-08-30 22:21 - 000000000 ____D C:\Users\ronny\.lim
2023-08-20 20:25 - 2023-08-20 20:25 - 000000000 ____D C:\Users\ronny\AppData\Roaming\.mono
2023-08-20 20:24 - 2023-08-20 20:24 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\lilithgames
2023-08-20 18:15 - 2023-08-22 03:29 - 000000000 ____D C:\Program Files (x86)\Warpath
2023-08-20 18:15 - 2023-08-22 03:28 - 000001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warpath.lnk
2023-08-20 18:15 - 2023-08-22 03:28 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Warpath.lnk
2023-08-20 18:15 - 2023-08-22 03:28 - 000001109 _____ C:\Users\Public\Desktop\Warpath.lnk
2023-08-20 18:15 - 2023-08-20 20:25 - 000000000 ____D C:\Users\ronny\.limpc
2023-08-20 18:14 - 2023-08-20 18:14 - 009172000 _____ ( ) C:\Users\ronny\Downloads\warpath_setup_0.1.0_6d8a1c626a2f6ff4b55e303087727c20.exe
2023-08-17 03:51 - 2023-09-04 12:22 - 000000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2023-08-14 20:21 - 2023-08-14 20:21 - 001967869 _____ C:\Users\ronny\Downloads\ProUsersManual.pdf
2023-08-12 17:11 - 2023-08-12 17:11 - 003196026 _____ C:\Users\ronny\Downloads\Rich Men North Of Richmond-accompaniment-Bb major-123bpm-443hz.m4a
2023-08-12 17:06 - 2023-08-12 17:06 - 003196026 _____ C:\Users\ronny\Downloads\Rich Men North Of Richmond.m4a

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-09-08 00:16 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-08 00:12 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\D3DSCache
2023-09-08 00:03 - 2022-05-25 14:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-09-07 23:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemTemp
2023-09-07 23:08 - 2022-09-07 00:43 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2023-09-07 23:08 - 2022-05-07 00:22 - 000000000 ____D C:\Windows\INF
2023-09-07 23:04 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\AppReadiness
2023-09-07 23:01 - 2023-05-17 23:43 - 000000000 ____D C:\Users\ronny\AppData\Local\Malwarebytes
2023-09-07 22:58 - 2022-05-25 14:05 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-07 22:58 - 2022-05-25 14:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-07 22:58 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ServiceState
2023-09-07 22:58 - 2022-05-07 00:17 - 000786432 _____ C:\Windows\system32\config\BBI
2023-09-07 22:49 - 2023-06-06 14:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-09-07 22:49 - 2023-05-04 18:13 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2023-09-07 22:19 - 2023-06-25 16:05 - 000004148 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{52507B6B-D19B-4D56-B70B-4DAF891436AC}
2023-09-07 03:10 - 2023-05-02 11:17 - 000000000 ____D C:\Users\ronny\AppData\Local\Lenovo
2023-09-07 03:01 - 2023-05-02 09:32 - 000000000 ____D C:\Users\ronny
2023-09-07 02:50 - 2023-05-02 09:35 - 789389312 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
2023-09-06 16:38 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-06 15:49 - 2023-05-07 10:12 - 000000000 ____D C:\AdwCleaner
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\Windows\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\ProgramData\Lenovo
2023-09-06 11:24 - 2022-05-07 00:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-09-06 01:53 - 2023-05-02 07:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-05 19:17 - 2023-05-08 12:53 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2023-09-05 17:53 - 2023-05-02 16:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
2023-09-05 17:53 - 2023-05-02 09:35 - 787460096 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
2023-09-05 14:46 - 2023-05-27 10:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-03 10:07 - 2023-05-06 17:22 - 002807296 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-09-03 10:07 - 2023-05-06 17:22 - 000247288 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy.dll
2023-09-03 10:07 - 2023-05-06 17:22 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-09-03 10:07 - 2023-05-06 17:22 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-09-03 10:07 - 2023-05-06 17:22 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-09-03 10:06 - 2023-05-06 17:22 - 000493056 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-09-03 10:06 - 2023-05-06 17:22 - 000202240 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-09-03 10:06 - 2023-05-06 17:22 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-09-01 23:15 - 2023-05-11 16:50 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Office
2023-09-01 21:03 - 2022-05-25 14:06 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-01 02:29 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\LiveKernelReports
2023-08-31 14:05 - 2022-09-07 00:24 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-31 14:03 - 2022-05-07 00:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-08-31 13:53 - 2023-05-27 10:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-08-31 13:53 - 2023-05-27 10:59 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-31 13:53 - 2023-05-02 11:11 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001
2023-08-31 13:46 - 2022-05-25 14:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-08-31 02:54 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2023-08-31 02:54 - 2022-05-25 14:06 - 000000000 ____D C:\ProgramData\Packages
2023-08-31 02:17 - 2023-05-09 05:39 - 000000000 ____D C:\ProgramData\Package Cache
2023-08-30 21:29 - 2023-05-29 23:38 - 000000000 ____D C:\Users\ronny\AppData\Local\SimplePatchToolDls
2023-08-30 12:39 - 2023-05-25 11:23 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-08-30 02:32 - 2022-05-25 14:05 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-25 04:28 - 2023-05-04 18:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-25 04:28 - 2022-05-25 14:05 - 000474032 _____ C:\Windows\system32\FNTCACHE.DAT
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\UUS
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemResources
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\oobe
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Dism
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\appraiser
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellExperiences
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellComponents
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\Provisioning
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-08-25 04:27 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\bcastdvr
2023-08-24 19:47 - 2022-05-07 00:17 - 000000000 ____D C:\Windows\CbsTemp
2023-08-24 19:43 - 2022-05-25 14:08 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-08-20 20:25 - 2023-05-02 11:11 - 000000000 ___RD C:\Users\ronny\OneDrive
2023-08-20 01:15 - 2023-05-20 01:39 - 000000000 ____D C:\ProgramData\Paltalk Update
2023-08-20 00:45 - 2023-05-20 01:38 - 000000000 ____D C:\Program Files (x86)\Paltalk
2023-08-18 19:49 - 2023-05-04 18:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-18 19:49 - 2023-05-04 18:22 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-08-10 14:32 - 2023-05-02 07:17 - 000000000 ____D C:\Windows\system32\MRT
2023-08-10 14:26 - 2023-05-02 07:17 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-10 02:41 - 2023-05-02 14:33 - 000001344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Now.lnk
2023-08-10 02:41 - 2022-09-07 00:35 - 000000000 ____D C:\Program Files (x86)\Lenovo

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023
Ran by ronny (08-09-2023 00:21:04)
Running from C:\Users\ronny\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.2215 (X64) (2023-04-27 10:29:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-808004889-1866680771-1985815163-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-808004889-1866680771-1985815163-503 - Limited - Disabled)
Guest (S-1-5-21-808004889-1866680771-1985815163-501 - Limited - Disabled)
ronny (S-1-5-21-808004889-1866680771-1985815163-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-808004889-1866680771-1985815163-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Dwyco CDC-X version 3.76 (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Dwyco CDC-X_is1) (Version: 3.76 - Dwyco, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.142 - Google LLC)
Lenovo Now (HKLM-x32\...\Lenovo Now) (Version: 3.10.0.63 - Lenovo Group Ltd.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
Malwarebytes version 4.6.1.280 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes)
Microsoft .NET Core Host - 3.1.16 (x86) (HKLM-x32\...\{5D887DA9-5C68-400F-8948-1CC517CB9A41}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.16 (x86) (HKLM-x32\...\{A0066D67-1765-4066-B260-DD548A154CB5}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.16 (x86) (HKLM-x32\...\{876E7C98-9A2F-4644-BD03-7E6253D54EFE}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20170 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.69 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.69 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.169.0813.0001 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20170 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{23B1E150-9D20-42E9-ABEA-5F155FE91878}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{eadb038c-8c60-4258-8cf9-e43e809329a4}) (Version: 3.1.16.30112 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 102.14.0 ESR (x64 en-US)) (Version: 102.14.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.11.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 102.14.0.8605 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20170 - Microsoft Corporation) Hidden
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 8.05 - NCH Software)
SuperNova Player (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\TacticsTechnologySuperNova) (Version: - )
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
Warpath (HKLM-x32\...\{proda17b81755cc110c39879a94a4be2}_is1) (Version: 0.1.3 - )
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 17.44 - NCH Software)
WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
Y8 Browser 1.0.10 (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)

Packages:
=========
19363BlueskyStudio.FreeTowerDefence -> C:\Program Files\WindowsApps\19363BlueskyStudio.FreeTowerDefence_1.0.0.6_neutral__ad90gx91p0mxj [2023-07-02] (Bluesky Studio) [MS Ad]
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.3.0.0_x64__0aqw1zw0x2snt [2023-05-02] (韵华软件)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-11] (AMZN Mobile LLC.) [Startup Task]
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m [2023-07-31] (Advanced Micro Devices Inc.) [Startup Task]
Angry Birds 2 -> C:\Program Files\WindowsApps\1ED5AEA5.4160926B82DB_2.63.3.0_x64__p2gbknwb5d8r2 [2023-06-13] (Rovio Entertainment Oyj)
Angry Birds Friends -> C:\Program Files\WindowsApps\1ED5AEA5.AngryBirdsFriends_11.15.0.0_x64__p2gbknwb5d8r2 [2023-08-27] (Rovio Entertainment Oyj)
AutoCAD - DWG Viewer & Editor -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_9.9.0.0_x64__tf1gferkr813w [2023-08-11] (Autodesk Inc.)
B9BA84AC.CityRacing2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.7.0_x64__3ag0hv5nd203a [2023-07-11] (成都羽珀科技有限责任公司) [MS Ad]
Best Bubble Breaker -> C:\Program Files\WindowsApps\29219fast-soft.de.BestBubbleBreaker_1.1.0.5_x64__ef0y5a6dqd4v4 [2023-05-02] (fast-soft.de) [MS Ad]
Bubble Breaker Ultimate -> C:\Program Files\WindowsApps\55591DelaireDamien.BubbleBreakerUltimate_1.0.0.16_x64__823pgb98jhb94 [2023-05-02] (Delaire Damien)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.5.7.0_x86__xcg28tkrsnqww [2023-09-01] (Cool File Viewer)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-05] (Microsoft Corporation)
Crystal Spider Solitaire -> C:\Program Files\WindowsApps\www.solitaireparadise.com-2C6E2B84_1.0.0.0_neutral__hst9cremj4dnc [2023-09-06] (www.solitaireparadise.com)
Defense zone 2 Lite -> C:\Program Files\WindowsApps\10991ArtemKotov.Defensezone2Lite_15.0.0.0_x64__6acec3smeeeap [2023-07-01] (Artem Kotov)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.30201.210.0_x64__rz1tebttyb220 [2023-05-02] (Dolby Laboratories)
DrawPad Graphic Design Editor -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_10.5.1.0_x86__7kedsbyvzns34 [2023-09-01] (NCH Software)
Hexage.RadiantDefense -> C:\Program Files\WindowsApps\Hexage.RadiantDefense_2.3.2.195_x64__zwg7cyx1ds0cc [2023-07-02] (David Peroutka)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-05-26] (Apple Inc.) [Startup Task]
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23075.1229.0_x64__8wekyb3d8bbwe [2023-09-05] (Microsoft Corporation)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2307.14.0_x64__k1h2ywk1493x8 [2023-09-01] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.4.18.0_x64__5grkq8ppsgwt4 [2023-07-21] (LENOVO INC) [Startup Task]
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.17763.200.0_x64__xsbsxxypt8dh6 [2023-09-05] (eyacker.com)
Media Player - All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.15.0_x64__q68sgvev02mx6 [2023-09-05] (Swisspix)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1940.11.196.0_x64__8xx8rvfyw5nnt [2023-09-05] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-05-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-05-02] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24002.0_x64__8wekyb3d8bbwe [2023-08-03] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-05-04] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-06-09] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-06] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-08-31] (Microsoft Corporation)
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2023-09-05] (Keith Lam)
Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_4.0.5.0_neutral__gvheqymwk6zrr [2023-09-05] (Zero Byte) [Startup Task]
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.807.100_x64__8wekyb3d8bbwe [2023-08-14] (Microsoft Corporation)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.7423.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.289.0_x64__dt26b99r8h8gj [2023-05-02] (Realtek Semiconductor Corp)
Secure Folder, Files and Encrypt -> C:\Program Files\WindowsApps\15675MedhaChaitanya.FileLockEncrypt_3.75.63.0_x64__44hy61fym8r9t [2023-05-15] (MedhaChaitanya)
Shadow Defense: Kingdom -> C:\Program Files\WindowsApps\32809xgeneration.ShadowDefenseKingdom_1.1.1.1_x86__f6w2wpjbc1rm8 [2023-05-02] (9xgeneration) [MS Ad]
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2023-05-02] (Fortemedia)
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.16.0_x64__cw5n1h2txyewy [2023-06-25] (Microsoft Windows)
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.4.0_x64__1722q061jff9j [2023-09-05] (Best Game Studio)
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2023-09-05] (LSongBee) [MS Ad]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-08-31] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-808004889-1866680771-1985815163-1001_Classes\CLSID\{92e05f37-158b-585f-c21d-a4a1f0bb32cb}\localserver32 -> "C:\Users\ronny\AppData\Local\OneLaunch\5.17.4\onelaunch.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-09-07 00:24 - 2022-09-07 00:24 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2022-09-07 00:24 - 2022-09-07 00:24 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 00:24 - 2022-05-07 00:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2023-08-17 03:51 - 2023-09-04 12:22 - 000000440 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.160.1 DadsLenovo.mshome.net # 2028 9 6 2 17 22 10 568

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-808004889-1866680771-1985815163-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Desktop\dylan\dylanlap.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\StartupApproved\Run: => "LenovoVantage"
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9D9AE633-487E-47EE-9ABB-F93329736147}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{5263C856-C315-45A8-8005-43FD06AFCCBF}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [TCP Query User{902403D8-6AA8-4293-9CF8-D1C2B9BAD85B}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{374A7204-05B7-41A4-BA55-39C9A916E85C}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [{4C1F91BE-7572-4E98-BA81-004B1378DB60}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5459F704-B488-41D9-8D23-A4E420DCD8AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1B4C2AB4-259B-4108-9C58-38937B064BFD}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [UDP Query User{F06C2850-FCA3-4B1B-ACDE-25494217C6D5}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe (The Qt Company Oy -> )
FirewallRules: [{E3EDE860-0F67-451D-BE03-C6AEA36741C4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{71B947CE-2232-4536-9CED-275C0A74B9A5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{F73C1590-EB36-46BF-8AA7-B2179C9DCB41}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C4A73F9A-046C-43AE-B7F3-7B0F88000012}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1B3C3E06-9262-4E29-85A9-BB18042FF866}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6AC82062-4782-4B12-A794-CD3E9530AB9B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D07AC5D9-6B5D-40A8-A392-F9CDB31E378E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{230EF3D7-17F7-4634-948E-E7F0F05E9349}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{AE7CBB9B-CC7D-44FE-8C4B-8C35717408C5}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{DC7848E6-605A-4E4B-AC77-8D18C598F4CC}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{D783EC16-E9F5-461D-A38D-40AF0068853B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{43B5EADB-8C62-4673-8684-DC1B027E63F4}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{3287DA1C-9BA0-4422-8E2A-7EA266A249B2}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{416B1589-CF28-4433-8572-66C38CC8442A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe (NCH Software Pty Ltd -> NCH Software)
FirewallRules: [{B78A241F-4BE7-4532-8AE2-A7F472C5567F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{89AD5F3C-2F75-4FE8-A619-2D8591B08308}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C0CAA61D-DE29-402A-81E5-3CE4737BB06C}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{2D868E08-A32B-435D-B9F3-443C04EC44EB}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{BCF300D1-3EF0-4AAD-AAEB-0A8B25A03690}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DF0C8204-65B2-4A21-A7F7-944262F5FC38}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{63FA5284-4E74-42E5-A12A-C9F2EA508466}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DEB6C539-F852-4856-B5D8-C51F889B8AF6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{80ED07A7-C02F-440E-8E71-2D762EB8D0B5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78A84B55-1478-4146-A903-3B2D4D313090}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E49501E1-E97B-4977-8CBD-F781BDEBD07E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2307.40000.6.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe (Microsoft Corporation -> )
FirewallRules: [{6E9357A8-5C8D-400C-AAEB-8EA98449D565}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9F653B6-B29D-466E-B48F-67E21EAF2F9F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

07-09-2023 02:59:00 AdwCleaner_BeforeCleaning_07/09/2023_02:58:59

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/07/2023 11:01:44 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 08 Sep 2023 04:02:19 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: e6585c49-7409-4a3b-83b8-2ea154a3e737

Method: GET(1188ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/07/2023 11:01:41 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 08 Sep 2023 04:02:16 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 0a24cef4-a176-4431-9363-4e6582c165f4

Method: GET(1891ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/07/2023 03:03:47 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 08:04:22 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1db5c5ed-18cc-48ac-be31-26ac54490741

Method: GET(1078ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/07/2023 03:03:45 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 08:04:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d013e070-cdef-40dd-b036-a409a7e56e7a

Method: GET(1844ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/06/2023 07:04:34 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 00:05:07 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1764bcab-5dc3-4645-a358-36f6cf468e96

Method: GET(641ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/06/2023 07:04:31 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 00:05:05 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 5e7bbe7c-536f-4657-90a0-9f2bd33a8b88

Method: GET(1031ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (09/06/2023 07:03:41 PM) (Source: System Restore) (EventID: 8205) (User: )
Description: System Restore did not complete because there was not enough free space on the volume: (AdwCleaner_BeforeCleaning_06/09/2023_15:49:33).

Error: (09/06/2023 04:41:02 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 06 Sep 2023 21:41:36 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: ce0538c7-d256-4e18-b855-f777437a743e

Method: GET(2000ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)


System errors:
=============
Error: (09/07/2023 10:58:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ImControllerService service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/07/2023 10:49:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.

Error: (09/07/2023 03:01:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ImControllerService service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/07/2023 02:59:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/07/2023 02:59:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Lenovo Fn and function keys service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/07/2023 02:59:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Lenovo Notebook ITS Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2023 02:59:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/07/2023 02:59:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fortemedia APO Control Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================
Date: 2023-05-07 12:31:47
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-06 12:33:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-05 11:32:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-04 14:36:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-03 12:18:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2023-08-16 01:29:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.395.469.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23070.1005
Error code: 0x80080005
Error description: Server execution failed

Date: 2023-07-12 03:11:50
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion.
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.

CodeIntegrity:
===============
Date: 2023-09-05 14:57:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-09-02 16:33:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO HQCN15WW(V1.04) 05/30/2022
Motherboard: LENOVO LNVNB161216
Processor: AMD Athlon Silver 3050U with Radeon Graphics
Percentage of memory in use: 35%
Total physical RAM: 18366.32 MB
Available physical RAM: 11773.12 MB
Total Virtual: 21182.32 MB
Available Virtual: 13056.13 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:114.26 GB) (Free:15.38 GB) (Model: SanDisk DA4128) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:931.38 GB) (Model: KINGSTON SNV2S1000G) NTFS

\\?\Volume{97b95e27-64b2-4e61-bbdd-73e5a9f4cb99}\ (WINRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.26 GB) NTFS
\\?\Volume{cba30f47-dd2a-44a1-9639-590333b5b11a}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DEB2E40B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 116.5 GB) (Disk ID: CD2244AA)

Partition: GPT.

==================== End of Addition.txt =======================

the pc seems yo be running as well as it ever has, start ups and restarts are quicker. thank you!

 

[DR M]

Hello. No, you didn't delete the quarantine the detected files. And after you quarantine them, you must post the clean log.

• Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)

I'll wait to see that log before I give further instructions.

 

[rb56]

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-07-2023
# Duration: 00:00:05
# OS: Windows 11 (Build 22621.2215)
# Cleaned: 1
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoIMController Folder C:\Users\ronny\AppData\Local\LENOVO\IMCONTROLLER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1875 octets] - [07/05/2023 10:12:45]
AdwCleaner[S01].txt - [2006 octets] - [06/09/2023 11:17:21]
AdwCleaner[S02].txt - [2067 octets] - [06/09/2023 15:42:45]
AdwCleaner[C02].txt - [2282 octets] - [06/09/2023 15:49:59]
AdwCleaner[S03].txt - [1725 octets] - [07/09/2023 02:52:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########

 

[DR M]

I wonder what the AdwCleaner detects without showing it in your last scans.

Please run it once again, as you did before and post the log here. I would like to check something.

After that:


FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
Task: {41693172-B4B8-425A-9EF8-E9C13D37E0B8} - \Lenovo\ImController\TimeBasedEvents\5f07977f-3815-4ee5-855b-306cbc3c5a79 -> No File <==== ATTENTION
Task: {ACD02964-DE87-4864-983C-7C9AF6057FCC} - \Lenovo\ImController\TimeBasedEvents\7ab85bbe-7f77-46f1-a234-26cf5d8e7c29 -> No File <==== ATTENTION
Task: {FEA14AC7-AA3E-4BF6-84D2-EF61C77A9622} - \Lenovo\ImController\TimeBasedEvents\719b49d1-4860-4da4-8d18-c888d1913ae4 -> No File <==== ATTENTION
Task: {FF05BE42-8151-4524-A315-763A35F988FA} - \Lenovo\ImController\TimeBasedEvents\2f926370-e567-4896-ac87-7df810eb1266 -> No File <==== ATTENTION
Task: {6738BAF3-0544-4451-8119-FF0B5B097EA5} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {CF454C0D-6E2B-4A87-8D2D-71348819A537} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {BFBCF6BA-F285-4B98-A18D-31CAE2F0EC41} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {4B8B0A31-52EE-4D06-8D84-5A0A033587BF} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {BB3E2DB3-0D8E-4B0F-9D43-2552A2C32647} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {8DCEB4A9-5EF1-461A-B0AA-294BBA808D18} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0AC0E58F-191C-48C4-8580-52BDE7FC52AC} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {D223C2A4-C255-4FBB-A50A-C89E6E91E76C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {D3A82A99-151E-49E6-8A11-30B0811F6530} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {11F0E20D-248C-463D-8316-5049C8D2190F} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {F4E2E59E-9DAD-4A3D-97EF-DD295F8255C2} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {428B6292-EA82-4A16-AF9E-E96DF6074A4D} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Edge Notifications: Default -> hxxps://9110e9zj25mj6e14.qodks.co.in; hxxps://adultfriendfinder.com; hxxps://www.facebook.com; hxxps://www.msn.com; hxxps://www.ufreegames.com; hxxps://www.xvideos.com
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
CMD: type C:\Profile.txt
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

[rb56]

ok dr. sorry so late...

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-09-2023
# Duration: 00:00:47
# OS: Windows 11 (Build 22621.2215)
# Scanned: 32109
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\Users\ronny\AppData\Local\LENOVO\IMCONTROLLER


AdwCleaner[S00].txt - [1875 octets] - [07/05/2023 10:12:45]
AdwCleaner[S01].txt - [2006 octets] - [06/09/2023 11:17:21]
AdwCleaner[S02].txt - [2067 octets] - [06/09/2023 15:42:45]
AdwCleaner[C02].txt - [2282 octets] - [06/09/2023 15:49:59]
AdwCleaner[S03].txt - [1725 octets] - [07/09/2023 02:52:12]
AdwCleaner[C03].txt - [1926 octets] - [07/09/2023 02:59:24]
AdwCleaner[S04].txt - [1847 octets] - [07/09/2023 22:51:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S05].txt ##########


----------------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023
Ran by ronny (09-09-2023 01:13:56) Run:2
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Task: {41693172-B4B8-425A-9EF8-E9C13D37E0B8} - \Lenovo\ImController\TimeBasedEvents\5f07977f-3815-4ee5-855b-306cbc3c5a79 -> No File <==== ATTENTION
Task: {ACD02964-DE87-4864-983C-7C9AF6057FCC} - \Lenovo\ImController\TimeBasedEvents\7ab85bbe-7f77-46f1-a234-26cf5d8e7c29 -> No File <==== ATTENTION
Task: {FEA14AC7-AA3E-4BF6-84D2-EF61C77A9622} - \Lenovo\ImController\TimeBasedEvents\719b49d1-4860-4da4-8d18-c888d1913ae4 -> No File <==== ATTENTION
Task: {FF05BE42-8151-4524-A315-763A35F988FA} - \Lenovo\ImController\TimeBasedEvents\2f926370-e567-4896-ac87-7df810eb1266 -> No File <==== ATTENTION
Task: {6738BAF3-0544-4451-8119-FF0B5B097EA5} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {CF454C0D-6E2B-4A87-8D2D-71348819A537} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {BFBCF6BA-F285-4B98-A18D-31CAE2F0EC41} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {4B8B0A31-52EE-4D06-8D84-5A0A033587BF} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {BB3E2DB3-0D8E-4B0F-9D43-2552A2C32647} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {8DCEB4A9-5EF1-461A-B0AA-294BBA808D18} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0AC0E58F-191C-48C4-8580-52BDE7FC52AC} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {D223C2A4-C255-4FBB-A50A-C89E6E91E76C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {D3A82A99-151E-49E6-8A11-30B0811F6530} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {11F0E20D-248C-463D-8316-5049C8D2190F} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {F4E2E59E-9DAD-4A3D-97EF-DD295F8255C2} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {428B6292-EA82-4A16-AF9E-E96DF6074A4D} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Edge Notifications: Default -> hxxps://9110e9zj25mj6e14.qodks.co.in; hxxps://adultfriendfinder.com; hxxps://www.facebook.com; hxxps://www.msn.com; hxxps://www.ufreegames.com; hxxps://www.xvideos.com
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
CMD: type C:\Profile.txt
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
End::
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41693172-B4B8-425A-9EF8-E9C13D37E0B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41693172-B4B8-425A-9EF8-E9C13D37E0B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\5f07977f-3815-4ee5-855b-306cbc3c5a79" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACD02964-DE87-4864-983C-7C9AF6057FCC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACD02964-DE87-4864-983C-7C9AF6057FCC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\7ab85bbe-7f77-46f1-a234-26cf5d8e7c29" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEA14AC7-AA3E-4BF6-84D2-EF61C77A9622}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEA14AC7-AA3E-4BF6-84D2-EF61C77A9622}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\719b49d1-4860-4da4-8d18-c888d1913ae4" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF05BE42-8151-4524-A315-763A35F988FA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF05BE42-8151-4524-A315-763A35F988FA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\2f926370-e567-4896-ac87-7df810eb1266" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6738BAF3-0544-4451-8119-FF0B5B097EA5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6738BAF3-0544-4451-8119-FF0B5B097EA5}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF454C0D-6E2B-4A87-8D2D-71348819A537}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF454C0D-6E2B-4A87-8D2D-71348819A537}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\DailyTelemetryTransmission" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFBCF6BA-F285-4B98-A18D-31CAE2F0EC41}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFBCF6BA-F285-4B98-A18D-31CAE2F0EC41}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\GenericMessagingAddin" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B8B0A31-52EE-4D06-8D84-5A0A033587BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B8B0A31-52EE-4D06-8D84-5A0A033587BF}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB3E2DB3-0D8E-4B0F-9D43-2552A2C32647}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB3E2DB3-0D8E-4B0F-9D43-2552A2C32647}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DCEB4A9-5EF1-461A-B0AA-294BBA808D18}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DCEB4A9-5EF1-461A-B0AA-294BBA808D18}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AC0E58F-191C-48C4-8580-52BDE7FC52AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AC0E58F-191C-48C4-8580-52BDE7FC52AC}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D223C2A4-C255-4FBB-A50A-C89E6E91E76C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D223C2A4-C255-4FBB-A50A-C89E6E91E76C}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3A82A99-151E-49E6-8A11-30B0811F6530}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3A82A99-151E-49E6-8A11-30B0811F6530}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11F0E20D-248C-463D-8316-5049C8D2190F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F0E20D-248C-463D-8316-5049C8D2190F}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4E2E59E-9DAD-4A3D-97EF-DD295F8255C2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4E2E59E-9DAD-4A3D-97EF-DD295F8255C2}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{428B6292-EA82-4A16-AF9E-E96DF6074A4D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{428B6292-EA82-4A16-AF9E-E96DF6074A4D}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask" => removed successfully
"Edge Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\ImControllerService => removed successfully
ImControllerService => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removed successfully
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removed successfully

========= type C:\Profile.txt =========

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
00,61,00,75,00,6c,00,74,00,00,00
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
6c,00,69,00,63,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,\
00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-808004889-1866680771-1985815163-1001]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,72,00,6f,00,6e,00,6e,00,79,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,19,2d,29,30,c3,49,43,6f,7b,22,5d,\
76,e9,03,00,00
"LocalProfileLoadTimeLow"=dword:9880e360
"LocalProfileLoadTimeHigh"=dword:01d9dff2
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:1aecf511
"LocalProfileUnloadTimeHigh"=dword:01d9dfdb
"RunLogonScriptSync"=dword:00000000



========= End of CMD: =========


========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.22621.1

Image Version: 10.0.22621.2215


[== 3.8% ]

[== 3.9% ]

[== 4.1% ]

[== 4.3% ]

[== 4.4% ]

[== 4.6% ]

[== 4.7% ]

[== 4.8% ]

[== 5.1% ]

[=== 5.2% ]

[=== 5.4% ]

[=== 5.6% ]

[=== 5.6% ]

[=== 5.6% ]

[=== 6.0% ]

[=== 6.3% ]

[=== 6.3% ]

[=== 6.7% ]

[=== 6.7% ]

[==== 7.3% ]

[==== 7.5% ]

[==== 7.9% ]

[===== 8.9% ]

[===== 9.9% ]

[====== 10.9% ]

[====== 11.8% ]

[======= 12.3% ]

[======= 12.8% ]

[======= 13.6% ]

[======== 14.0% ]

[======== 14.9% ]

[========= 15.5% ]

[========= 16.5% ]

[========== 17.5% ]

[========== 18.5% ]

[=========== 19.0% ]

[=========== 19.3% ]

[=========== 19.9% ]

[=========== 20.2% ]

[=========== 20.5% ]

[============ 21.0% ]

[============ 21.4% ]

[============ 21.8% ]

[============ 22.3% ]

[============= 22.4% ]

[============= 22.4% ]

[============= 22.5% ]

[============= 22.6% ]

[============= 22.7% ]

[============= 23.3% ]

[============= 23.3% ]

[============= 23.8% ]

[============== 24.2% ]

[============== 24.8% ]

[============== 25.1% ]

[============== 25.7% ]

[=============== 26.2% ]

[=============== 26.5% ]

[=============== 27.1% ]

[=============== 27.5% ]

[================ 28.4% ]

[================ 28.7% ]

[================ 29.0% ]

[================= 29.4% ]

[================= 30.0% ]

[================= 30.6% ]

[================= 30.9% ]

[================== 31.1% ]

[================== 31.2% ]

[================== 31.2% ]

[================== 31.2% ]

[================== 31.3% ]

[================== 31.5% ]

[================== 31.7% ]

[================== 32.4% ]

[=================== 32.8% ]

[=================== 33.3% ]

[=================== 33.5% ]

[=================== 33.7% ]

[=================== 34.0% ]

[=================== 34.1% ]

[=================== 34.2% ]

[=================== 34.3% ]

[==================== 35.0% ]

[==================== 35.3% ]

[==================== 35.4% ]

[==================== 35.6% ]

[==================== 35.6% ]

[==================== 35.7% ]

[==================== 35.8% ]

[==================== 35.8% ]

[==================== 35.9% ]

[==================== 36.0% ]

[==================== 36.1% ]

[==================== 36.2% ]

[===================== 36.3% ]

[===================== 36.6% ]

[===================== 36.7% ]

[===================== 37.0% ]

[===================== 37.3% ]

[===================== 37.4% ]

[===================== 37.7% ]

[===================== 37.9% ]

[====================== 38.2% ]

[====================== 38.3% ]

[====================== 38.6% ]

[====================== 38.7% ]

[====================== 38.8% ]

[====================== 38.9% ]

[====================== 39.0% ]

[====================== 39.5% ]

[====================== 39.6% ]

[======================= 39.7% ]

[======================= 40.1% ]

[======================= 40.5% ]

[======================= 40.8% ]

[======================= 41.1% ]

[======================= 41.3% ]

[======================= 41.4% ]

[======================= 41.4% ]

[======================== 41.4% ]

[======================== 41.5% ]

[======================== 41.5% ]

[======================== 41.7% ]

[======================== 41.7% ]

[======================== 41.8% ]

[======================== 41.9% ]

[======================== 42.0% ]

[======================== 42.1% ]

[======================== 42.1% ]

[======================== 42.3% ]

[======================== 42.3% ]

[======================== 42.5% ]

[======================== 42.6% ]

[======================== 42.6% ]

[======================== 42.6% ]

[======================== 42.7% ]

[======================== 42.9% ]

[======================== 42.9% ]

[======================== 43.0% ]

[======================== 43.0% ]

[======================== 43.1% ]

[========================= 43.2% ]

[========================= 43.3% ]

[========================= 43.4% ]

[========================= 43.4% ]

[========================= 43.6% ]

[========================= 43.8% ]

[========================= 43.8% ]

[========================= 43.9% ]

[========================= 43.9% ]

[========================= 43.9% ]

[========================= 44.2% ]

[========================= 44.2% ]

[========================= 44.3% ]

[========================= 44.5% ]

[========================= 44.5% ]

[========================= 44.5% ]

[========================= 44.6% ]

[========================= 44.8% ]

[========================== 44.9% ]

[========================== 45.1% ]

[========================== 45.1% ]

[========================== 45.1% ]

[========================== 45.3% ]

[========================== 45.4% ]

[========================== 45.4% ]

[========================== 45.7% ]

[========================== 46.0% ]

[========================== 46.0% ]

[========================== 46.2% ]

[========================== 46.3% ]

[===========================46.6% ]

[===========================46.7% ]

[===========================47.1% ]

[===========================47.6% ]

[===========================48.2% ]

[===========================49.1% ]

[===========================49.7% ]

[===========================50.3% ]

[===========================51.1% ]

[===========================51.5% ]

[===========================52.2% ]

[===========================52.9% ]

[===========================53.7% ]

[===========================53.8% ]

[===========================54.0% ]

[===========================54.2% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================54.7% ]

[===========================54.8% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.0% ]

[===========================55.1% ]

[===========================55.1% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.3% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.5% ]

[===========================55.6% ]

[===========================55.6% ]

[===========================55.7% ]

[===========================55.7% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================55.8% ]

[===========================55.8% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================55.9% ]

[===========================56.0% ]

[===========================56.1% ]

[===========================56.1% ]

[===========================56.1% ]

[===========================56.2% ]

[===========================56.2% ]

[===========================56.2% ]

[===========================56.3% ]

[===========================56.3% ]

[===========================56.4% ]

[===========================56.5% ]

[===========================56.5% ]

[===========================56.5% ]

[===========================56.6% ]

[===========================56.6% ]

[===========================56.7% ]

[===========================56.7% ]

[===========================56.8% ]

[===========================56.8% ]

[===========================56.8% ]

[===========================56.8% ]

[===========================56.9%= ]

[===========================57.0%= ]

[===========================57.0%= ]

[===========================57.1%= ]

[===========================57.3%= ]

[===========================57.4%= ]

[===========================57.5%= ]

[===========================57.6%= ]

[===========================58.1%= ]

[===========================58.2%= ]

[===========================58.3%= ]

[===========================59.0%== ]

[===========================59.4%== ]

[===========================59.8%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.


========= End of CMD: =========


========= SFC /scannow =========


Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 01:35:20 ====

 

[DR M]

The suspicion about a corrupted profile account, which could lead to your initial problem is not confirmed, so for now, everything is fine.

What makes me wonder, is why AdwCleaner continues to detect IMController folder plus something else which is not appearing in the log.

IMController is not something to worry about, of course, and you can delete the folder by your own. It is located here: C:\Users\ronny\AppData\Local\LENOVO\IMCONTROLLER

You must enable View hidden files and folders option first: View hidden files and folders in Windows - Microsoft Support

Just to be sure that everything is clean:

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

[rb56]

ok dr. as the scanner d'loaded it gave 13 pop ups that a driver can't load on this device but by the time the pop ups stopped the scanner was up and running so i ran it. from what i could tell from eset and microsoft it had no real bearing on detection.

9/9/2023 14:44:53 PM
Files scanned: 293794
Detected files: 0
Cleaned files: 0
Total scan time: 01:49:41
Scan status: Finished

 

[DR M]

OK!

So, the computer is now clean.

Are there any other issues/questions/concerns regarding this computer?

 

[rb56]

no dr. everything here feels fine. i hope i don't need to but i'll return if there is a problem come up. so i can just delete the reports and software? on moving files from C to D i just copy and paste?

 

[DR M]

Hi.

Yes, copy/paste files from one disk to the other is OK.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

 

[rb56]

ok dr. i'll run it and move some files, thanks again for your patience and help.

 

[DR M]

Any news here?

 

[DR M]

Since the computer is clean now, I'll mark the topic as Solved. Glad we could help.