ok dr., i have to go to the dr. myself so i might be through for the day...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2023
Ran by ronny (administrator) on DADSLENOVO (LENOVO 82R1) (03-10-2023 13:59:26)
Running from C:\Users\ronny\OneDrive\Desktop\FRST64.exe
Loaded Profiles: ronny
Platform: Microsoft Windows 11 Home Version 22H2 22621.2361 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> The Qt Company Ltd.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngineProcess.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe <7>
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\FnHotkeyUtility.exe
(DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.Paint_11.2304.33.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2307.27.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <28>
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\atiesrxx.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (PALTALK, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2309.1002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_8b8f1bcdf16553b6\RtkAudUService64.exe [1643360 2023-02-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [LenovoVantage] => C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.35\LenovoVantage.exe [23976 2023-06-14] (Lenovo -> Lenovo)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Run: [MicrosoftEdgeAutoLaunch_48A1A4294CCEB77515622EF96F55E31B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Paltalk] => "C:\Program Files (x86)\Paltalk\Paltalk.exe" minimized (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-12] (Google LLC -> Google LLC)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2023-06-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {095B292E-1FFD-47D1-87EB-9415212241BC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {F8378F44-E924-44D1-A741-C66B701234DC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {E4E9FEF9-DE5A-448B-A2E0-A6EAFF3CB452} - System32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c (No File)
Task: {9AD0AA72-7CC0-4790-BA6A-B7D1F8222155} - System32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (No File)
Task: {84A29AC9-EB7F-4C28-934D-4EB13C5EBA03} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe BatteryGaugeAddinDailyScheduleTask (No File)
Task: {E856AD4B-FB9E-41D3-92B5-78B5A30A08AC} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe DailyTelemetryTransmission (No File)
Task: {35877514-ADC0-4E9E-BE21-CCAB84F93032} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe GenericMessagingAddin (No File)
Task: {59E77B03-FE27-432B-B3A7-2292B1D06503} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (No File)
Task: {22278E05-5A2F-4C8F-B900-8F6A83A7557F} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe IdeaNotebookAddinDailyEvent (No File)
Task: {90573BDF-9B27-408C-83F0-73FF2073C773} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.MonthlyReport (No File)
Task: {1DC02616-FB4E-4EA5-8E06-5E85529F82E6} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.SScan (No File)
Task: {3F158CA8-4CBC-42B1-B81B-C1D39B18125C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoBoostAddin.Prompt (No File)
Task: {12726F46-58A1-4E5A-B4DD-2C502EDB4E40} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoCompanionAppAddinDailyScheduleTask (No File)
Task: {CE117F0F-8948-4D1A-A842-535F4BCD68B6} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoSystemUpdateAddin_WeeklyTask (No File)
Task: {3A019985-964D-4E80-9633-BF127FBBF263} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SettingsWidgetAddinDailyScheduleTask (No File)
Task: {8F779427-C0B3-4C6E-9536-A80347F2139D} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SmartPerformance.ExpireReminder (No File)
Task: {932E342A-DFDE-48B7-8D55-CFAEA0684563} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe VantageCoreAddinWeekScheduleTask (No File)
Task: {545BDD1F-4C81-4E0C-B83D-64FEF3FCCEA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {18DC19D6-7BA2-48CF-A179-23D49CBC8E99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {70BE69D4-BDFA-40EC-9C13-3740656C2F59} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F6FF2E0-EEA9-4986-88B9-355FAA7829D7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB19E30A-25B4-40AB-84B9-3803F1093B85} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5C980847-1C45-4780-94F6-6401F6E9EAF5} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
Task: {2A9E4063-351A-4E4C-AAD3-294F274CFFF7} - System32\Tasks\Microsoft\Windows\PLA\RPT863C.tmp => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\Windows\system32\pla.dll [1552384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {24E178C5-1D19-43AC-8F81-7514BBAE1825} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9E6A901-E8D6-4D7B-85AB-BD7D91910055} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BDEEC90E-5E03-4B65-98F9-AEB75D753B5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F527D7E2-239F-43E5-8F04-B2EC8DD81470} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A73DBF5C-044E-4D66-BDA1-9DD15CDB4CA7} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [635296 2023-09-30] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1172AD74-F866-4F8C-87D0-2155120F3FDB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [767392 2023-09-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {9B215CAB-BAB9-417C-8944-BA9EB6A33CF4} - System32\Tasks\NCH Software\RecordpadSevenDays => C:\Program Files (x86)\NCH Software\Recordpad\Recordpad.exe [1911368 2020-05-14] (NCH Software, Inc. -> NCH Software)
Task: {F003B2BD-6376-43AC-99AF-96B59A96C8A8} - System32\Tasks\NCH Software\SoundTapSevenDays => C:\Program Files (x86)\NCH Software\SoundTap\SoundTap.exe [1215200 2022-08-31] (NCH Software, Inc. -> NCH Software)
Task: {2AFFA9EF-3D1A-48D1-A0FB-5234B2FA0F50} - System32\Tasks\NCH Software\WavePadSevenDays => C:\Program Files (x86)\NCH Software\WavePad\WavePad.exe [7082152 2023-09-29] (NCH Software, Inc. -> NCH Software)
Task: {CB5E1DD3-0BD0-4253-9338-D92D0E4DCE5A} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {16F21AAA-B402-426E-BFAF-D49171E07F75} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89ebeca7-a551-40b5-89d1-3144d4422878}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b06834c6-f58e-4ab5-babd-daefa009e8f0}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-03]
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.lightinthebox.com
Edge HomePage: Default -> hxxp://www.msn.com/
Edge Extension: (Fluffy Edge) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\apemkbfhckbmmmgjdmjaommgnehfkhmm [2023-09-17]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-09-06]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-13]
Edge Extension: (uBlock Origin) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-09-28]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 2\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]
Edge Profile: C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2023-06-02]
Edge Extension: (Edge relevant text changes) - C:\Users\ronny\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-01]
FireFox:
========
FF DefaultProfile: wnlx72mi.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\wnlx72mi.default [2023-09-05]
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\mmlaijvy.default-esr [2023-09-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default [2023-09-05]
CHR Extension: (Google Docs Offline) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-02]
CHR Extension: (SuperNova SWF Enabler) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2023-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-02]
CHR HKU\S-1-5-21-808004889-1866680771-1985815163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhmphnocemakkjdampibehejoaleebpo]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
S3 CloudBackupRestoreSvc; C:\Windows\System32\CloudRestoreLauncher.dll [1261568 2023-09-26] (Microsoft Windows -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe [2360336 2023-01-18] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [891336 2023-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_9c2a9014dc4e8797\LenovoUtilityService.exe [295904 2023-08-17] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1831672 2022-08-17] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287960 2023-09-26] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1336624 2023-04-24] (PALTALK, INC. -> AVM Software)
R2 UDCService; C:\Windows\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72944 2023-06-15] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsaService; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2308.40000.3.0_x64__8wekyb3d8bbwe\WsaService\WsaService.exe [244736 2023-10-03] (Microsoft Corporation -> )
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 VRSService; "C:\Program Files (x86)\NCH Software\VRS\vrs.exe" -service [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [35344 2022-09-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0386004.inf_amd64_1e67c8d8a52858e9\B385477\amdkmdag.sys [94633360 2022-11-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\Windows\System32\drivers\fse.sys [218464 2023-05-02] (Microsoft Windows -> Microsoft Corporation)
S3 iriuna0; C:\Windows\system32\drivers\iriuna0.sys [46976 2021-04-06] (Iriun Oy -> Windows (R) Win 7 DDK provider)
S3 iriunvid; C:\Windows\System32\DriverStore\FileRepository\iriunvid.inf_amd64_daa9f7b9ae89ea8c\iriunvid.sys [164976 2023-01-10] (Iriun Oy -> Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2023-10-03] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-10-03] (Malwarebytes Inc. -> Malwarebytes)
S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\Windows\system32\DRIVERS\stdriverx64.sys [54664 2023-10-03] (NCH Software Pty Ltd -> )
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-08-24] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-07-02] (Microsoft Windows -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-03 13:58 - 2023-10-03 13:58 - 002382848 _____ (Farbar) C:\Users\ronny\Downloads\Unconfirmed 968347.crdownload
2023-10-03 01:40 - 2023-10-03 01:40 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2023-10-03 01:40 - 2023-10-03 01:40 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-10-03 01:39 - 2023-10-03 01:39 - 000054664 _____ C:\Windows\system32\Drivers\stdriverx64.sys
2023-10-03 01:39 - 2023-10-03 01:39 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2023-10-03 01:39 - 2023-10-03 01:39 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2023-10-03 01:39 - 2023-10-03 01:39 - 000001238 _____ C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
2023-10-03 01:39 - 2023-10-03 01:39 - 000000000 ____D C:\Users\ronny\NCH Software Suite
2023-10-03 01:34 - 2023-10-03 01:34 - 000000000 ____D C:\XboxGames
2023-10-01 17:29 - 2023-10-01 17:29 - 000000000 ____D C:\Users\ronny\AppData\Local\Backup
2023-10-01 13:01 - 2023-10-03 14:00 - 000000000 ____D C:\FRST
2023-09-30 07:04 - 2023-09-30 07:04 - 003145032 _____ (OneLaunch ) C:\Users\ronny\Downloads\Unconfirmed 737454.crdownload
2023-09-29 17:35 - 2023-09-29 17:35 - 003749745 _____ C:\Users\ronny\Downloads\Magnolia Wind-accompaniment-Eb major-69bpm-441hz.m4a.crdownload
2023-09-29 16:36 - 2023-06-27 11:39 - 000000174 ____R C:\Users\ronny\OneDrive\Documents\me.url
2023-09-29 15:28 - 2023-10-03 01:39 - 000000000 ____D C:\Program Files (x86)\NCH Software
2023-09-29 15:24 - 2023-09-29 15:24 - 000892128 _____ (NCH Software) C:\Users\ronny\Downloads\Unconfirmed 861032.crdownload
2023-09-28 03:05 - 2023-09-28 03:05 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2023-09-27 01:29 - 2023-09-27 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pocket Tanks
2023-09-26 20:43 - 2023-09-26 20:43 - 000060462 _____ C:\Windows\SysWOW64\ctac.json
2023-09-26 20:42 - 2023-09-26 20:42 - 000060462 _____ C:\Windows\system32\ctac.json
2023-09-26 20:42 - 2023-09-26 20:42 - 000016239 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-09-25 11:18 - 2023-09-25 11:18 - 000000000 ___HD C:\$SysReset
2023-09-15 03:18 - 2023-09-15 03:18 - 000003511 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Last Castle.lnk
2023-09-15 02:42 - 2023-09-15 02:42 - 000003671 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tactic Defense.lnk
2023-09-14 05:58 - 2023-09-14 05:58 - 000003551 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jamata Tower Defense Free.lnk
2023-09-14 05:24 - 2023-09-14 05:24 - 000003691 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tower Raiders 2 FREE.lnk
2023-09-14 05:19 - 2023-09-14 05:19 - 000003503 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Appstore.lnk
2023-09-13 02:35 - 2023-09-13 02:35 - 000030503 _____ C:\Users\ronny\Downloads\download.jfif
2023-09-12 20:19 - 2023-09-12 20:19 - 000000000 ____D C:\KPRM
2023-09-09 14:44 - 2023-09-09 14:44 - 000003848 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2023-09-09 14:44 - 2023-09-09 14:44 - 000003406 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2023-09-09 12:22 - 2023-09-12 20:20 - 000000000 ____D C:\Users\ronny\AppData\Local\ESET
2023-09-05 14:43 - 2023-10-02 13:06 - 000006128 _____ C:\Profile.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-10-03 13:55 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-03 13:21 - 2022-05-25 14:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-03 08:04 - 2023-05-17 23:43 - 000000000 ____D C:\Users\ronny\AppData\Local\Malwarebytes
2023-10-03 07:49 - 2023-05-04 18:13 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2023-10-03 07:33 - 2023-06-25 16:05 - 000004148 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{52507B6B-D19B-4D56-B70B-4DAF891436AC}
2023-10-03 01:51 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemTemp
2023-10-03 01:49 - 2022-09-07 00:43 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-03 01:49 - 2022-05-07 00:22 - 000000000 ____D C:\Windows\INF
2023-10-03 01:40 - 2022-05-25 14:05 - 000012288 ___SH C:\DumpStack.log.tmp
2023-10-03 01:40 - 2022-05-25 14:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-03 01:40 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ServiceState
2023-10-03 01:40 - 2022-05-07 00:17 - 000786432 _____ C:\Windows\system32\config\BBI
2023-10-03 01:39 - 2023-05-08 09:16 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software
2023-10-03 01:39 - 2023-05-04 14:52 - 000000000 ____D C:\ProgramData\NCH Software
2023-10-03 01:39 - 2023-05-02 09:32 - 000000000 ____D C:\Users\ronny
2023-10-03 01:06 - 2023-05-20 01:38 - 000000000 ____D C:\Program Files (x86)\Paltalk
2023-10-03 00:40 - 2022-05-07 00:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-03 00:40 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\AppReadiness
2023-10-03 00:29 - 2023-08-17 03:51 - 000000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2023-10-03 00:29 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\D3DSCache
2023-10-02 17:49 - 2023-06-06 14:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-10-02 17:19 - 2022-05-07 00:17 - 000000000 ____D C:\Windows\CbsTemp
2023-10-02 11:58 - 2023-05-27 10:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-10-02 00:10 - 2023-05-08 12:53 - 000000000 ____D C:\Users\ronny\AppData\Local\CrashDumps
2023-10-01 22:20 - 2023-05-02 09:35 - 853094400 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.sql
2023-10-01 21:50 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\LiveKernelReports
2023-10-01 17:27 - 2023-05-08 09:16 - 000001380 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2023-10-01 17:27 - 2023-05-08 09:16 - 000001242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RecordPad Sound Recorder.lnk
2023-10-01 17:27 - 2023-05-08 09:16 - 000001230 _____ C:\Users\Public\Desktop\RecordPad Sound Recorder.lnk
2023-10-01 14:46 - 2023-05-08 09:16 - 000000000 ____D C:\Users\ronny\AppData\Roaming\NCH Software
2023-10-01 14:45 - 2023-05-16 22:44 - 000001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
2023-10-01 14:45 - 2023-05-16 22:44 - 000001320 _____ C:\Users\Public\Desktop\WavePad Sound Editor.lnk
2023-10-01 12:34 - 2022-05-25 14:06 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-01 12:29 - 2022-05-07 00:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-10-01 12:19 - 2023-05-27 10:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-10-01 12:19 - 2023-05-27 10:59 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-01 12:19 - 2023-05-02 11:11 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-808004889-1866680771-1985815163-1001
2023-10-01 12:12 - 2022-05-25 14:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-09-30 16:50 - 2023-05-04 18:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-30 16:50 - 2023-05-04 18:22 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-09-29 17:14 - 2023-05-02 11:11 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2023-09-29 17:14 - 2023-05-02 11:08 - 000000000 ____D C:\Users\ronny\AppData\Local\Packages
2023-09-29 16:36 - 2023-05-02 11:11 - 000000000 ___RD C:\Users\ronny\OneDrive
2023-09-29 04:57 - 2023-05-02 09:35 - 848510976 _____ C:\Users\ronny\OneDrive\Documents\dwyco-backup-diff-4f327a72b482cdf01566.old.sql
2023-09-28 07:29 - 2023-05-25 11:23 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-09-28 03:06 - 2022-05-25 14:05 - 000474032 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\UUS
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\SystemResources
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\setup
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\oobe
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\migwiz
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\Dism
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\ShellComponents
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\Provisioning
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-28 03:05 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\bcastdvr
2023-09-27 01:29 - 2023-05-02 11:13 - 000000000 ____D C:\Users\ronny\OneDrive\Documents\My Games
2023-09-26 21:30 - 2022-05-07 00:24 - 000000000 ____D C:\Windows\system32\NDF
2023-09-26 20:59 - 2022-05-07 00:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-26 20:55 - 2022-05-25 14:06 - 000000000 ____D C:\ProgramData\Packages
2023-09-26 20:43 - 2022-05-25 14:08 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-17 14:57 - 2022-09-07 00:24 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-15 03:06 - 2022-05-25 14:06 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-09-15 03:06 - 2022-05-25 14:06 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-09-14 14:56 - 2023-05-02 07:17 - 000000000 ____D C:\Windows\system32\MRT
2023-09-14 14:52 - 2023-05-02 07:17 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-14 07:33 - 2023-05-06 17:22 - 002688512 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2023-09-14 07:33 - 2023-05-06 17:22 - 000095848 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2023-09-14 07:33 - 2023-05-06 17:22 - 000075368 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2023-09-14 07:32 - 2023-05-06 17:22 - 000483328 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2023-09-14 07:32 - 2023-05-06 17:22 - 000210536 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2023-09-14 07:32 - 2023-05-06 17:22 - 000181864 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2023-09-14 07:32 - 2023-05-06 17:22 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2023-09-14 06:27 - 2022-09-07 00:35 - 000000000 ____D C:\Program Files (x86)\Lenovo
2023-09-12 14:08 - 2023-09-02 16:23 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-12 14:08 - 2023-09-02 16:23 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-07 03:10 - 2023-05-02 11:17 - 000000000 ____D C:\Users\ronny\AppData\Local\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\Windows\Lenovo
2023-09-06 15:49 - 2022-09-07 00:23 - 000000000 ____D C:\ProgramData\Lenovo
2023-09-06 11:24 - 2022-05-07 00:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-09-06 01:53 - 2023-05-02 07:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-09-05 17:53 - 2023-05-02 16:49 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dwyco CDC-X
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2023
Ran by ronny (03-10-2023 14:01:57)
Running from C:\Users\ronny\OneDrive\Desktop
Microsoft Windows 11 Home Version 22H2 22621.2361 (X64) (2023-04-27 10:29:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-808004889-1866680771-1985815163-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-808004889-1866680771-1985815163-503 - Limited - Disabled)
Guest (S-1-5-21-808004889-1866680771-1985815163-501 - Limited - Disabled)
ronny (S-1-5-21-808004889-1866680771-1985815163-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-808004889-1866680771-1985815163-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Amazon Appstore (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.amazon.venezia) (Version: release-60.19.1.0.209644.0_560210 - amazon.com)
Dwyco CDC-X version 3.76 (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\Dwyco CDC-X_is1) (Version: 3.76 - Dwyco, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
Jamata Tower Defense Free (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.fraische.jamatafree) (Version: 1.2.8 - fraische.com)
Last Castle (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.solo.lastcastle) (Version: 2.50 - solo.com)
Lenovo Now (HKLM-x32\...\Lenovo Now) (Version: 3.10.0.63 - Lenovo Group Ltd.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
Malwarebytes version 4.6.2.281 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.2.281 - Malwarebytes)
Microsoft .NET Core Host - 3.1.16 (x86) (HKLM-x32\...\{5D887DA9-5C68-400F-8948-1CC517CB9A41}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.16 (x86) (HKLM-x32\...\{A0066D67-1765-4066-B260-DD548A154CB5}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.16 (x86) (HKLM-x32\...\{876E7C98-9A2F-4644-BD03-7E6253D54EFE}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{23B1E150-9D20-42E9-ABEA-5F155FE91878}) (Version: 24.64.30112 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.16 (x86) (HKLM-x32\...\{eadb038c-8c60-4258-8cf9-e43e809329a4}) (Version: 3.1.16.30112 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Firefox ESR (x64 en-US) (HKLM\...\Mozilla Firefox 102.15.1 ESR (x64 en-US)) (Version: 102.15.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.11.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 102.15.1.8655 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Paltalk (HKLM-x32\...\Paltalk) (Version: - )
Pocket Tanks v1.6 (HKLM-x32\...\Pocket Tanks_is1) (Version: 1.6 - Blitwise Productions, LLC)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 9.03 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 8.05 - NCH Software)
SuperNova Player (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\TacticsTechnologySuperNova) (Version: - )
Tactic Defense (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.tranquility.tacticdefenseamazon) (Version: 1.6 - tranquility.com)
Tower Raiders 2 FREE (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\com.gianormousgames.towerraiders2free) (Version: 1.09 - gianormousgames.com)
VRS Recording System (HKLM-x32\...\VRS) (Version: 5.48 - NCH Software)
Warpath (HKLM-x32\...\{proda17b81755cc110c39879a94a4be2}_is1) (Version: 0.1.3 - )
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 17.81 - NCH Software)
WGT Launcher (HKLM-x32\...\{E4340AAD-E352-4209-9DA2-53C71C2C7F81}) (Version: 1.2 - Topgolf USA, Inc.)
Y8 Browser 1.0.10 (HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\a6611861-70b4-5ed8-b9ef-d6448267637c) (Version: 1.0.10 - Y8 Games)
Packages:
=========
19363BlueskyStudio.FreeTowerDefence -> C:\Program Files\WindowsApps\19363BlueskyStudio.FreeTowerDefence_1.0.0.6_neutral__ad90gx91p0mxj [2023-07-02] (Bluesky Studio) [MS Ad]
All Video Player HD -> C:\Program Files\WindowsApps\22450.TotalVideoPlayer_2.3.0.0_x64__0aqw1zw0x2snt [2023-05-02] (韵华软件)
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-11] (AMZN Mobile LLC.) [Startup Task]
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m [2023-07-31] (Advanced Micro Devices Inc.) [Startup Task]
Angry Birds 2 -> C:\Program Files\WindowsApps\1ED5AEA5.4160926B82DB_2.63.3.0_x64__p2gbknwb5d8r2 [2023-06-13] (Rovio Entertainment Oyj)
Angry Birds Friends -> C:\Program Files\WindowsApps\1ED5AEA5.AngryBirdsFriends_11.16.0.0_x64__p2gbknwb5d8r2 [2023-09-26] (Rovio Entertainment Oyj)
AutoCAD - DWG Viewer & Editor -> C:\Program Files\WindowsApps\89006A2E.AutoCAD360_9.13.0.0_x64__tf1gferkr813w [2023-09-16] (Autodesk Inc.)
B9BA84AC.CityRacing2 -> C:\Program Files\WindowsApps\B9BA84AC.CityRacing2_1.4.7.0_x64__3ag0hv5nd203a [2023-07-11] (成都羽珀科技有限责任公司) [MS Ad]
Best Bubble Breaker -> C:\Program Files\WindowsApps\29219fast-soft.de.BestBubbleBreaker_1.1.0.5_x64__ef0y5a6dqd4v4 [2023-05-02] (fast-soft.de) [MS Ad]
Bubble Breaker Ultimate -> C:\Program Files\WindowsApps\55591DelaireDamien.BubbleBreakerUltimate_1.0.0.16_x64__823pgb98jhb94 [2023-05-02] (Delaire Damien)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.5.7.0_x86__xcg28tkrsnqww [2023-09-01] (Cool File Viewer)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-05] (Microsoft Corporation)
Crystal Spider Solitaire -> C:\Program Files\WindowsApps\www.solitaireparadise.com-2C6E2B84_1.0.0.0_neutral__hst9cremj4dnc [2023-10-02] (
www.solitaireparadise.com)
Defense zone 2 Lite -> C:\Program Files\WindowsApps\10991ArtemKotov.Defensezone2Lite_15.0.0.0_x64__6acec3smeeeap [2023-07-01] (Artem Kotov)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.30201.210.0_x64__rz1tebttyb220 [2023-05-02] (Dolby Laboratories)
DrawPad Graphic Design Editor -> C:\Program Files\WindowsApps\NCHSoftware.DrawPadFree_10.5.1.0_x86__7kedsbyvzns34 [2023-09-01] (NCH Software)
Hexage.RadiantDefense -> C:\Program Files\WindowsApps\Hexage.RadiantDefense_2.3.2.195_x64__zwg7cyx1ds0cc [2023-07-02] (David Peroutka)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa [2023-09-26] (Apple Inc.) [Startup Task]
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23075.1229.0_x64__8wekyb3d8bbwe [2023-09-05] (Microsoft Corporation)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2308.29.0_x64__k1h2ywk1493x8 [2023-09-11] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.4.60.0_x64__5grkq8ppsgwt4 [2023-09-26] (LENOVO INC) [Startup Task]
Mail -> C:\Program Files\WindowsApps\40811eyack.com.MAIL_10.17763.203.0_x64__xsbsxxypt8dh6 [2023-09-16] (eyacker.com)
Media Player - All Formats -> C:\Program Files\WindowsApps\2725Swisspix.MediaPlayer-AllFormatsVideoPlayerAllF_1.1.15.0_x64__q68sgvev02mx6 [2023-09-05] (Swisspix)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1960.4.210.0_x64__8xx8rvfyw5nnt [2023-09-30] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-10-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-10-01] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2309.1002.0_x64__8wekyb3d8bbwe [2023-09-22] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-06-09] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-06] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-10-01] (Microsoft Corporation)
My Drawing Pad -> C:\Program Files\WindowsApps\14835KeithLam.MyDrawingPad_1.1.3.0_x64__n72ny8k2pphgw [2023-09-05] (Keith Lam)
Net Speed Meter -> C:\Program Files\WindowsApps\4789ZeroByte.NetSpeedMeter_4.0.5.0_neutral__gvheqymwk6zrr [2023-09-05] (Zero Byte) [Startup Task]
Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.807.100_x64__8wekyb3d8bbwe [2023-08-14] (Microsoft Corporation)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.7423.0_x64__8wekyb3d8bbwe [2023-08-24] (Microsoft Corporation) [Startup Task]
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.148.0_x64__pwbj9vvecjh7j [2023-09-29] (Amazon Development Centre (London) Ltd)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.289.0_x64__dt26b99r8h8gj [2023-05-02] (Realtek Semiconductor Corp)
Secure Folder, Files and Encrypt -> C:\Program Files\WindowsApps\15675MedhaChaitanya.FileLockEncrypt_3.75.63.0_x64__44hy61fym8r9t [2023-09-16] (MedhaChaitanya)
Shadow Defense: Kingdom -> C:\Program Files\WindowsApps\32809xgeneration.ShadowDefenseKingdom_1.1.1.1_x86__f6w2wpjbc1rm8 [2023-05-02] (9xgeneration) [MS Ad]
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2023-05-02] (Fortemedia)
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.16.0_x64__cw5n1h2txyewy [2023-06-25] (Microsoft Windows)
Video Trimmer - Video Editor & Video Maker -> C:\Program Files\WindowsApps\4978BestGameStudio.VideoTrimmer-VideoEditorVideoMa_1.0.4.0_x64__1722q061jff9j [2023-09-05] (Best Game Studio)
VOICE x NOTE -> C:\Program Files\WindowsApps\33805LSongBee.VOICExNOTE_1.1.3.0_x64__h9vv8ndyw0qje [2023-09-05] (LSongBee) [MS Ad]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2338.7.0_x64__cv1g1gvanyjgm [2023-09-30] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-10-01] (Microsoft Corporation)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.930.722.582_neutral__8wekyb3d8bbwe [2023-09-30] (Microsoft Corporation)
Windows Subsystem for Android™ -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2308.40000.3.0_x64__8wekyb3d8bbwe [2023-10-03] (Microsoft Corp.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-808004889-1866680771-1985815163-1001_Classes\CLSID\{92e05f37-158b-585f-c21d-a4a1f0bb32cb}\localserver32 -> "C:\Users\ronny\AppData\Local\OneLaunch\5.17.4\onelaunch.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-10-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-09-07 00:24 - 2022-09-07 00:24 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2022-09-07 00:24 - 2022-09-07 00:24 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-07 00:24 - 2022-05-07 00:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
2023-08-17 03:51 - 2023-10-03 00:29 - 000000440 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.20.160.1 DadsLenovo.mshome.net # 2028 10 0 1 5 29 22 250
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\OneDrive\Desktop\dylan\dylanlap.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\StartupApproved\Run: => "LenovoVantage"
HKU\S-1-5-21-808004889-1866680771-1985815163-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{9D9AE633-487E-47EE-9ABB-F93329736147}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{5263C856-C315-45A8-8005-43FD06AFCCBF}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc -> )
FirewallRules: [TCP Query User{902403D8-6AA8-4293-9CF8-D1C2B9BAD85B}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [UDP Query User{374A7204-05B7-41A4-BA55-39C9A916E85C}C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\dwycobg.exe (Dwyco, Inc -> )
FirewallRules: [{4C1F91BE-7572-4E98-BA81-004B1378DB60}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5459F704-B488-41D9-8D23-A4E420DCD8AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1B4C2AB4-259B-4108-9C58-38937B064BFD}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe => No File
FirewallRules: [UDP Query User{F06C2850-FCA3-4B1B-ACDE-25494217C6D5}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe => No File
FirewallRules: [{AE7CBB9B-CC7D-44FE-8C4B-8C35717408C5}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{DC7848E6-605A-4E4B-AC77-8D18C598F4CC}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{D783EC16-E9F5-461D-A38D-40AF0068853B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{43B5EADB-8C62-4673-8684-DC1B027E63F4}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{3287DA1C-9BA0-4422-8E2A-7EA266A249B2}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{416B1589-CF28-4433-8572-66C38CC8442A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{B78A241F-4BE7-4532-8AE2-A7F472C5567F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{89AD5F3C-2F75-4FE8-A619-2D8591B08308}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{C0CAA61D-DE29-402A-81E5-3CE4737BB06C}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{2D868E08-A32B-435D-B9F3-443C04EC44EB}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{065B13A9-66F9-48FC-AC53-CFD39968A164}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{214E620A-5D7B-40B9-A97A-D10D20491395}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FEC581F9-FB44-4288-BFFF-2A4AECCC4AA6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{475947ED-5482-4006-A70A-9E5DBD064729}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1FC929B9-6C45-43C6-A94A-6E4686D58C88}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{294778E7-2B62-4638-ACA8-09440F5C0F3C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6E30EAD7-32BA-4F92-A3C3-BA18F2936E84}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1899617D-1C2B-47CA-8CA5-964145A51D8D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6100925D-CA5C-4E88-BDF3-66A54E9E8A47}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0B6219EA-FE4B-4988-B5FE-1B8EFA677239}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E9C31EF9-4F6D-4E21-B681-DC8C4B6E5170}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2815F2BA-4FAC-4B39-9D3C-075A1F1E1C57}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4804C799-24F0-45FC-B3C4-03072E250CE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3EF2BE2D-C747-4716-9FD6-321B6A00A6DB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A5439DE-B61D-48AE-80C0-51D664F4ADE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84F8E50D-CE08-4F22-92B2-62FFE8216699}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D0C663BA-C027-49E7-A737-485BF35E8418}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2308.40000.3.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe (Microsoft Corporation -> )
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (10/03/2023 01:41:46 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via
https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(31ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (10/03/2023 01:41:45 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via
https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(78ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (10/03/2023 01:35:15 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via
https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (10/03/2023 01:35:15 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via
https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(47ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (10/02/2023 11:59:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DADSLENOVO$ via
https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (10/02/2023 11:59:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via
https://amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net/templates/Aik/scep failed:
GetCACaps
Method: GET(63ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (10/02/2023 12:10:39 AM) (Source: Application Error) (EventID: 1000) (User: DADSLENOVO)
Description: Faulting application name: Widgets.exe, version: 421.20070.1820.0, time stamp: 0x64e54318
Faulting module name: Widgets.exe, version: 421.20070.1820.0, time stamp: 0x64e54318
Exception code: 0xc0000005
Fault offset: 0x0000000000122cc7
Faulting process id: 0x0x1538
Faulting application start time: 0x0x1d9f49cd938258f
Faulting application path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Faulting module path: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Report Id: 4a7aefff-98dd-4bd1-82ea-f3bc43842cf7
Faulting package full name: MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy
Faulting package-relative application ID: Widgets
Error: (10/01/2023 09:51:00 PM) (Source: Application Error) (EventID: 1000) (User: DADSLENOVO)
Description: Faulting application name: QtWebEngineProcess.exe, version: 5.15.2.0, time stamp: 0x5fad38e0
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xbbf7fb0e
Exception code: 0xc0000409
Fault offset: 0x0009e34b
Faulting process id: 0x0x2098
Faulting application start time: 0x0x1d9f4db324072ab
Faulting application path: C:\Users\ronny\OneDrive\Documents\Dwyco\CDC-X\QtWebEngineProcess.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 776b213a-03fc-45f8-83f1-22d895ad1522
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (10/03/2023 07:49:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mozilla Maintenance Service service failed to start due to the following error:
The system cannot find the file specified.
Windows Defender:
================
Date: 2023-10-02 17:20:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-10-01 20:46:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-10-01 17:22:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-09-30 05:19:53
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2023-09-30 05:08:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2023-10-01 23:56:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.397.1916.0
Previous security intelligence Version: 1.397.1886.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23080.2005
Previous Engine Version: 1.1.23080.2005
Error code: 0x80508007
Error description: Your device is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
Date: 2023-10-01 23:56:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.397.1916.0
Previous security intelligence Version: 1.397.1886.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.23080.2005
Previous Engine Version: 1.1.23080.2005
Error code: 0x80508007
Error description: Your device is low on memory. Close some programs and try again, or search Help and Support for information about preventing low memory problems.
Date: 2023-09-25 11:04:13
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1520.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2023-09-22 23:47:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1238.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-09-22 23:47:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.397.1238.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23080.2005
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2023-10-02 17:19:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-09-09 12:27:53
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume4\Users\ronny\AppData\Local\Temp\ehdrv.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x1. Status 0xC00000BB.
==================== Memory info ===========================
BIOS: LENOVO HQCN15WW(V1.04) 05/30/2022
Motherboard: LENOVO LNVNB161216
Processor: AMD Athlon Silver 3050U with Radeon Graphics
Percentage of memory in use: 51%
Total physical RAM: 18366.32 MB
Available physical RAM: 8839.38 MB
Total Virtual: 27070.32 MB
Available Virtual: 12004.42 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:114.26 GB) (Free:10.28 GB) (Model: SanDisk DA4128) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:928.83 GB) (Model: KINGSTON SNV2S1000G) NTFS
\\?\Volume{97b95e27-64b2-4e61-bbdd-73e5a9f4cb99}\ (WINRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.26 GB) NTFS
\\?\Volume{cba30f47-dd2a-44a1-9639-590333b5b11a}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: DEB2E40B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 116.5 GB) (Disk ID: CD2244AA)
Partition: GPT.
==================== End of Addition.txt =======================