Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus window appeared in browser

Started by xilogo1202 , Yesterday, 07:38 PM

  • Please log in to reply

#1
xilogo1202
Posted Yesterday, 07:38 PM

xilogo1202

    New Member

  • Member
  • Pip
  • 9 posts

Hello. A virus looking window that said I must call a phone number to protect my identity appeared in Chrome. It seemed to take over the whole screen and lock the computer. I had to shutdown the computer as it was apparently locked. Since then, the window has not appeared again. One other weird thing is another user on the computer, which is an administrator level, seemed to be reset. Upon logging in with the admin user, Windows seemed to go through the new user welcome process, but the files on that user's desktop were still intact.

 

I have run a Windows Virus & Threat Protection scan, Malwarebytes scan, and a ESET Online scan. All scans found no results. So I am not sure what happened and hoping this will be an easy one as a false alarm. Below is the FRST logs.

 

Thanks for your help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-05-2025
Ran by admin (administrator) on LAPTOP-GE8FCSQN (LENOVO 20VE) (20-05-2025 19:10:19)
Running from C:\Users\Username\Desktop\FRST64.exe
Loaded Profiles: admin & Username
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5854 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(GenericTelemetryAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(IdeaNotebookAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(ModernPreloadAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(VantageCoreAddin).exe
(DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxEMN.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAF04E~1.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\FnHotkeyUtility.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe <4>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ElanIapService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_db7985d30b50e28f\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_46aa7595a4cd0ecb\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe <2>
(services.exe ->) (TBT_DCH_DRV_PROD -> ) C:\Windows\TbtP2pShortcutService.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxextN.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe [1635688 2022-12-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [459904 2018-01-30] (CANON INC. -> CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" [89680192 2025-05-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2025-05-21] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoMeetingDaemon] => C:\Users\Username\AppData\Local\WebEx\WebexHost.exe [7272032 2024-04-01] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoSpark] => C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1476 2024-05-11] () [File not signed]
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4045864 2025-05-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\MountPoints2: {39e38df8-5750-11eb-835d-fcb3bc5f1a08} - "D:\LaunchU3.exe" -a
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [153088 2018-01-30] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1501696 2018-10-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\136.0.7103.114\Installer\chrmstp.exe [2025-05-15] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08A21946-05CE-4B19-BF73-1B93A745FEED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {A64851A1-2108-4FEE-91B7-08046252FF5F} - System32\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-12] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {81EAAF71-514B-4127-B19C-7780892B9FFF} - System32\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-12] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {379773A5-17FD-4D5F-834E-1EFA145596AD} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7156.0{09BF86E7-519E-48F9-B7F0-0C3E808B279A} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe [7096416 2025-05-02] (Google LLC -> Google LLC)
Task: {1871758E-9C91-4D1E-B938-F05AA6ED1CF3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [94496 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {E1B27C35-FA09-4A05-A9ED-BD0FF237CE96} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {345A3571-2FF4-4735-AE8F-8959B895B9E1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {36410970-AECA-4167-B660-ECE99AB3A97D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\32c5f7ad-9c94-42de-8979-b7010b4ff8df => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {6C93AE6A-51FB-4363-A08D-5453D5559E5E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\926dcea7-373e-46e2-999e-4d6447a7c353 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {F3813FC8-498E-46E5-8CA9-22FCA042A016} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\98a47447-9a92-497a-8109-a2847abb2ac4 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {CA9ABCB6-10F7-454B-B578-2105C243A8B2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {983E498A-7A48-4F65-BE4F-514529FA7CD9} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {FAB2E828-4B56-4CF8-8A1E-9B6E642DB015} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {965B3DA2-8214-473C-97F1-8507A174F716} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {6E6D6A7F-DE6E-4E28-8467-079F1CB5A3F4} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {43CC7388-A4A3-4F61-B9F3-D181410B676D} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {E2C4962F-D262-44A5-85A5-A5736E118AB9} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {47736525-25BA-4D26-80DE-21045117C897} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {6BE8B0FB-4D1B-49A1-9327-5F5B4E5D5A76} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {9A1CFAC3-1168-40EF-8B4A-59FB889E7095} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {179FDF33-DA9B-4C0C-9CF2-6CD42CE0A465} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe  NotificationCenter (No File)
Task: {43BAD6D3-43F8-4AE0-806E-15C704D524EA} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {015602D6-2AE0-408F-B9C6-0AC24743B792} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {42FD2270-C76A-4178-9F60-79B7C8F97776} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {872DE35E-573D-4CB0-8137-AE864EC85B9C} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.190\x64\IdleScheduleEventAction.exe [143768 2025-01-17] (Lenovo -> )
Task: {9F03217E-F069-4A04-B9C6-6A990D1612A6} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {12ED7477-2B2D-4602-B9AB-80FAEBAF487E} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe  VantageTelemetryAddinTask (No File)
Task: {19DF18E5-B809-4426-B9EC-32556E8D842B} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe  /repair (No File)
Task: {8B422B20-146C-4905-8B2B-F42A26D88AA9} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8EE6992-92F0-4B05-B99E-6C8626307955} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {1616E77F-BFFF-4CC4-89E0-3D07BD3C52A4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102352 2025-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B57ECC2-CDFB-4BAD-B0B6-708686C4E531} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68392 2025-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {24776F89-F9BA-4122-912E-B02F365C6C10} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102352 2025-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {76A1E547-8A54-4418-8EFE-93A633F118B2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCAEB5DC-9E97-4EFB-90D9-09E857FBE372} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FDB54DDC-4361-490E-BC3A-571D2BA4DC90} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [213216 2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1838795-7DB6-41A9-986D-4F8591581EF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C3839537-CA56-497B-9B66-AFEACF94117E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {77A7EAA6-65E5-456B-8504-1290BC007D02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3F72C5B2-D940-45CE-B34C-A502746EC772} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5C97297-6A60-4D27-9BBC-B334C98B4839} - System32\Tasks\OneDrive Startup Task-S-1-5-21-240337477-2287995252-3564736294-1001 => C:\Users\admin\AppData\Local\Microsoft\OneDrive\25.075.0420.0002\OneDriveLauncher.exe [679728 2025-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {ADF7F50C-5FB0-42EE-BC16-D35A1BF300C7} - System32\Tasks\OneDrive Startup Task-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\Microsoft\OneDrive\25.065.0406.0002\OneDriveLauncher.exe [679232 2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{45d5d7d4-26dd-4f05-b26c-4fccf75fe7ad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\4597C65627723702960586F6E656: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\E45445745414257303: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\E45445745414257303D25374: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-18]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-03-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-03-18] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2025-05-21]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-03]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-03]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-03]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-03]
CHR Extension: (uBlock Origin) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2025-05-21]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-24]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-03]
CHR HKU\S-1-5-21-240337477-2287995252-3564736294-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13824240 2025-05-09] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe [2305576 2021-12-08] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ElanIapService; C:\Windows\System32\ElanIapService.exe [475088 2020-07-30] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [343936 2020-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe [539816 2021-09-02] (Intel Corporation -> Intel)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe [182272 2025-02-21] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe [34816 2025-02-21] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1817944 2020-09-11] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9445832 2025-05-21] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2024-12-25] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [252264 2021-01-26] (TBT_DCH_DRV_PROD -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-12] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-12] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-12] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-12] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1421680 2020-09-23] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [331168 2025-04-01] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234072 2025-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-03-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [242752 2025-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [19984 2025-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606568 2025-05-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-15] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-05-20 19:10 - 2025-05-20 19:10 - 000030781 _____ C:\Users\Username\Desktop\FRST.txt
2025-05-20 19:10 - 2025-05-20 19:10 - 000000000 ____D C:\FRST
2025-05-20 19:09 - 2025-05-20 19:09 - 002405888 _____ (Farbar) C:\Users\Username\Desktop\FRST64.exe
2025-05-20 18:59 - 2025-05-20 18:59 - 000003570 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-240337477-2287995252-3564736294-1001
2025-05-16 16:02 - 2025-05-16 16:02 - 000000000 ____D C:\Users\admin\AppData\Local\ESET
2025-05-15 14:27 - 2025-05-15 14:27 - 000264821 _____ C:\Users\Username\Downloads\statement-Apr-2025.pdf
2025-05-14 14:21 - 2025-05-14 14:21 - 000022680 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-14 14:21 - 2025-05-14 14:21 - 000022680 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-05-14 14:16 - 2025-05-14 14:16 - 000000000 ___HD C:\$WinREAgent
2025-05-08 16:27 - 2025-05-08 16:27 - 016775712 _____ C:\Users\Username\Downloads\20190315.mp4
2025-05-07 10:52 - 2025-05-07 10:52 - 010750119 _____ C:\Users\Username\Downloads\MOV_14.MOV
2025-05-06 09:26 - 2025-05-06 09:26 - 000030828 _____ C:\Users\Username\Downloads\Receipt10.pdf
2025-05-03 11:08 - 2025-05-03 11:08 - 000150676 _____ C:\Users\Username\Downloads\Summer Letter.pdf
2025-04-29 11:33 - 2025-04-29 11:33 - 002134068 _____ C:\Users\Username\Downloads\260.mp4
2025-04-24 13:34 - 2025-04-24 13:34 - 003012851 _____ C:\Users\Username\Downloads\91.mov
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-05-20 19:04 - 2021-12-31 17:16 - 000000000 ____D C:\Windows\SystemTemp
2025-05-20 19:04 - 2020-11-19 03:58 - 000000000 ____D C:\Windows\TempInst
2025-05-20 19:02 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-20 19:02 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
2025-05-20 19:00 - 2025-04-17 21:20 - 000000000 ____D C:\Users\admin\AppData\Local\Malwarebytes
2025-05-20 18:59 - 2025-04-17 21:21 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-240337477-2287995252-3564736294-1001
2025-05-20 18:59 - 2023-05-12 10:22 - 000000000 ____D C:\Users\Username\AppData\Local\Malwarebytes
2025-05-20 18:59 - 2021-01-02 20:12 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-240337477-2287995252-3564736294-1001
2025-05-20 18:59 - 2021-01-02 20:09 - 000002390 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-05-20 18:56 - 2021-01-02 20:10 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2025-05-20 18:55 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-05-17 01:40 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-16 23:13 - 2023-01-16 21:52 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-05-16 23:13 - 2020-11-19 03:52 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-16 16:11 - 2023-12-16 17:17 - 000000000 ____D C:\Users\Username\Documents\docs
2025-05-16 16:03 - 2025-04-17 22:33 - 000001389 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-05-16 15:53 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
2025-05-16 11:27 - 2021-01-02 20:59 - 000000000 __SHD C:\Users\Username\IntelGraphicsProfiles
2025-05-16 11:25 - 2020-05-06 12:41 - 000795742 _____ C:\Windows\system32\PerfStringBackup.INI
2025-05-16 08:59 - 2021-01-02 20:59 - 000000000 ____D C:\Users\Username
2025-05-16 08:56 - 2020-11-19 02:48 - 000000000 ___HD C:\Intel
2025-05-16 08:56 - 2020-05-06 12:33 - 000646984 _____ C:\Windows\system32\FNTCACHE.DAT
2025-05-16 08:56 - 2020-05-06 12:33 - 000008192 ___SH C:\DumpStack.log.tmp
2025-05-16 08:56 - 2020-05-06 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\PrintDialog
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\setup
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\oobe
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\Dism
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellExperiences
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellComponents
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ServiceState
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
2025-05-16 08:56 - 2019-12-07 03:03 - 001572864 _____ C:\Windows\system32\config\BBI
2025-05-16 08:56 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\servicing
2025-05-16 08:22 - 2020-11-19 03:51 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-05-16 08:22 - 2020-11-19 03:51 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-05-15 13:13 - 2021-01-02 20:47 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-05-15 13:13 - 2021-01-02 20:47 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-05-15 08:41 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-05-14 15:28 - 2021-01-25 11:05 - 000000000 ____D C:\Users\Username\Desktop\Financial statements
2025-05-14 14:25 - 2021-01-02 20:14 - 000000000 ____D C:\Windows\system32\MRT
2025-05-14 14:24 - 2021-01-02 20:14 - 214836568 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-05-14 14:24 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
2025-05-14 14:21 - 2020-05-06 12:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-05-09 16:44 - 2020-11-19 03:52 - 000000000 ____D C:\Program Files\Microsoft Office
2025-05-08 16:28 - 2021-01-23 22:02 - 000000000 ____D C:\Users\Username\AppData\Roaming\vlc
2025-05-05 13:52 - 2025-02-05 17:49 - 000003568 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-240337477-2287995252-3564736294-1002
2025-05-05 13:52 - 2021-12-13 09:45 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-240337477-2287995252-3564736294-1002
2025-05-05 13:52 - 2021-01-02 21:00 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-240337477-2287995252-3564736294-1002
2025-05-05 13:52 - 2021-01-02 20:59 - 000002387 _____ C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-05-05 10:09 - 2021-01-02 20:59 - 000000000 ____D C:\Users\Username\AppData\Local\Packages
2025-05-04 12:42 - 2022-12-10 20:27 - 000242752 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2025-05-01 12:44 - 2022-10-12 09:48 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-05-01 12:44 - 2021-01-02 20:43 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2025-04-29 13:26 - 2022-04-06 13:06 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\Teams
2025-04-29 12:44 - 2021-03-20 18:52 - 000000000 ____D C:\Users\Username\AppData\Local\D3DSCache
2025-04-29 12:27 - 2022-04-06 13:07 - 000002370 _____ C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2025-04-29 12:27 - 2022-04-06 13:06 - 000000000 ____D C:\Users\Username\AppData\Local\SquirrelTemp
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-05-2025
Ran by admin (20-05-2025 19:11:58)
Running from C:\Users\Username\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.5854 (X64) (2021-01-03 18:02:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
admin (S-1-5-21-240337477-2287995252-3564736294-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-240337477-2287995252-3564736294-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-240337477-2287995252-3564736294-503 - Limited - Disabled)
Guest (S-1-5-21-240337477-2287995252-3564736294-501 - Limited - Disabled)
Username (S-1-5-21-240337477-2287995252-3564736294-1002 - Limited - Enabled) => C:\Users\Username
WDAGUtilityAccount (S-1-5-21-240337477-2287995252-3564736294-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20474 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Canon MF741C/743C (HKLM\...\{BB46A4DC-43FD-4deb-8B8D-E0211A44D94B}) (Version: 6.4.0.3 - CANON INC.)
Cisco Webex Meetings (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ActiveTouchMeetingClient) (Version: 44.4.0 - Cisco Webex LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 136.0.7103.114 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM\...\{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel® Corporation)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.3.21.0 - Lenovo Group Ltd.)
LibreOffice 7.6.7.2 (HKLM\...\{F77B9F35-B52D-4C13-AE7D-1F4C8127C505}) (Version: 7.6.7.2 - The Document Foundation)
Malwarebytes version 5.3.1.188 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.3.1.188 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18730.20142 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 136.0.3240.76 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.64 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\OneDriveSetup.exe) (Version: 25.075.0420.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\OneDriveSetup.exe) (Version: 25.065.0406.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Teams) (Version: 1.8.00.9760 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Mozilla Firefox 133.0.3 (x64 en-US)) (Version: 133.0.3 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18730.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Webex (HKLM\...\{B080C79D-B4E3-5424-8492-BEBBD67B1A92}) (Version: 43.10.0.28042 - Cisco Systems, Inc)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
 
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-04-18] ()
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.30201.210.0_x64__rz1tebttyb220 [2025-04-18] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-04-18] (INTEL CORP) [Startup Task]
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2501.20.0_x64__k1h2ywk1493x8 [2025-04-18] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.6.12.0_x64__5grkq8ppsgwt4 [2025-04-18] (LENOVO INC) [Startup Task]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2504.16003.0_x64__8wekyb3d8bbwe [2025-04-18] (Microsoft Corporation) [Startup Task]
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-05-16] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.289.0_x64__dt26b99r8h8gj [2025-04-18] (Realtek Semiconductor Corp)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.150.3125.0_x64__kzf8qxf38zg5c [2025-05-16] (Skype)
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2021-09-26] (Fortemedia)
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2025-04-18] (INTEL CORP)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1001_Classes\CLSID\{f75bebf0-39e6-433e-a0b5-c686c3b0acce}\InprocServer32 -> C:\Users\Username\AppData\Local\Mozilla Firefox\notificationserver.dll => No File
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{5FE3A4E5-E8D1-487F-AC1B-688F490A9E38}\InprocServer32 -> C:\Users\Username\AppData\Local\Mozilla Firefox\notificationserver.dll => No File
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Username\AppData\Local\GoToMeeting\19796\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Username\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-01-10 20:53 - 2018-01-29 21:28 - 000005120 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6_en-US.DLL
2021-01-10 20:52 - 2018-01-29 21:26 - 000153088 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2020-11-19 03:52 - 2020-11-19 03:52 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-11-19 03:52 - 2020-11-19 03:52 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) =============
 
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-240337477-2287995252-3564736294-1002 -> DefaultScope {003DCA94-98F2-469B-A5BA-194AE1717515} URL = 
SearchScopes: HKU\S-1-5-21-240337477-2287995252-3564736294-1002 -> {003DCA94-98F2-469B-A5BA-194AE1717515} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-05] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 03:14 - 2019-12-07 03:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\11027567817866036933\133894237062489606.jpg
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Wi-Fi: Intel® Wi-Fi 6 AX201 160MHz -> Netwtw10.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\StartupFolder: => "a926b4964b745999a98b8120e2816.LNk"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoSpark"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{F66FE10C-0F79-4F40-97EA-A16178E767EA}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{8D2C76DD-8F61-4AD4-B645-4D737C01F19D}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{83D6447C-463F-46FC-9A94-E14D0E37AD61}C:\users\Username\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\Username\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{B86DDDEA-D6CA-487C-BE96-108B74D23C68}C:\users\Username\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\Username\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D4517488-C8F0-410D-82B5-C0A0679DB7BA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{48C43F99-4364-421B-BB52-0A12BE2ECCE5}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B14D9DF9-782D-4F5B-8A06-F262C127687B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
01-05-2025 12:38:37 Scheduled Checkpoint
10-05-2025 14:10:26 Scheduled Checkpoint
14-05-2025 14:16:29 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/17/2025 03:01:17 AM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17
 
Error: (05/17/2025 03:01:17 AM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17
 
Error: (05/15/2025 05:06:28 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17
 
Error: (05/09/2025 08:54:23 AM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17
 
Error: (05/05/2025 03:15:33 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-GE8FCSQN)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
 
Error: (05/02/2025 08:18:00 AM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17
 
Error: (04/24/2025 04:10:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (04/24/2025 04:10:36 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
 
System errors:
=============
Error: (05/20/2025 06:55:44 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74
 
Error: (05/17/2025 01:11:19 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server {C53A4F16-787E-42A4-B304-29EFFB4BF597} did not register with DCOM within the required timeout.
 
Error: (05/16/2025 04:05:58 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (05/16/2025 04:05:58 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (05/16/2025 04:05:58 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (05/16/2025 04:05:58 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (05/16/2025 04:05:51 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server Microsoft.WindowsFeedbackHub_1.2503.11103.0_x64__8wekyb3d8bbwe!App.AppXzhfqa4p2pxce26y7w5yn9gse2mww45c8.mca did not register with DCOM within the required timeout.
 
Error: (05/16/2025 04:00:40 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2025-05-16 11:36:12
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Aborted by the client
 
Date: 2025-05-15 13:20:56
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
 
Date: 2025-05-14 14:16:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: %12
 
Date: 2025-05-13 11:07:36
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: %12
 
Date: 2025-05-10 09:28:32
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: %12
Event[0]:
 
Date: 2025-04-24 16:10:36
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.427.423.0;1.427.423.0
Engine Version: 1.1.25030.1
 
CodeIntegrity:
===============
Date: 2025-03-26 08:27:06
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\igd10um64xe.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO F8CN59WW(V2.22) 06/14/2024
Motherboard: LENOVO LNVNB161216
Processor: 11th Gen Intel® Core™ i7-1165G7 @ 2.80GHz
Percentage of memory in use: 51%
Total physical RAM: 16167.3 MB
Available physical RAM: 7810.18 MB
Total Virtual: 18599.3 MB
Available Virtual: 10188.22 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:366.87 GB) (Model: NVMe SAMSUNG MZALQ512HALU-000L2) (Protected) NTFS
 
\\?\Volume{d7b7e4d4-0ce0-4798-9056-31a4d8207d11}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.38 GB) NTFS
\\?\Volume{3137f5f2-edef-40f3-b51c-acfebedcfb60}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: FE97C22C)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

19 user(s) are reading this topic

0 members, 19 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP