Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer infected after using Edge

Started by kewleb , Today, 06:59 AM

  • Please log in to reply

#1
kewleb
Posted Today, 06:59 AM

kewleb

    Member

  • Member
  • PipPip
  • 58 posts

Started having problems today after attempting to use a youtube to mp3 converter via the Edge browser on my Windows 11 laptop. This has resulted in constant (fake) virus warnings and pop ups which will not go away. Varied messages "Your computer is infected" " someone is downloading files from your computer" etc etc. Ran Malwarebytes but showed nothing. Pop ups still happening. Any help would be very much appreciated! This website has always been super helpful!

 

Here are my logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by boyke (administrator) on BOBBYSLENOVO (LENOVO 83ER) (30-04-2024 13:38:59)
Running from C:\Users\boyke\OneDrive\Desktop\FRST64.exe
Loaded Profiles: boyke
Platform: Microsoft Windows 11 Home Version 23H2 22631.3296 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe <6>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.123.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MRT.exe
(C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoNotificationUx.exe
(C:\Windows\UUS\Packages\Preview\amd64\wuaucltcore.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.123.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_helper.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyUtility.exe
(explorer.exe ->) (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering, Ltd.) C:\Program Files\Focusrite\Drivers\Focusrite Notifier.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(services.exe ->) () [File not signed] C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_64d7fcfcde9b9c10\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_3ea1838906a8645a\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a56db188a9b50197\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_6a3c518c5fadd973\AS\IAS\IntelAudioService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Elevoc Technology Co.,Ltd.) C:\Windows\System32\ElevocInstallDriver\ElevocControlService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <38>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\wuaucltcore.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusrite\Drivers\Focusrite Notifier.exe [906840 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering, Ltd.)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" [67367456 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3746910256-3024237243-1541892286-1001\...\Run: [MicrosoftEdgeAutoLaunch_29452A804DD2D36A02AC7DBEDE72260D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4082112 2024-04-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3746910256-3024237243-1541892286-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3306528 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {AF77A501-295B-4B20-8A76-E8A715DF9005} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {3F97E3CB-0D59-4A17-AE79-872283A70CDA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {9EC2E34E-ADB2-4E2C-97B7-2E2C4B77E848} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [102400 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {8D0CA1F5-0B5B-46AD-A6B7-3CDB118B9F08} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1d27cde8-2fb6-4314-9a36-ac1a9c45a4f8 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {7E829E8C-F3E5-44C3-85EB-0ECC36594BB2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3a20ee4b-82ea-481c-ac7f-f150c9a689dc => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {2356CCC1-E156-4065-A98F-F2D7F73C5296} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\41dc4f2a-4436-4cf7-90b2-71758d1fcc75 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {05026EDB-3BF0-4D2A-9A14-3EF15294C4C6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\609b6924-1497-49ff-8e58-9ff6f6637d17 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {AE7F9954-809C-4D88-8C8F-782DBE915F84} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a659ee9c-e537-4ac7-8101-48da0321da6b => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {11AC6244-5B64-49CD-A28A-7B9E995D39F1} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {4DFD0402-0B99-4846-BF76-AD9F1A1EC89C} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [185312 2023-11-02] (Lenovo -> Lenovo Group Ltd.)
Task: {F436C856-0224-4CD2-AB52-2F191C0A17A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {F05F8B48-C648-4D73-920C-1FECD67E8DE5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {78A7DAD1-687F-4A54-BB37-56F67AE7B2D6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {F9801AB8-EB1D-4F63-8DED-E3F1C157EDA6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {10CB73C8-1709-4801-B4A1-5C748CA83B68} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168488 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {A8AED2D1-04A4-410E-AF61-038040AEAD76} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB6DBC30-68A3-4B15-80CF-9ABFF2B848A0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3746910256-3024237243-1541892286-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A96987C-A3A6-45A7-96D1-6A350CE046C3} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3746910256-3024237243-1541892286-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\Windows\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6be20357-8b56-4f51-8d9a-c7241245e723}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6be20357-8b56-4f51-8d9a-c7241245e723}: [DhcpDomain] broadband
Tcpip\..\Interfaces\{89b8e63e-4772-4e70-b1fb-626192170423}: [DhcpNameServer] 150.213.1.3
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\boyke\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-30]
Edge Notifications: Default -> hxxps://nuronnes.co.in
Edge HomePage: Default -> hxxp://www.google.co.uk/
Edge StartupUrls: Default -> "hxxp://www.google.co.uk/"
Edge Extension: (Google Docs Offline) - C:\Users\boyke\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-31]
Edge Extension: (Edge relevant text changes) - C:\Users\boyke\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-03]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221280 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe [2363432 2023-05-19] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_3ea1838906a8645a\ipfsvc.exe [546416 2022-12-15] (Intel Corporation -> Intel Corporation)
R2 ElevocService; C:\Windows\system32\ElevocInstallDriver\ElevocControlService.exe [416536 2023-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Elevoc Technology Co.,Ltd.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncHelper.exe [3507728 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
R2 Focusrite Control Server; C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [1297920 2023-10-25] () [File not signed]
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
S2 Intel® Platform License Manager Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_367008a610747d24\lib\PlatformLicenseManagerService.exe [749048 2022-12-20] (Intel Corporation -> Intel® Corporation)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_6a3c518c5fadd973\AS\IAS\IntelAudioService.exe [533640 2022-10-18] (Intel Corporation -> Intel)
R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe [2781336 2023-03-17] (Intel Corporation -> Intel Corporation)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe [168776 2024-04-01] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1849552 2023-04-18] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [889400 2024-04-06] (McAfee, LLC -> McAfee, LLC)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.070.0407.0003\OneDriveUpdaterService.exe [3848208 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
R2 UDCService; C:\Windows\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72160 2023-11-02] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88772; C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\ax88772.sys [116736 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
R0 bhtsddr; C:\Windows\System32\DRIVERS\bhtsddr.sys [177768 2023-07-12] (BayHub Technology Inc. -> BayHubTech)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2023-08-24] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 FocusritePCIeSwRoot; C:\Windows\System32\drivers\FocusritePCIeSwRoot.sys [106824 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsb; C:\Windows\System32\drivers\FocusriteUsb.sys [169800 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsbAudio; C:\Windows\System32\drivers\FocusriteUsbAudio.sys [110408 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsbSwRoot; C:\Windows\System32\drivers\FocusriteUsbSwRoot.sys [112968 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R0 fse; C:\Windows\System32\drivers\fse.sys [218592 2023-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_SPI_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_334c460fea9b11a4\iaLPSS2_SPI_ADL.sys [171608 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_43d5df63d19fde70\iaLPSS2_UART2_ADL.sys [329320 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-19] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_7d9abd38830a6e00\ipf_acpi.sys [87144 2023-03-17] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_cpu.sys [80536 2023-03-17] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_lf.sys [444568 2023-03-17] (Intel Corporation -> Intel Corporation)
S3 l6hxstomp; C:\Windows\System32\Drivers\l6HXStomp.sys [331784 2023-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Line 6)
S3 l6hxstomp_AvsFilter; C:\Windows\System32\drivers\l6HXStomp_AvsFilter.sys [120328 2023-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Line 6)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [234312 2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-11-19] (Microsoft Windows -> )
R3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [20936 2024-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [601376 2024-04-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-15] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-30 13:38 - 2024-04-30 13:39 - 000023709 _____ C:\Users\boyke\OneDrive\Desktop\FRST.txt
2024-04-30 13:38 - 2024-04-30 13:39 - 000000000 ____D C:\FRST
2024-04-30 13:37 - 2024-04-30 13:38 - 002394112 _____ (Farbar) C:\Users\boyke\OneDrive\Desktop\FRST64.exe
2024-04-30 13:35 - 2024-04-30 13:35 - 002394112 _____ (Farbar) C:\Users\boyke\Downloads\FRST64.exe
2024-04-30 13:28 - 2024-04-30 13:28 - 000000000 ___HD C:\OneDriveTemp
2024-04-30 13:13 - 2024-04-30 13:22 - 000000000 ___HD C:\$WinREAgent
2024-04-30 13:12 - 2024-04-30 13:12 - 000234312 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2024-04-30 13:12 - 2024-04-30 13:12 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2024-04-30 13:11 - 2024-04-30 13:25 - 000000000 ____D C:\Users\boyke\AppData\Local\Malwarebytes
2024-04-30 13:11 - 2024-04-30 13:11 - 000002104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-04-30 13:10 - 2024-04-30 13:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-30 13:10 - 2024-04-30 13:10 - 000000000 ____D C:\Program Files\Malwarebytes
2024-04-30 13:09 - 2024-04-30 13:09 - 002589624 _____ (Malwarebytes) C:\Users\boyke\Downloads\MBSetup.exe
2024-04-15 13:00 - 2024-04-15 13:00 - 006291508 _____ C:\Users\boyke\OneDrive\Documents\Stingray.ree
2024-04-15 12:59 - 2024-04-15 13:00 - 004939324 _____ C:\Users\boyke\OneDrive\Desktop\Stingray1.wav
2024-04-06 13:56 - 2024-04-06 13:56 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-06 13:53 - 2024-04-06 13:53 - 000020023 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-06 13:53 - 2024-04-06 13:53 - 000020023 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-06 13:35 - 2024-04-06 13:35 - 000002715 _____ C:\Users\boyke\Downloads\So_Many_Strings.hlx.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-30 13:38 - 2023-11-19 14:48 - 000000000 ____D C:\Windows\system32\MRT
2024-04-30 13:37 - 2023-11-19 14:48 - 192651728 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-04-30 13:37 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF
2024-04-30 13:28 - 2023-11-20 19:44 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-04-30 13:28 - 2023-11-19 18:56 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-04-30 13:28 - 2023-11-19 18:56 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-30 13:28 - 2023-11-19 13:03 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3746910256-3024237243-1541892286-1001
2024-04-30 13:28 - 2023-11-19 13:03 - 000000000 ___RD C:\Users\boyke\OneDrive
2024-04-30 13:28 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-30 13:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness
2024-04-30 13:28 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-30 13:28 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp
2024-04-30 13:23 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp
2024-04-30 13:20 - 2023-08-24 08:07 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-30 13:20 - 2022-05-25 20:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-04-30 13:11 - 2023-11-19 12:57 - 000000000 ____D C:\Users\boyke\AppData\Local\D3DSCache
2024-04-30 13:11 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-04-30 12:51 - 2022-05-25 20:06 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-30 09:58 - 2023-11-25 16:12 - 000000000 ____D C:\Users\boyke\AppData\Roaming\Microsoft\Word
2024-04-30 09:52 - 2023-11-19 12:25 - 000000000 ___SD C:\Users\boyke\AppData\Roaming\Microsoft\Protect
2024-04-15 12:50 - 2022-05-25 20:05 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-04-15 12:47 - 2023-08-24 08:14 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-04-15 12:39 - 2023-08-24 08:02 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-04-15 12:39 - 2022-05-25 20:05 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-15 12:39 - 2022-05-25 20:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-04-15 12:39 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ServiceState
2024-04-08 21:25 - 2022-05-07 06:17 - 000786432 _____ C:\Windows\system32\config\BBI
2024-04-08 21:24 - 2023-11-19 12:51 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-04-08 21:24 - 2022-05-25 20:05 - 000474032 _____ C:\Windows\system32\FNTCACHE.DAT
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemResources
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\oobe
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellComponents
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\bcastdvr
2024-04-08 21:24 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\servicing
2024-04-06 13:56 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-06 13:53 - 2022-05-25 20:08 - 003213824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-04-06 13:38 - 2023-11-28 22:21 - 000000000 ____D C:\Users\boyke\OneDrive\Documents\IMA Presets
2024-04-06 13:35 - 2022-05-25 20:06 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-06 13:35 - 2022-05-25 20:06 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-01 08:54 - 2023-11-19 12:59 - 000000000 ____D C:\Users\boyke\AppData\Local\packages
2024-03-31 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\SecurityHealth
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by boyke (30-04-2024 13:40:10)
Running from C:\Users\boyke\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3296 (X64) (2023-11-20 02:12:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3746910256-3024237243-1541892286-500 - Administrator - Disabled)
boyke (S-1-5-21-3746910256-3024237243-1541892286-1001 - Administrator - Enabled) => C:\Users\boyke
DefaultAccount (S-1-5-21-3746910256-3024237243-1541892286-503 - Limited - Disabled)
Guest (S-1-5-21-3746910256-3024237243-1541892286-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3746910256-3024237243-1541892286-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Focusrite Audio Drivers 4.119.3.167 (HKLM\...\Focusrite Audio Drivers_is1) (Version: 4.119.3.167 - Focusrite Audio Engineering, Ltd.)
Focusrite Control 3.16.0.176 (HKLM\...\Focusrite Control_is1) (Version: 3.16.0.176 - Focusrite Audio Engineering Ltd.)
Line 6 Driver2 Helix v1.92 Uninstaller (HKLM-x32\...\Line 6 Driver2 Helix v1.92 Uninstaller) (Version:  - Line 6)
Line 6 Driver2 Helix v1.97.0.2 Uninstaller (HKLM-x32\...\Line 6 Driver2 Helix v1.97.0.2 Uninstaller) (Version:  - Line 6)
Line 6 Driver2 HxStomp v1.97.0.2 Uninstaller (HKLM-x32\...\Line 6 Driver2 HxStomp Uninstaller) (Version:  - Line 6)
Line 6 HX Edit Uninstaller (HKLM-x32\...\Line 6 HX Edit Uninstaller) (Version: 3.70 - Line 6)
Line 6 Line 6 Updater Uninstaller (HKLM-x32\...\Line 6 Updater Uninstaller) (Version: 1.28 - Line 6)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Line 6 WinUsb Driver v1.0.0.7 Uninstaller (HKLM-x32\...\Line 6 Driver2 L6WinUsb Uninstaller) (Version:  - Line 6)
Malwarebytes version 5.1.3.110 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.3.110 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20176 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.070.0407.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17425.20176 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20176 - Microsoft Corporation) Hidden
Reason Essentials 8 8.3.2d7 (HKLM\...\ReasonEssentials8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
Stellarium 1.1 (HKLM\...\Stellarium_is1) (Version: 1.22.4 - Stellarium team)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.883 - McAfee, LLC)
 
Packages:
=========
 
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5435.0_x64__8j3eq9eme6ctt [2024-04-15] (INTEL CORP) [Startup Task]
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1200.442.0_x64__8wekyb3d8bbwe [2024-04-01] (Microsoft Corporation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.21.269.0_x64__rz1tebttyb220 [2024-04-01] (Dolby Laboratories)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23306.1292.0_x64__8wekyb3d8bbwe [2024-03-31] (Microsoft Corporation)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-04-15] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-11-22] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-03-31] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-11-22] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-11-22] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-30] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-04-08] (Microsoft Corporation)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2403.237.0_x64__8wekyb3d8bbwe [2024-04-01] (Microsoft Corporation) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-30] (Spotify AB) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-04-08] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3746910256-3024237243-1541892286-1001_Classes\CLSID\{efd4e8f5-6e0e-9405-4ec4-9c673447cfee}\localserver32 -> "C:\Program Files\Lenovo\Lenovo Smart Appearance Components\Components\IntelligentSensingAwareService\LsaToast.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\boyke\OneDrive\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3746910256-3024237243-1541892286-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D2A0BB10-C925-4E0A-AD4B-7696E5F7A827}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C00A097-77EF-4EC5-9FB2-ABEF19400640}] => (Allow) C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe () [File not signed]
FirewallRules: [{0B3BA8E1-2554-46F6-B78C-7CF5A696D635}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67966A89-4035-4199-B73E-36FCC41FE5BD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CC208A5F-77FA-4462-9D05-C14688EB08C5}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D34E9620-91E1-4928-BF13-82CAA061F12E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CDCFA9BB-B8EE-43E2-9EC1-A8CFF088C4E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B9D30AB7-C66E-404B-BBE5-F16DACE1B668}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E76014A3-6C53-44C5-B320-569919DC9EEF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{84C24494-BEBE-4FC2-BC78-55476F57B66E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A0539920-6E62-4F85-9093-03C3CEEE00B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5D2866D2-15DC-445C-AD13-69635C5E6C28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B09E07F4-7B78-426B-8F98-9F53E8244FB7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{141D8EFA-42BA-4A75-9D1E-C60811863704}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4D823528-3437-4871-98D4-623B9032FB04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8D04CAF4-824F-42CD-AA62-65181C3A395B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
06-04-2024 13:49:15 Windows Update
15-04-2024 13:06:12 Windows Update
15-04-2024 13:06:13 Windows Update
30-04-2024 13:11:33 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: Universal Device Client Device
Description: Universal Device Client Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/31/2024 09:20:52 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Description = Windows Update; Error = 0x80042319).
 
Error: (03/31/2024 09:20:52 PM) (Source: SPP) (EventID: 16387) (User: )
Description: Writer MSSearch Service Writer experienced some error during snapshot creation.
 
More info: .
 
Error: (03/10/2024 12:27:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Description = Windows Update; Error = 0x80042319).
 
Error: (03/10/2024 12:27:10 PM) (Source: SPP) (EventID: 16387) (User: )
Description: Writer MSSearch Service Writer experienced some error during snapshot creation.
 
More info: .
 
Error: (02/09/2024 11:31:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/09/2024 11:31:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/09/2024 11:31:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/09/2024 11:31:10 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
 
System errors:
=============
Error: (04/30/2024 01:20:34 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {16f30310-c247-4c61-b170-79447800ca80}, had event 74
 
Error: (04/30/2024 01:19:17 PM) (Source: DCOM) (EventID: 10010) (User: BOBBYSLENOVO)
Description: The server {628ACE20-B77A-456F-A88D-547DB6CEEDD5} did not register with DCOM within the required timeout.
 
Error: (04/30/2024 01:15:43 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (04/30/2024 12:48:55 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {16f30310-c247-4c61-b170-79447800ca80}, had event 74
 
Error: (04/30/2024 09:51:53 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {16f30310-c247-4c61-b170-79447800ca80}, had event 74
 
Error: (04/15/2024 01:07:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic.
 
Error: (04/08/2024 08:55:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {16f30310-c247-4c61-b170-79447800ca80}, had event 74
 
Error: (04/06/2024 01:51:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic.
 
 
Windows Defender:
================
Date: 2024-03-03 18:18:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-23 08:39:35
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-16 10:28:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-16 09:40:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-10 18:38:41
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2023-11-19 14:16:21
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
CodeIntegrity:
===============
Date: 2024-04-08 20:55:54
Description: 
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\l6HXStomp_AvsFilter.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x2. Status 0xC0000220. 
 
Date: 2024-01-11 11:17:43
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system. 
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO LTCN26WW 06/30/2023
Motherboard: LENOVO LNVNB161216
Processor: 12th Gen Intel® Core™ i5-12450H
Percentage of memory in use: 86%
Total physical RAM: 7884.87 MB
Available physical RAM: 1030.88 MB
Total Virtual: 9325.68 MB
Available Virtual: 1073.34 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:474.72 GB) (Free:399.47 GB) (Model: Micron MTFDKCD512QFM-1BD1AABLA) (Protected) NTFS
 
\\?\Volume{2c069ba6-6330-48e8-b6ba-a10647c98a12}\ (WINRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.17 GB) NTFS
\\?\Volume{2167eeba-99ba-40fd-abe4-db86375345d4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 872B007B)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements

#2
DR M
Posted Today, 08:05 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,140 posts

Hello, Kewleb.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

=======================

 

A couple of questions, while I am reviewing your logs:

 

1. Do you have the Premium version of Malwarebytes or the free one?

 

2. You have WebAdvisor by McAfee installed. However, it's not your primary antivirus solution. If you would like to keep it as a second/third opinion, it's fine. Otherwise, you have already Malwarebytes and Defender, and you don't need it. Let me know what is your decision about it.


  • 0

#3
kewleb
Posted Today, 08:15 AM

kewleb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Hi

 

The Malwarebytes is the free version but I think I'm currently in the trial period of the premium one..?

 

The McAfee thing was bundled with the laptop when I bought it but I'd rather just stick with Defender and Malwarebytes I think.


  • 0

#4
DR M
Posted Today, 08:34 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,140 posts

OK, thanks. Let's begin then.
 
1. Malwarebytes settings

  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
  • Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
  • Return to the Dashboard and close the program.

 

2. Uninstall McAfee WebAdvisor

  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
WebAdvisor by McAfee
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the McAfee items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

 

3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Edge Notifications: Default -> hxxps://nuronnes.co.in
CustomCLSID: HKU\S-1-5-21-3746910256-3024237243-1541892286-1001_Classes\CLSID\{efd4e8f5-6e0e-9405-4ec4-9c673447cfee}\localserver32 -> "C:\Program Files\Lenovo\Lenovo Smart Appearance Components\Components\IntelligentSensingAwareService\LsaToast.exe" -ToastActivated => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

In your next reply please post:

  1. If you successfully changed Malwarebytes option
  2. If you successfully removed McAfee with Revo Uninstaller
  3. The fixlog.txt

  • 0

#5
kewleb
Posted Today, 09:06 AM

kewleb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Hi

 

I did as you instructed but when I got to the pressing Fix in FRST64, it came up with the message "No fixlist found. The fixlist.txt should be in the same folder/directory the tool is located"


  • 0

#6
DR M
Posted Today, 09:12 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,140 posts

That's because you didn't copy the content of the fixlist first. 


  • 0

#7
kewleb
Posted Today, 10:20 AM

kewleb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Ahh yes, sorry! (I'd highlighted the text as instructed, but not copied it)

 

Sorted now. McAfee seems to have uninstalled and I have changed the Malwarebytes option as instructed.

 

Here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by boyke (30-04-2024 17:09:26) Run:1
Running from C:\Users\boyke\OneDrive\Desktop
Loaded Profiles: boyke
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Edge Notifications: Default -> hxxps://nuronnes.co.in
CustomCLSID: HKU\S-1-5-21-3746910256-3024237243-1541892286-1001_Classes\CLSID\{efd4e8f5-6e0e-9405-4ec4-9c673447cfee}\localserver32 -> "C:\Program Files\Lenovo\Lenovo Smart Appearance Components\Components\IntelligentSensingAwareService\LsaToast.exe" -ToastActivated => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => not found
HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiSpyware => Error setting value.
HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiVirus => Error setting value.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"Edge Notifications" => removed successfully
HKU\S-1-5-21-3746910256-3024237243-1541892286-1001_Classes\CLSID\{efd4e8f5-6e0e-9405-4ec4-9c673447cfee} => removed successfully
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
 
Image Version: 10.0.22631.3296
 
 
[==                         3.8%                           ] 
 
[==                         4.6%                           ] 
 
[===                        5.6%                           ] 
 
[===                        6.6%                           ] 
 
[====                       7.5%                           ] 
 
[====                       8.5%                           ] 
 
[=====                      9.4%                           ] 
 
[======                     10.4%                          ] 
 
[======                     11.4%                          ] 
 
[=======                    12.4%                          ] 
 
[=======                    13.4%                          ] 
 
[========                   14.3%                          ] 
 
[========                   15.3%                          ] 
 
[=========                  16.3%                          ] 
 
[==========                 17.3%                          ] 
 
[==========                 18.1%                          ] 
 
[===========                19.1%                          ] 
 
[===========                20.0%                          ] 
 
[===========                20.5%                          ] 
 
[===========                20.7%                          ] 
 
[============               21.7%                          ] 
 
[=============              22.6%                          ] 
 
[=============              23.6%                          ] 
 
[==============             24.6%                          ] 
 
[==============             25.6%                          ] 
 
[===============            26.6%                          ] 
 
[===============            27.5%                          ] 
 
[================           28.5%                          ] 
 
[=================          29.5%                          ] 
 
[=================          30.5%                          ] 
 
[==================         31.5%                          ] 
 
[==================         32.5%                          ] 
 
[===================        33.1%                          ] 
 
[===================        34.0%                          ] 
 
[====================       34.7%                          ] 
 
[====================       35.7%                          ] 
 
[=====================      36.4%                          ] 
 
[=====================      36.7%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.4%                          ] 
 
[======================     38.3%                          ] 
 
[======================     39.1%                          ] 
 
[=======================    39.9%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.8%                          ] 
 
[=======================    41.1%                          ] 
 
[========================   41.8%                          ] 
 
[========================   42.8%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  44.4%                          ] 
 
[========================== 45.3%                          ] 
 
[========================== 46.3%                          ] 
 
[===========================47.2%                          ] 
 
[===========================48.2%                          ] 
 
[===========================49.2%                          ] 
 
[===========================50.2%                          ] 
 
[===========================51.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.7%                          ] 
 
[===========================57.0%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.2%=                         ] 
 
[===========================57.9%=                         ] 
 
[===========================58.9%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================59.6%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[===========================92.5%=====================     ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
 
There is a system repair pending which requires reboot to complete.  Restart 
Windows and run sfc again.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 122659696 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 445108034 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 469272 B
systemprofile32 => 469272 B
LocalService => 499296 B
NetworkService => 571498 B
boyke => 33026239 B
 
RecycleBin => 0 B
EmptyTemp: => 574.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:12:24 ====

  • 0

#8
DR M
Posted Today, 10:38 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,140 posts

Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click the Scan Now button.
  • Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
  • If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
  • Click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

Note: Click Skip Basic Repair if you are asked to.


In your next reply, please post:

  • The AdwCleaner[S0*].txt

  • 0

#9
kewleb
Posted 48 minutes ago

kewleb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Here is the Adw log:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2024-03-04.1 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-30-2024
# Duration: 00:00:04
# OS:       Windows 11 (Build 22631.3447)
# Scanned:  32104
# Detected: 5
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.LenovoIMController   Folder   C:\ProgramData\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Users\boyke\AppData\Local\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Folder   C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER 
Preinstalled.LenovoIMController   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  • 0

#10
DR M
Posted 43 minutes ago

DR M

    The Grecian Geek

  • Malware Removal
  • 4,140 posts

Nothing wrong with the last scan. The items detected are preinstalled programs, from when you bought the computer. It's up to you if you want to keep or remove them. 

 

Let's now see fresh FRST logs, Addition and FRST.

 

Also, let me know how is the computer running now. 


  • 0

#11
kewleb
Posted 37 minutes ago

kewleb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by boyke (administrator) on BOBBYSLENOVO (LENOVO 83ER) (30-04-2024 18:11:53)
Running from C:\Users\boyke\OneDrive\Desktop\FRST64.exe
Loaded Profiles: boyke
Platform: Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe <6>
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_helper.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyUtility.exe
(explorer.exe ->) (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering, Ltd.) C:\Program Files\Focusrite\Drivers\Focusrite Notifier.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2402.22.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(services.exe ->) () [File not signed] C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_64d7fcfcde9b9c10\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_3ea1838906a8645a\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a56db188a9b50197\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_6a3c518c5fadd973\AS\IAS\IntelAudioService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Elevoc Technology Co.,Ltd.) C:\Windows\System32\ElevocInstallDriver\ElevocControlService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusrite\Drivers\Focusrite Notifier.exe [906840 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering, Ltd.)
HKU\S-1-5-21-3746910256-3024237243-1541892286-1001\...\Run: [MicrosoftEdgeAutoLaunch_29452A804DD2D36A02AC7DBEDE72260D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4082112 2024-04-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3746910256-3024237243-1541892286-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3306528 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {AF77A501-295B-4B20-8A76-E8A715DF9005} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {3F97E3CB-0D59-4A17-AE79-872283A70CDA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {9EC2E34E-ADB2-4E2C-97B7-2E2C4B77E848} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [102400 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {3D47A369-38A2-4FC1-B0AA-368716FB9454} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\22024d68-7bd7-4bc6-9eef-dc2680e10a53 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {29499070-1B0D-45E1-BACF-DE0AAD4ABE39} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\54cf5ac7-ade8-4b98-ac1b-73700a7f2a87 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {FE2DD83E-60A9-49F3-903D-F130F348AB20} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6e922e2d-3d71-4f4a-b8cd-0fc45a116d1c => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {252650DA-EBDD-4866-934B-A50E37E39D50} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\becd4287-4023-4364-84f5-ab79b5dc02ce => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {0AB74466-17DF-4EC6-84C6-BD6A1498197D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f6ad50ec-341e-40f0-b935-c4968967077d => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {11AC6244-5B64-49CD-A28A-7B9E995D39F1} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {4DFD0402-0B99-4846-BF76-AD9F1A1EC89C} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [185312 2023-11-02] (Lenovo -> Lenovo Group Ltd.)
Task: {F436C856-0224-4CD2-AB52-2F191C0A17A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {F05F8B48-C648-4D73-920C-1FECD67E8DE5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452944 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {78A7DAD1-687F-4A54-BB37-56F67AE7B2D6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {F9801AB8-EB1D-4F63-8DED-E3F1C157EDA6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309944 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {10CB73C8-1709-4801-B4A1-5C748CA83B68} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168488 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B394028-63F2-4B9A-B53A-FEE36925F431} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FD2735B9-AABD-4D43-A8BB-DD9CF8D422B8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF7F3DD2-DB96-47A3-B980-1882426CD157} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {07750A90-E7A5-4257-ABFF-DB7D7EBFB429} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A8AED2D1-04A4-410E-AF61-038040AEAD76} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB6DBC30-68A3-4B15-80CF-9ABFF2B848A0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3746910256-3024237243-1541892286-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A96987C-A3A6-45A7-96D1-6A350CE046C3} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3746910256-3024237243-1541892286-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\Windows\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6be20357-8b56-4f51-8d9a-c7241245e723}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6be20357-8b56-4f51-8d9a-c7241245e723}: [DhcpDomain] broadband
Tcpip\..\Interfaces\{89b8e63e-4772-4e70-b1fb-626192170423}: [DhcpNameServer] 150.213.1.3
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\boyke\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-30]
Edge HomePage: Default -> hxxp://www.google.co.uk/
Edge StartupUrls: Default -> "hxxp://www.google.co.uk/"
Edge Extension: (Google Docs Offline) - C:\Users\boyke\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-31]
Edge Extension: (Edge relevant text changes) - C:\Users\boyke\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-03]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221280 2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe [2363432 2023-05-19] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_3ea1838906a8645a\ipfsvc.exe [546416 2022-12-15] (Intel Corporation -> Intel Corporation)
R2 ElevocService; C:\Windows\system32\ElevocInstallDriver\ElevocControlService.exe [416536 2023-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Elevoc Technology Co.,Ltd.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncHelper.exe [3507728 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
R2 Focusrite Control Server; C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [1297920 2023-10-25] () [File not signed]
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
S2 Intel® Platform License Manager Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_367008a610747d24\lib\PlatformLicenseManagerService.exe [749048 2022-12-20] (Intel Corporation -> Intel® Corporation)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_6a3c518c5fadd973\AS\IAS\IntelAudioService.exe [533640 2022-10-18] (Intel Corporation -> Intel)
R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_uf.exe [2781336 2023-03-17] (Intel Corporation -> Intel Corporation)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe [168776 2024-04-01] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1849552 2023-04-18] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.070.0407.0003\OneDriveUpdaterService.exe [3848208 2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
R2 UDCService; C:\Windows\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72160 2023-11-02] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88772; C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\ax88772.sys [116736 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.)
R0 bhtsddr; C:\Windows\System32\DRIVERS\bhtsddr.sys [177768 2023-07-12] (BayHub Technology Inc. -> BayHubTech)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 FocusritePCIeSwRoot; C:\Windows\System32\drivers\FocusritePCIeSwRoot.sys [106824 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUsb; C:\Windows\System32\drivers\FocusriteUsb.sys [169800 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUsbAudio; C:\Windows\System32\drivers\FocusriteUsbAudio.sys [110408 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsbSwRoot; C:\Windows\System32\drivers\FocusriteUsbSwRoot.sys [112968 2023-10-13] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R0 fse; C:\Windows\System32\drivers\fse.sys [218592 2023-11-19] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_SPI_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_334c460fea9b11a4\iaLPSS2_SPI_ADL.sys [171608 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_43d5df63d19fde70\iaLPSS2_UART2_ADL.sys [329320 2022-10-24] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-19] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_7d9abd38830a6e00\ipf_acpi.sys [87144 2023-03-17] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_cpu.sys [80536 2023-03-17] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_bef44694f882994d\ipf_lf.sys [444568 2023-03-17] (Intel Corporation -> Intel Corporation)
S3 l6hxstomp; C:\Windows\System32\Drivers\l6HXStomp.sys [331784 2023-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Line 6)
S3 l6hxstomp_AvsFilter; C:\Windows\System32\drivers\l6HXStomp_AvsFilter.sys [120328 2023-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Line 6)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [234312 2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
R3 MpKsl6e0527c6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22A5226A-1334-43F4-B242-B15630228C42}\MpKslDrv.sys [301336 2024-04-30] (Microsoft Windows -> Microsoft Corporation)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-11-19] (Microsoft Windows -> )
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20936 2024-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601376 2024-04-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-15] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-30 18:00 - 2024-04-30 18:02 - 000000000 ____D C:\AdwCleaner
2024-04-30 18:00 - 2024-04-30 18:00 - 008791352 _____ (Malwarebytes) C:\Users\boyke\OneDrive\Desktop\AdwCleaner.exe
2024-04-30 18:00 - 2024-04-30 18:00 - 008791352 _____ (Malwarebytes) C:\Users\boyke\Downloads\AdwCleaner.exe
2024-04-30 17:15 - 2024-04-30 17:15 - 000234312 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2024-04-30 17:15 - 2024-04-30 17:15 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2024-04-30 17:13 - 2024-04-30 17:13 - 000000000 ____D C:\Windows\SysWOW64\DDFs
2024-04-30 17:09 - 2024-04-30 17:12 - 000011441 _____ C:\Users\boyke\OneDrive\Desktop\Fixlog.txt
2024-04-30 15:52 - 2024-04-30 15:52 - 000000000 ___HD C:\OneDriveTemp
2024-04-30 15:46 - 2024-04-30 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-04-30 15:46 - 2024-04-30 15:46 - 000000000 ____D C:\Program Files\VS Revo Group
2024-04-30 15:45 - 2024-04-30 15:46 - 006970144 _____ (VS Revo Group ) C:\Users\boyke\Downloads\revosetup.exe
2024-04-30 13:40 - 2024-04-30 13:41 - 000025930 _____ C:\Users\boyke\OneDrive\Desktop\Addition.txt
2024-04-30 13:38 - 2024-04-30 18:12 - 000023077 _____ C:\Users\boyke\OneDrive\Desktop\FRST.txt
2024-04-30 13:38 - 2024-04-30 18:12 - 000000000 ____D C:\FRST
2024-04-30 13:37 - 2024-04-30 13:38 - 002394112 _____ (Farbar) C:\Users\boyke\OneDrive\Desktop\FRST64.exe
2024-04-30 13:35 - 2024-04-30 13:35 - 002394112 _____ (Farbar) C:\Users\boyke\Downloads\FRST64.exe
2024-04-30 13:26 - 2024-04-30 13:26 - 000024320 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-30 13:25 - 2024-04-30 13:25 - 000024320 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-30 13:11 - 2024-04-30 18:03 - 000000000 ____D C:\Users\boyke\AppData\Local\Malwarebytes
2024-04-30 13:11 - 2024-04-30 13:11 - 000002104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-04-30 13:10 - 2024-04-30 13:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-30 13:10 - 2024-04-30 13:10 - 000000000 ____D C:\Program Files\Malwarebytes
2024-04-30 13:09 - 2024-04-30 13:09 - 002589624 _____ (Malwarebytes) C:\Users\boyke\Downloads\MBSetup.exe
2024-04-15 13:00 - 2024-04-15 13:00 - 006291508 _____ C:\Users\boyke\OneDrive\Documents\Stingray.ree
2024-04-15 12:59 - 2024-04-15 13:00 - 004939324 _____ C:\Users\boyke\OneDrive\Desktop\Stingray1.wav
2024-04-06 13:56 - 2024-04-06 13:56 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-06 13:35 - 2024-04-06 13:35 - 000002715 _____ C:\Users\boyke\Downloads\So_Many_Strings.hlx.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-30 18:12 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp
2024-04-30 18:09 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-30 18:01 - 2023-11-19 12:57 - 000000000 ____D C:\Users\boyke\AppData\Local\D3DSCache
2024-04-30 17:58 - 2022-05-25 20:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-04-30 17:58 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-30 17:21 - 2023-08-24 08:14 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-04-30 17:21 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF
2024-04-30 17:18 - 2023-11-19 13:03 - 000000000 ___RD C:\Users\boyke\OneDrive
2024-04-30 17:18 - 2023-11-19 12:59 - 000000000 ____D C:\Users\boyke\AppData\Local\packages
2024-04-30 17:18 - 2022-05-25 20:06 - 000000000 ____D C:\ProgramData\Packages
2024-04-30 17:18 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-30 17:18 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness
2024-04-30 17:15 - 2023-08-24 08:02 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-04-30 17:15 - 2022-05-25 20:05 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-30 17:15 - 2022-05-25 20:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-04-30 17:15 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ServiceState
2024-04-30 17:15 - 2022-05-07 06:17 - 000786432 _____ C:\Windows\system32\config\BBI
2024-04-30 17:14 - 2022-05-25 20:05 - 000474032 _____ C:\Windows\system32\FNTCACHE.DAT
2024-04-30 17:13 - 2023-11-19 12:51 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemResources
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\oobe
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\DDFs
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellComponents
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\Provisioning
2024-04-30 17:13 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\bcastdvr
2024-04-30 17:12 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp
2024-04-30 15:51 - 2023-11-20 19:44 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-04-30 15:48 - 2023-08-24 08:19 - 000000000 ____D C:\ProgramData\McAfee
2024-04-30 13:42 - 2023-11-19 14:48 - 000000000 ____D C:\Windows\system32\MRT
2024-04-30 13:37 - 2023-11-19 14:48 - 192651728 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-04-30 13:28 - 2023-11-19 18:56 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-04-30 13:28 - 2023-11-19 18:56 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-30 13:28 - 2023-11-19 13:03 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3746910256-3024237243-1541892286-1001
2024-04-30 13:26 - 2022-05-25 20:08 - 003213824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-04-30 13:20 - 2023-08-24 08:07 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-30 13:11 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-04-30 12:51 - 2022-05-25 20:06 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-30 09:58 - 2023-11-25 16:12 - 000000000 ____D C:\Users\boyke\AppData\Roaming\Microsoft\Word
2024-04-30 09:52 - 2023-11-19 12:25 - 000000000 ___SD C:\Users\boyke\AppData\Roaming\Microsoft\Protect
2024-04-15 12:50 - 2022-05-25 20:05 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-04-08 21:24 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-04-08 21:24 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\servicing
2024-04-06 13:56 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-06 13:38 - 2023-11-28 22:21 - 000000000 ____D C:\Users\boyke\OneDrive\Documents\IMA Presets
2024-04-06 13:35 - 2022-05-25 20:06 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-06 13:35 - 2022-05-25 20:06 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-31 21:21 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\SecurityHealth
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by boyke (30-04-2024 18:13:23)
Running from C:\Users\boyke\OneDrive\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) (2023-11-20 02:12:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3746910256-3024237243-1541892286-500 - Administrator - Disabled)
boyke (S-1-5-21-3746910256-3024237243-1541892286-1001 - Administrator - Enabled) => C:\Users\boyke
DefaultAccount (S-1-5-21-3746910256-3024237243-1541892286-503 - Limited - Disabled)
Guest (S-1-5-21-3746910256-3024237243-1541892286-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3746910256-3024237243-1541892286-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Authorizer 2.9.0d5 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.0d5 - Propellerhead Software AB)
Focusrite Audio Drivers 4.119.3.167 (HKLM\...\Focusrite Audio Drivers_is1) (Version: 4.119.3.167 - Focusrite Audio Engineering, Ltd.)
Focusrite Control 3.16.0.176 (HKLM\...\Focusrite Control_is1) (Version: 3.16.0.176 - Focusrite Audio Engineering Ltd.)
Line 6 Driver2 Helix v1.92 Uninstaller (HKLM-x32\...\Line 6 Driver2 Helix v1.92 Uninstaller) (Version:  - Line 6)
Line 6 Driver2 Helix v1.97.0.2 Uninstaller (HKLM-x32\...\Line 6 Driver2 Helix v1.97.0.2 Uninstaller) (Version:  - Line 6)
Line 6 Driver2 HxStomp v1.97.0.2 Uninstaller (HKLM-x32\...\Line 6 Driver2 HxStomp Uninstaller) (Version:  - Line 6)
Line 6 HX Edit Uninstaller (HKLM-x32\...\Line 6 HX Edit Uninstaller) (Version: 3.70 - Line 6)
Line 6 Line 6 Updater Uninstaller (HKLM-x32\...\Line 6 Updater Uninstaller) (Version: 1.28 - Line 6)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Line 6 WinUsb Driver v1.0.0.7 Uninstaller (HKLM-x32\...\Line 6 Driver2 L6WinUsb Uninstaller) (Version:  - Line 6)
Malwarebytes version 5.1.3.110 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.3.110 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20176 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.67 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.070.0407.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17425.20176 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20176 - Microsoft Corporation) Hidden
Reason Essentials 8 8.3.2d7 (HKLM\...\ReasonEssentials8.0Stable_64_is1) (Version: 8.3.2d7 - Propellerhead Software AB)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Stellarium 1.1 (HKLM\...\Stellarium_is1) (Version: 1.22.4 - Stellarium team)
 
Packages:
=========
 
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5435.0_x64__8j3eq9eme6ctt [2024-04-15] (INTEL CORP) [Startup Task]
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1300.477.0_x64__8wekyb3d8bbwe [2024-04-30] (Microsoft Corporation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.21.269.0_x64__rz1tebttyb220 [2024-04-01] (Dolby Laboratories)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23306.1292.0_x64__8wekyb3d8bbwe [2024-03-31] (Microsoft Corporation)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-04-15] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-11-22] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-03-31] (Microsoft Corporation)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-11-22] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-11-22] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-30] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-04-08] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_0.24041.34.0_x64__cw5n1h2txyewy [2024-04-30] (Microsoft Windows)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2404.195.0_x64__8wekyb3d8bbwe [2024-04-30] (Microsoft Corporation) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-30] (Spotify AB) [Startup Task]
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-04-30] (Microsoft Windows)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-04-08] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.070.0407.0003\FileSyncShell64.dll [2024-04-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-04-30] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\boyke\OneDrive\Desktop\AdwCleaner.exe:MBAM.Zone.Identifier [229]
AlternateDataStreams: C:\Users\boyke\OneDrive\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\boyke\Downloads\AdwCleaner.exe:MBAM.Zone.Identifier [229]
AlternateDataStreams: C:\Users\boyke\Downloads\revosetup.exe:MBAM.Zone.Identifier [141]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-06] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3746910256-3024237243-1541892286-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D2A0BB10-C925-4E0A-AD4B-7696E5F7A827}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C00A097-77EF-4EC5-9FB2-ABEF19400640}] => (Allow) C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe () [File not signed]
FirewallRules: [{0B3BA8E1-2554-46F6-B78C-7CF5A696D635}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67966A89-4035-4199-B73E-36FCC41FE5BD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CC208A5F-77FA-4462-9D05-C14688EB08C5}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D34E9620-91E1-4928-BF13-82CAA061F12E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CDCFA9BB-B8EE-43E2-9EC1-A8CFF088C4E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B9D30AB7-C66E-404B-BBE5-F16DACE1B668}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E76014A3-6C53-44C5-B320-569919DC9EEF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{84C24494-BEBE-4FC2-BC78-55476F57B66E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A0539920-6E62-4F85-9093-03C3CEEE00B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5D2866D2-15DC-445C-AD13-69635C5E6C28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B09E07F4-7B78-426B-8F98-9F53E8244FB7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{141D8EFA-42BA-4A75-9D1E-C60811863704}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4D823528-3437-4871-98D4-623B9032FB04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8D04CAF4-824F-42CD-AA62-65181C3A395B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
15-04-2024 13:06:13 Windows Update
30-04-2024 13:11:33 Windows Update
30-04-2024 15:48:25 Revo Uninstaller's restore point - WebAdvisor by McAfee
 
==================== Faulty Device Manager Devices ============
 
Name: Universal Device Client Device
Description: Universal Device Client Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Lenovo
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/30/2024 05:57:59 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program ShellExperienceHost.exe version 10.0.22621.3235 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (04/30/2024 05:09:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (04/30/2024 05:09:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {87ff5198-b37c-40ce-a5a3-15aef0b409ed}
 
Error: (03/31/2024 09:20:52 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Description = Windows Update; Error = 0x80042319).
 
Error: (03/31/2024 09:20:52 PM) (Source: SPP) (EventID: 16387) (User: )
Description: Writer MSSearch Service Writer experienced some error during snapshot creation.
 
More info: .
 
Error: (03/10/2024 12:27:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Description = Windows Update; Error = 0x80042319).
 
Error: (03/10/2024 12:27:10 PM) (Source: SPP) (EventID: 16387) (User: )
Description: Writer MSSearch Service Writer experienced some error during snapshot creation.
 
More info: .
 
Error: (02/09/2024 11:31:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
 
System errors:
=============
Error: (04/30/2024 05:14:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: 2024-04 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2 for x64 (KB5036620).
 
Error: (04/30/2024 05:13:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\IntelIHVRouter10.dll
 
Error: (04/30/2024 05:13:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\IntelIHVRouter10.dll
 
Error: (04/30/2024 05:12:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (04/30/2024 05:12:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (04/30/2024 05:09:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/30/2024 05:09:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/30/2024 05:09:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Interface Foundation Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Windows Defender:
================
Date: 2024-03-03 18:18:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-23 08:39:35
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-16 10:28:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-16 09:40:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-10 18:38:41
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2023-11-19 14:16:21
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.856.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.  
 
CodeIntegrity:
===============
Date: 2024-04-08 20:55:54
Description: 
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Windows\System32\drivers\l6HXStomp_AvsFilter.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x2. Status 0xC0000220. 
 
Date: 2024-01-11 11:17:43
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system. 
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO LTCN26WW 06/30/2023
Motherboard: LENOVO LNVNB161216
Processor: 12th Gen Intel® Core™ i5-12450H
Percentage of memory in use: 76%
Total physical RAM: 7884.87 MB
Available physical RAM: 1855.19 MB
Total Virtual: 8588.87 MB
Available Virtual: 1463.89 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:474.72 GB) (Free:394.66 GB) (Model: Micron MTFDKCD512QFM-1BD1AABLA) (Protected) NTFS
 
\\?\Volume{2c069ba6-6330-48e8-b6ba-a10647c98a12}\ (WINRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.14 GB) NTFS
\\?\Volume{2167eeba-99ba-40fd-abe4-db86375345d4}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 872B007B)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#12
kewleb
Posted 35 minutes ago

kewleb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Computer seems to be running fine now  :yes:


  • 0

#13
DR M
Posted 17 minutes ago

DR M

    The Grecian Geek

  • Malware Removal
  • 4,140 posts

Perfect!   :thumbsup: 
 
We need to remove a few remnants and then repeat the System File Checker which wasn't successfully completed before.
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
2024-04-30 15:48 - 2023-08-24 08:19 - 000000000 ____D C:\ProgramData\McAfee
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

2. System File Checker

  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
Windows Resource Protection did not find any integrity violations 
Windows Resource Protection found corrupt files and successfully repaired them 
Windows Resource Protection found corrupt files but was unable to fix some of them 
Windows Resource Protection could not perform the requested operation
  • Take a screenshot of what you got and attach it to your next reply. 

 

In your next reply please post:

  1. The fixlog.txt
  2. The screenshot

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

16 user(s) are reading this topic

1 members, 15 guests, 0 anonymous users


    kewleb
  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP