Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus window appeared in browser

Started by xilogo1202 , May 20 2025 07:38 PM

  • Please log in to reply

#16
DR M
Posted 27 May 2025 - 11:37 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,433 posts

xilogo, if the file is clean, I recommend you to add it in the Defender's exclusions.


1. Ensure that the file is clean

  • Go to VirusTotal:
  • Click "Choose file":
    • On the homepage, click the "Choose file" button under the File tab.
  • Browse to your file:
    • Navigate to the file being flagged: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    • Note: Windows may block access to this system file directly. In that case, copy the suspicious script or related executable to your Desktop first.
  • Select the file and click "Open".
  • Click "Confirm upload" to submit the file for scanning.
  • Let me know the results. We will continue from there. 

  • 0

Advertisements

#17
xilogo1202
Posted 29 May 2025 - 10:33 PM

xilogo1202

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hi DR M.

Here are the results https://www.virustot...7c7a3/detection


  • 0

#18
xilogo1202
Posted 01 June 2025 - 11:27 AM

xilogo1202

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hi DR M

 

I will be unable to reply for a while starting in a few days. So since the file didn't seem to be bad and appears to be a false positive, I added the file to Windows Security Exclusion list. I hope this is correct. Please let me know if I should not have done that or should do something else. Thanks.


  • 0

#19
DR M
Posted 01 June 2025 - 01:29 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,433 posts

Hi, xilogo.

 

Apologies for the delayed reply. I had no access to a computer since Wednesday. I'll review the link above and let you know what to do next. 


  • 0

#20
DR M
Posted 03 June 2025 - 02:22 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,433 posts

OK. It seems that the detection is a F/P. 

 

I would like to check fresh FRST logs, please. Run the tool once more and attach the 2 logs for me to check.


  • 0

#21
xilogo1202
Posted Yesterday, 06:02 PM

xilogo1202

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi DR M. Here are the logs. Thanks!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-06-2025
Ran by admin (administrator) on LAPTOP-GE8FCSQN (LENOVO 20VE) (04-06-2025 17:51:12)
Running from C:\Users\Username\Desktop\FRST64.exe
Loaded Profiles: admin & Username
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5854 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(GenericTelemetryAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(LenovoSystemUpdateAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxEMN.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAF04E~1.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\FnHotkeyUtility.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ElanIapService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_db7985d30b50e28f\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_46aa7595a4cd0ecb\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe <2>
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe <2>
(services.exe ->) (TBT_DCH_DRV_PROD -> ) C:\Windows\TbtP2pShortcutService.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxextN.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe [1635688 2022-12-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [459904 2018-01-30] (CANON INC. -> CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp (No File)
HKLM\...\RunOnce: [*DelTemp] => cmd /c DEL /F /Q /A "C:\Users\admin\AppData\Local\Temp\FRST305.TEMP" [2405888 2025-05-25] (Farbar) [File not signed] <==== ATTENTION
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoMeetingDaemon] => C:\Users\Username\AppData\Local\WebEx\WebexHost.exe [7272032 2024-04-01] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoSpark] => C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1476 2024-05-11] () [File not signed]
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141096 2025-05-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [153088 2018-01-30] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1501696 2018-10-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\137.0.7151.56\Installer\chrmstp.exe [2025-06-01] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08A21946-05CE-4B19-BF73-1B93A745FEED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {A64851A1-2108-4FEE-91B7-08046252FF5F} - System32\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-12] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {81EAAF71-514B-4127-B19C-7780892B9FFF} - System32\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-12] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {3D20BFAA-18BC-4F90-BC6B-A83022993327} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7194.0{5EC0AEAB-5D1C-42C4-AE4A-8D5CEF1E1C6E} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe [7080032 2025-05-22] (Google LLC -> Google LLC)
Task: {1871758E-9C91-4D1E-B938-F05AA6ED1CF3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [94496 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {E1B27C35-FA09-4A05-A9ED-BD0FF237CE96} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {345A3571-2FF4-4735-AE8F-8959B895B9E1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {831CD3BE-4111-4869-BD0D-A79164AE739D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1d696f4d-2e10-46e6-adf3-da920153b9ac => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {D4224DF2-6078-463A-9B0B-AA09692FAF59} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a949b561-8ba5-479f-b8fc-cc8b786b1ac2 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {F5705511-0AFB-4719-9C2A-E2423E323D3C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e6b98969-7ff2-4198-9ea3-cb050c863cc6 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {CA9ABCB6-10F7-454B-B578-2105C243A8B2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {983E498A-7A48-4F65-BE4F-514529FA7CD9} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {FAB2E828-4B56-4CF8-8A1E-9B6E642DB015} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {965B3DA2-8214-473C-97F1-8507A174F716} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {6E6D6A7F-DE6E-4E28-8467-079F1CB5A3F4} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {43CC7388-A4A3-4F61-B9F3-D181410B676D} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {E2C4962F-D262-44A5-85A5-A5736E118AB9} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {47736525-25BA-4D26-80DE-21045117C897} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {6BE8B0FB-4D1B-49A1-9327-5F5B4E5D5A76} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {9A1CFAC3-1168-40EF-8B4A-59FB889E7095} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {43BAD6D3-43F8-4AE0-806E-15C704D524EA} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {015602D6-2AE0-408F-B9C6-0AC24743B792} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {42FD2270-C76A-4178-9F60-79B7C8F97776} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {872DE35E-573D-4CB0-8137-AE864EC85B9C} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.190\x64\IdleScheduleEventAction.exe [143768 2025-01-17] (Lenovo -> )
Task: {9F03217E-F069-4A04-B9C6-6A990D1612A6} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {08CECB3B-A222-4BDC-B2C8-002DD148954B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955376 2025-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6CBDE55-E324-4942-BCFF-4EBB09BA949E} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68312 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CFC99D7-79FB-43A1-A220-230FE4CF8C6D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955376 2025-05-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE6C0EF4-CFF5-409D-A23B-A50AC7E979AB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {5033A2A4-6505-4D9B-9A22-8D4FC5FD1789} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E66A04A-1C7C-4059-BDA0-7832EA1DEA53} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [225992 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D1B82CB-E56B-4C7F-A56F-FF3E1758A62E} - System32\Tasks\Microsoft\Office\Office Startup Boost => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {167842EA-8460-4659-9F9B-BD0869269678} - System32\Tasks\Microsoft\Office\Office Startup Boost Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {48AE7416-6033-4F1E-8366-35DEEE046D21} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpCmdRun.exe [1757568 2025-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCD0E700-0238-433A-BE84-014F4ECEB61A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpCmdRun.exe [1757568 2025-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B7C2405-A22E-481A-BFB4-F9740E59179B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpCmdRun.exe [1757568 2025-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E5B838CE-8763-4BA2-9B07-B34D84FC1C79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpCmdRun.exe [1757568 2025-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5C97297-6A60-4D27-9BBC-B334C98B4839} - System32\Tasks\OneDrive Startup Task-S-1-5-21-240337477-2287995252-3564736294-1001 => C:\Users\admin\AppData\Local\Microsoft\OneDrive\25.075.0420.0002\OneDriveLauncher.exe [679728 2025-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {ADF7F50C-5FB0-42EE-BC16-D35A1BF300C7} - System32\Tasks\OneDrive Startup Task-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\Microsoft\OneDrive\25.085.0504.0002\OneDriveLauncher.exe [684856 2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{45d5d7d4-26dd-4f05-b26c-4fccf75fe7ad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\4597C65627723702960586F6E656: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\E45445745414257303: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\E45445745414257303D25374: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-18]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2025-05-26]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-03]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-03]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-03]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-03]
CHR Extension: (uBlock Origin) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2025-05-21]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-24]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-03]
CHR HKU\S-1-5-21-240337477-2287995252-3564736294-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13724376 2025-05-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe [2305576 2021-12-08] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ElanIapService; C:\Windows\System32\ElanIapService.exe [475088 2020-07-30] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [343936 2020-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe [539816 2021-09-02] (Intel Corporation -> Intel)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_fa50a878363b0cec\LenovoUtilityService.exe [182272 2025-02-21] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe [34816 2025-02-21] (Lenovo -> Lenovo)
S3 LibreOfficeMaintenance; C:\Program Files\LibreOffice\program\update_service.exe [123304 2025-04-28] (The Document Foundation -> The Document Foundation)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1817944 2020-09-11] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9577376 2025-06-01] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2024-12-25] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MpDefenderCoreService.exe [2071592 2025-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [252264 2021-01-26] (TBT_DCH_DRV_PROD -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\NisSrv.exe [4513624 2025-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25050.5-0\MsMpEng.exe [278328 2025-06-03] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-12] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-12] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-12] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-12] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1421680 2020-09-23] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [330112 2025-06-03] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234072 2025-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-03-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [242752 2025-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20032 2025-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [612768 2025-06-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [100744 2025-06-03] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-06-04 17:49 - 2025-06-04 17:50 - 000026094 _____ C:\Users\Username\Desktop\Addition.txt
2025-06-04 17:47 - 2025-06-04 17:51 - 000029396 _____ C:\Users\Username\Desktop\FRST.txt
2025-06-04 17:47 - 2025-06-04 17:51 - 000000000 ____D C:\FRST
2025-06-04 17:46 - 2025-06-04 17:46 - 002405888 _____ (Farbar) C:\Users\Username\Desktop\FRST64.exe
2025-06-03 16:54 - 2025-06-03 16:54 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-06-01 18:58 - 2025-06-01 18:58 - 000280139 _____ C:\Users\Username\Downloads\statement.pdf
2025-06-01 11:36 - 2025-06-02 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice
2025-05-25 22:46 - 2025-05-25 22:46 - 000000008 _____ C:\ProgramData\ntuser.pol
2025-05-23 20:02 - 2025-05-23 20:04 - 000000000 ____D C:\AdwCleaner
2025-05-22 20:38 - 2025-05-22 20:40 - 000000000 ____D C:\ProgramData\LogiShrd
2025-05-20 18:59 - 2025-05-20 18:59 - 000003570 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-240337477-2287995252-3564736294-1001
2025-05-14 14:21 - 2025-05-14 14:21 - 000022680 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-14 14:21 - 2025-05-14 14:21 - 000022680 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-05-14 14:16 - 2025-05-14 14:16 - 000000000 ___HD C:\$WinREAgent
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-06-04 17:51 - 2023-05-12 10:22 - 000000000 ____D C:\Users\Username\AppData\Local\Malwarebytes
2025-06-04 17:46 - 2022-12-10 20:27 - 000242752 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2025-06-04 17:44 - 2021-01-02 20:59 - 000000000 __SHD C:\Users\Username\IntelGraphicsProfiles
2025-06-04 17:44 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-06-04 16:23 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-06-04 08:56 - 2021-12-31 17:16 - 000000000 ____D C:\Windows\SystemTemp
2025-06-03 16:54 - 2020-11-19 03:52 - 000000000 ____D C:\Program Files\Microsoft Office
2025-06-03 16:54 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-06-03 16:54 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
2025-06-03 09:22 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-06-02 20:09 - 2021-01-04 21:50 - 000000000 ____D C:\Users\Username\AppData\Local\CrashDumps
2025-06-02 17:29 - 2025-02-05 17:49 - 000003568 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-240337477-2287995252-3564736294-1002
2025-06-02 17:29 - 2021-12-13 09:45 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-240337477-2287995252-3564736294-1002
2025-06-02 17:29 - 2021-01-02 21:00 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-240337477-2287995252-3564736294-1002
2025-06-02 17:29 - 2021-01-02 20:59 - 000002387 _____ C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-06-01 19:20 - 2021-01-02 20:59 - 000000000 ____D C:\Users\Username\AppData\Local\Packages
2025-06-01 19:18 - 2021-01-19 16:40 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\Excel
2025-06-01 19:12 - 2021-01-25 11:09 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\UProof
2025-06-01 19:12 - 2021-01-19 16:42 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\Word
2025-06-01 11:41 - 2020-05-06 12:41 - 000795742 _____ C:\Windows\system32\PerfStringBackup.INI
2025-06-01 11:41 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
2025-06-01 11:37 - 2020-11-19 02:48 - 000000000 ___HD C:\Intel
2025-06-01 11:37 - 2020-05-06 12:33 - 000655632 _____ C:\Windows\system32\FNTCACHE.DAT
2025-06-01 11:37 - 2020-05-06 12:33 - 000008192 ___SH C:\DumpStack.log.tmp
2025-06-01 11:37 - 2020-05-06 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-06-01 11:37 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ServiceState
2025-06-01 11:36 - 2019-12-07 03:03 - 001572864 _____ C:\Windows\system32\config\BBI
2025-06-01 11:35 - 2024-05-20 17:51 - 000000000 ____D C:\Program Files\LibreOffice
2025-06-01 11:27 - 2020-11-19 03:58 - 000000000 ____D C:\Windows\TempInst
2025-06-01 11:24 - 2023-01-16 21:52 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-06-01 11:24 - 2020-11-19 03:52 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-06-01 11:23 - 2021-01-02 20:47 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-06-01 11:23 - 2021-01-02 20:47 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-05-25 22:45 - 2022-11-15 16:03 - 000000000 ____D C:\Users\Username\AppData\LocalLow\Temp
2025-05-25 22:45 - 2021-01-02 20:18 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Temp
2025-05-25 22:43 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
2025-05-23 19:49 - 2019-12-07 03:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2025-05-22 20:21 - 2025-04-17 21:20 - 000000000 ____D C:\Users\admin\AppData\Local\Malwarebytes
2025-05-22 20:00 - 2021-01-02 20:10 - 000000000 ____D C:\Users\admin\AppData\Local\Packages
2025-05-22 20:00 - 2020-11-19 03:51 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-05-22 20:00 - 2020-11-19 03:51 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-05-22 19:59 - 2021-01-02 20:10 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2025-05-20 18:59 - 2025-04-17 21:21 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-240337477-2287995252-3564736294-1001
2025-05-20 18:59 - 2021-01-02 20:12 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-240337477-2287995252-3564736294-1001
2025-05-20 18:59 - 2021-01-02 20:09 - 000002390 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-05-16 16:03 - 2025-04-17 22:33 - 000001389 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-05-16 08:59 - 2021-01-02 20:59 - 000000000 ____D C:\Users\Username
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\PrintDialog
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\setup
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\oobe
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\Dism
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellExperiences
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellComponents
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-05-16 08:56 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
2025-05-16 08:56 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\servicing
2025-05-14 14:25 - 2021-01-02 20:14 - 000000000 ____D C:\Windows\system32\MRT
2025-05-14 14:24 - 2021-01-02 20:14 - 214836568 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-05-14 14:21 - 2020-05-06 12:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-05-08 16:28 - 2021-01-23 22:02 - 000000000 ____D C:\Users\Username\AppData\Roaming\vlc
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2025
Ran by admin (04-06-2025 17:52:13)
Running from C:\Users\Username\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.5854 (X64) (2021-01-03 18:02:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
admin (S-1-5-21-240337477-2287995252-3564736294-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-240337477-2287995252-3564736294-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-240337477-2287995252-3564736294-503 - Limited - Disabled)
Guest (S-1-5-21-240337477-2287995252-3564736294-501 - Limited - Disabled)
Username (S-1-5-21-240337477-2287995252-3564736294-1002 - Limited - Enabled) => C:\Users\Username
WDAGUtilityAccount (S-1-5-21-240337477-2287995252-3564736294-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20474 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Canon MF741C/743C (HKLM\...\{BB46A4DC-43FD-4deb-8B8D-E0211A44D94B}) (Version: 6.4.0.3 - CANON INC.)
Cisco Webex Meetings (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ActiveTouchMeetingClient) (Version: 44.4.0 - Cisco Webex LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 137.0.7151.56 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM\...\{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel® Corporation)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.3.21.0 - Lenovo Group Ltd.)
LibreOffice 25.2.3.2 (HKLM\...\{55CF6D12-B29A-4610-9E4A-1ACFE722B691}) (Version: 25.2.3.2 - The Document Foundation)
Malwarebytes version 5.3.2.195 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.3.2.195 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18827.20128 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 137.0.3296.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.92 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\OneDriveSetup.exe) (Version: 25.075.0420.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\OneDriveSetup.exe) (Version: 25.085.0504.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Teams) (Version: 1.8.00.9760 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Mozilla Firefox 133.0.3 (x64 en-US)) (Version: 133.0.3 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20128 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Webex (HKLM\...\{B080C79D-B4E3-5424-8492-BEBBD67B1A92}) (Version: 43.10.0.28042 - Cisco Systems, Inc)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
 
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-04-18] ()
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.30201.210.0_x64__rz1tebttyb220 [2025-04-18] (Dolby Laboratories)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-06-01] (INTEL CORP) [Startup Task]
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2501.20.0_x64__k1h2ywk1493x8 [2025-06-01] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.7.18.0_x64__5grkq8ppsgwt4 [2025-05-23] (LENOVO INC) [Startup Task]
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-06-03] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.289.0_x64__dt26b99r8h8gj [2025-04-18] (Realtek Semiconductor Corp)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.150.3125.0_x64__kzf8qxf38zg5c [2025-05-16] (Skype)
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2021-09-26] (Fortemedia)
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2025-04-18] (INTEL CORP)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Username\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-05-21] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-05-21] (Malwarebytes Inc -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-01-10 20:53 - 2018-01-29 21:28 - 000005120 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6_en-US.DLL
2021-01-10 20:52 - 2018-01-29 21:26 - 000153088 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) =============
 
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 03:14 - 2019-12-07 03:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\11027567817866036933\133894237062489606.jpg
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Wi-Fi: Intel® Wi-Fi 6 AX201 160MHz -> Netwtw10.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoSpark"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{F66FE10C-0F79-4F40-97EA-A16178E767EA}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{8D2C76DD-8F61-4AD4-B645-4D737C01F19D}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{83D6447C-463F-46FC-9A94-E14D0E37AD61}C:\users\Username\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\Username\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{B86DDDEA-D6CA-487C-BE96-108B74D23C68}C:\users\Username\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\Username\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D4517488-C8F0-410D-82B5-C0A0679DB7BA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{761A7034-179A-4CBA-A6AA-6D7CA9C278EE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D90A7C5A-5FC7-4A98-80F0-BCB9345907A4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D4133C9D-016F-4DA0-908C-C6169EC285E6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
26-05-2025 12:41:48 Scheduled Checkpoint
03-06-2025 13:27:59 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/03/2025 04:53:52 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-GE8FCSQN)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
 
Error: (06/02/2025 08:16:30 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {B4E8F8B1-1F74-4012-B380-E8FD8EFD81F4}
 
Error: (06/02/2025 08:16:30 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {396599E8-4167-41C2-9285-B0DC847E5A42}
 
Error: (06/02/2025 08:09:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 25.2.3.2, time stamp: 0x680bfb0f
Faulting module name: cppu3.dll, version: 25.2.3.2, time stamp: 0x680bd920
Exception code: 0xc0000005
Fault offset: 0x00000000000214ae
Faulting process id: 0x20ac
Faulting application start time: 0x01dbd42c88f163b7
Faulting application path: C:\Program Files\LibreOffice\program\soffice.bin
Faulting module path: C:\Program Files\LibreOffice\program\cppu3.dll
Report Id: 727e6e6e-31ab-453f-9c80-96995aafa9ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/02/2025 08:09:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 25.2.3.2, time stamp: 0x680bfb0f
Faulting module name: cppu3.dll, version: 25.2.3.2, time stamp: 0x680bd920
Exception code: 0xc0000005
Fault offset: 0x00000000000214ae
Faulting process id: 0x23b8
Faulting application start time: 0x01dbd42c846fdcf0
Faulting application path: C:\Program Files\LibreOffice\program\soffice.bin
Faulting module path: C:\Program Files\LibreOffice\program\cppu3.dll
Report Id: a3f1a344-8e29-4916-b4df-dd99a2b90ee4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/02/2025 08:07:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 25.2.3.2, time stamp: 0x680bfb0f
Faulting module name: cppu3.dll, version: 25.2.3.2, time stamp: 0x680bd920
Exception code: 0xc0000005
Fault offset: 0x00000000000214ae
Faulting process id: 0x3100
Faulting application start time: 0x01dbd42c3954a995
Faulting application path: C:\Program Files\LibreOffice\program\soffice.bin
Faulting module path: C:\Program Files\LibreOffice\program\cppu3.dll
Report Id: 5f8640f3-56ea-472d-9628-64e741faee76
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/02/2025 08:06:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 25.2.3.2, time stamp: 0x680bfb0f
Faulting module name: cppu3.dll, version: 25.2.3.2, time stamp: 0x680bd920
Exception code: 0xc0000005
Fault offset: 0x00000000000214ae
Faulting process id: 0x3260
Faulting application start time: 0x01dbd42c30977e6c
Faulting application path: C:\Program Files\LibreOffice\program\soffice.bin
Faulting module path: C:\Program Files\LibreOffice\program\cppu3.dll
Report Id: fd96a43b-6078-47b9-a2f4-6f4f8dfe981e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/02/2025 08:06:50 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {4AFC2224-6303-4D32-BB9E-00A94DF854FC}
 
 
System errors:
=============
Error: (06/04/2025 05:48:35 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4A8EC270-ECA5-51BC-A8AB-551ED6D0CA26} did not register with DCOM within the required timeout.
 
Error: (06/04/2025 05:46:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4A8EC270-ECA5-51BC-A8AB-551ED6D0CA26} did not register with DCOM within the required timeout.
 
Error: (06/04/2025 05:44:34 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74
 
Error: (06/04/2025 04:24:16 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} did not register with DCOM within the required timeout.
 
Error: (06/04/2025 12:54:10 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74
 
Error: (06/04/2025 10:58:33 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.
 
Error: (06/04/2025 08:52:47 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74
 
Error: (06/03/2025 06:59:34 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2025-06-04 17:44:55
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.429.341.0, AS: 1.429.341.0, NIS: 1.429.341.0
Engine Version: AM: 1.1.25050.2, NIS: 1.1.25050.2
 
Date: 2025-06-04 13:13:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days
 
Date: 2025-06-04 12:54:32
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.429.341.0, AS: 1.429.341.0, NIS: 1.429.341.0
Engine Version: AM: 1.1.25050.2, NIS: 1.1.25050.2
 
Date: 2025-06-04 08:53:08
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.429.323.0, AS: 1.429.323.0, NIS: 1.429.323.0
Engine Version: AM: 1.1.25050.2, NIS: 1.1.25050.2
 
Date: 2025-06-03 09:21:14
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.429.297.0, AS: 1.429.297.0, NIS: 1.429.297.0
Engine Version: AM: 1.1.25050.2, NIS: 1.1.25050.2
Event[0]:
 
Date: 2025-04-24 16:10:36
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
Security intelligence Version: 1.427.423.0;1.427.423.0
Engine Version: 1.1.25030.1
 
CodeIntegrity:
===============
Date: 2025-03-26 08:27:06
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\igd10um64xe.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO F8CN59WW(V2.22) 06/14/2024
Motherboard: LENOVO LNVNB161216
Processor: 11th Gen Intel® Core™ i7-1165G7 @ 2.80GHz
Percentage of memory in use: 44%
Total physical RAM: 16167.3 MB
Available physical RAM: 8966.79 MB
Total Virtual: 18599.3 MB
Available Virtual: 11394.75 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:378.5 GB) (Model: NVMe SAMSUNG MZALQ512HALU-000L2) (Protected) NTFS
 
\\?\Volume{d7b7e4d4-0ce0-4798-9056-31a4d8207d11}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.38 GB) NTFS
\\?\Volume{3137f5f2-edef-40f3-b51c-acfebedcfb60}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: FE97C22C)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#22
DR M
Posted Today, 09:26 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,433 posts

Hi, xilogo.
 
Although you said that you added the file in the Defender's exclusions, I see that it has been detected at June 4th. Can you please confirm this for me? 
 
Also, I see that Defender had experienced an error while trying to get the last updates. 
 
Since you have this issue for a long time, I would recommend you go for an in-place upgrade, making sure that everything is up to date, with no corruptions. 

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • On the License terms page, if you accept the license terms, select Accept.
  • Choose the ISO file option.
  • You may be prompted by User Account Control. If so, click on Yes.
  • Setup will check your PC and show a license agreement. Click on Accept in the license terms dialog.
  • On the Ready to install page, make sure Keep personal files and apps has been checked.

Let me know if the procedure ran smoothly.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

11 user(s) are reading this topic

0 members, 11 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP