Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:PowerShell/Jupyiter!MTB detected by Windows Security

Started by xilogo1202 , Yesterday, 01:35 PM

  • Please log in to reply

#1
xilogo1202
Posted Yesterday, 01:35 PM

xilogo1202

    New Member

  • Member
  • Pip
  • 1 posts

Hello. Windows Security detects Trojan:PowerShell/Jupyiter!MTB every time the computer is turned on. I have followed the provided steps here to attempt to remove it with no success. I am hoping to get help removing this as well as any other viruses, spyware, or malware that may be on this computer. I currently use Windows Security and Malwarebytes to protect the machine. Should these continued to be used, replaced, or any other software used as well? Thanks!
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by admin (administrator) on LAPTOP-GE8FCSQN (LENOVO 20VE) (17-05-2024 13:13:00)
Running from C:\Users\Username\Desktop\FRST64.exe
Loaded Profiles: admin & Username
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4412 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxEMN.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAF04E~1.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyUtility.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <17>
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ElanIapService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_db7985d30b50e28f\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_46aa7595a4cd0ecb\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe <2>
(services.exe ->) (TBT_DCH_DRV_PROD -> ) C:\Windows\TbtP2pShortcutService.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe [1635688 2022-12-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [459904 2018-01-30] (CANON INC. -> CANON INC.)
HKLM\...\RunOnce: [!BCILauncher] => C:\Windows\Temp\MUBSTemp\BCILauncher.EXE [18464 2024-04-16] (Microsoft Corporation -> ) <==== ATTENTION
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\Run: [MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4081192 2024-05-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [47897984 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Uninstall 21.129.0627.0002\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.129.0627.0002\amd64" [0 2021-07-24] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Uninstall 21.129.0627.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.129.0627.0002" [0 2021-09-25] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoMeetingDaemon] => C:\Users\Username\AppData\Local\WebEx\WebexHost.exe [7272032 2024-04-01] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoSpark] => C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1476 2024-05-11] () [File not signed]
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\MountPoints2: {39e38df8-5750-11eb-835d-fcb3bc5f1a08} - "D:\LaunchU3.exe" -a
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [153088 2018-01-29] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1501696 2018-10-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.61\Installer\chrmstp.exe [2024-05-17] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {59DB40A8-D7EF-48F1-8560-0EB73F137260} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {A64851A1-2108-4FEE-91B7-08046252FF5F} - System32\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {81EAAF71-514B-4127-B19C-7780892B9FFF} - System32\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6B67EAF6-81DF-4C17-AC0A-00EF21C09734} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{0B10C9FC-2756-405C-920B-B3EA82C04DE4} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
Task: {1871758E-9C91-4D1E-B938-F05AA6ED1CF3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {E1B27C35-FA09-4A05-A9ED-BD0FF237CE96} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {345A3571-2FF4-4735-AE8F-8959B895B9E1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {C61E003D-EE86-4D1F-90AD-FD371C813657} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\08bd7337-26ea-427e-ade9-081b62e357e9 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {1427174C-6B14-4599-8A69-B0558AD8629C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0989d3ed-fc09-4def-888d-a286cd9a6388 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {F14EF311-DCF5-4287-949D-8594C1C65484} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1391f8ee-70f2-4311-8b53-435d4d036115 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {E5BD3151-4DDF-40FC-B3EE-7A60DF29A300} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1e795698-f56f-4abe-8064-a25c89a7b3a7 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {1E50B311-351C-4AFC-A1F3-777EEC58A91F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6c07b3b7-a0d1-4142-ae4b-1ad4895e4de6 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {CA9ABCB6-10F7-454B-B578-2105C243A8B2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {22B40815-EC47-4DE1-B850-05F5CCE397BA} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {4B8CDDDE-6C8C-4ADC-80C1-64B93AD60920} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {672A1595-FE99-4AFD-8FA6-448D06C0DC05} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {1ACAAF8C-13EF-40CE-B235-2D9B2C6117A8} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {FE84F80B-0E62-4460-B431-8CD2AB946645} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {B3EDEA26-CF6E-4F96-ABF5-466B4B7C8AD5} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {F0E4CC51-200B-40C4-9110-476B9EF7A8BE} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {27B14E72-A2B9-491C-B062-AB7D21D53221} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {11788514-56F9-4063-8DD5-6DB80F92D0AC} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {179FDF33-DA9B-4C0C-9CF2-6CD42CE0A465} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe  NotificationCenter (No File)
Task: {1E24CFE5-3301-493F-9393-D978249BED80} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {A170EF17-55BA-4EE5-B1AF-CFCBF0C49D47} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {77BC1A4F-0E56-4714-BA46-1C11CD942AC2} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {CC50FA1B-8DF6-4DC7-A735-E845C7D9E827} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {12ED7477-2B2D-4602-B9AB-80FAEBAF487E} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe  VantageTelemetryAddinTask (No File)
Task: {19DF18E5-B809-4426-B9EC-32556E8D842B} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\uninstall.exe [365024 2024-03-03] (Lenovo -> Lenovo)
Task: {3D4BB58A-2049-4494-BE11-0044B3E09952} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28436048 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3527CD96-E1AB-4170-81A3-7C60CF6EDEC8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28436048 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE1EDBEA-BD09-47A2-844A-2415A6F1B45F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {92C9E29E-E563-4C7B-8754-03466216E8E9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {664E20A6-3D9B-459A-9783-1D23521509EF} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168928 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5390020D-EAAD-4B2C-ADE1-59B933FE928E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3BA72883-3D09-4C6F-A6C9-CEACC2205984} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1EA084D9-1FC8-4402-9228-E02FC259B9B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BABCA08E-2D95-48A3-B83D-138C2601DD11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{45d5d7d4-26dd-4f05-b26c-4fccf75fe7ad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\4597C65627723702960586F6E656: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\E45445745414257303: [DhcpNameServer] 192.168.1.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-25]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2021-09-25]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-02]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-02]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-02]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-02]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-25]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-23]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-02]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248120 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe [2305576 2021-12-08] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ElanIapService; C:\Windows\System32\ElanIapService.exe [475088 2020-07-29] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [343936 2020-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S2 GoogleUpdaterInternalService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe [539816 2021-09-02] (Intel Corporation -> Intel)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe [168776 2024-04-01] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe [34168 2024-03-03] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1817944 2020-09-11] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-04-19] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [252264 2021-01-26] (TBT_DCH_DRV_PROD -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-12] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-12] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-12] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-12] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1421680 2020-09-23] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223184 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl2b77aba6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18E11F5D-AE9F-4694-BF1F-08D9560EEE19}\MpKslDrv.sys [271648 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21056 2024-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601496 2024-05-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-14] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-05-17 13:13 - 2024-05-17 13:13 - 000029479 _____ C:\Users\Username\Desktop\FRST.txt
2024-05-17 13:02 - 2024-05-17 13:13 - 000000000 ____D C:\FRST
2024-05-17 13:01 - 2024-05-17 13:01 - 002394112 _____ (Farbar) C:\Users\Username\Desktop\FRST64.exe
2024-05-17 12:14 - 2024-05-17 12:14 - 000000000 ___HD C:\$WinREAgent
2024-05-13 17:47 - 2024-05-13 17:47 - 017008467 _____ C:\Users\Username\Downloads\VIDEO-2024.mp4
2024-05-13 10:02 - 2024-05-13 10:02 - 004034063 _____ C:\Users\Username\Downloads\VID-WA000 (1).mp4
2024-05-13 09:29 - 2024-05-13 09:29 - 004034063 _____ C:\Users\Username\Downloads\VID-WA000.mp4
2024-05-11 16:04 - 2024-05-17 11:19 - 000000000 ____D C:\Users\Username\AppData\Local\CiscoSpark
2024-05-11 16:04 - 2024-05-11 16:05 - 000000000 ____D C:\Users\Username\AppData\Local\CiscoSparkLauncher
2024-05-11 09:58 - 2024-05-11 09:58 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex
2024-05-11 09:21 - 2024-05-11 09:21 - 000107654 _____ C:\Users\Username\Downloads\3591_BoardingPass (2).pdf
2024-05-11 09:21 - 2024-05-11 09:21 - 000107654 _____ C:\Users\Username\Downloads\3591_BoardingPass (1).pdf
2024-05-11 09:20 - 2024-05-11 09:20 - 000107654 _____ C:\Users\Username\Downloads\3591_BoardingPass.pdf
2024-05-09 17:11 - 2024-05-09 17:11 - 000614675 _____ C:\Users\Username\Downloads\Scope of Work ALE.pdf
2024-05-08 10:12 - 2024-05-08 10:12 - 001352186 _____ C:\Users\Username\Downloads\General_information.pdf
2024-05-08 10:11 - 2024-05-08 10:11 - 000179661 _____ C:\Users\Username\Downloads\354.pdf
2024-05-02 15:29 - 2024-05-02 15:29 - 001133713 _____ C:\Users\Username\Downloads\VIDEO-2020.mp4
2024-05-01 09:38 - 2024-05-01 09:38 - 000064336 _____ C:\Users\Username\Downloads\3591.pdf
2024-05-01 09:01 - 2024-05-01 09:01 - 004743667 _____ C:\Users\Username\Downloads\bRqQsv (1).mp4
2024-04-29 08:57 - 2024-04-29 08:57 - 002071283 _____ C:\Users\Username\Downloads\d59-c7ef-46.MP4
2024-04-26 11:43 - 2024-04-26 11:43 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-04-25 18:38 - 2024-04-25 18:38 - 000067420 _____ C:\Users\Username\Downloads\Surname.pdf
2024-04-25 08:12 - 2024-04-25 08:12 - 000179610 _____ C:\Users\Username\Downloads\35499.pdf
2024-04-22 10:34 - 2024-04-22 10:34 - 001819854 _____ C:\Users\Username\Downloads\London and Paris (1).pdf
2024-04-20 08:46 - 2024-04-20 08:46 - 005260625 _____ C:\Users\Username\Downloads\video (1).mp4
2024-04-20 08:21 - 2024-04-20 08:21 - 005260625 _____ C:\Users\Username\Downloads\video.mp4
2024-04-19 16:16 - 2024-04-19 16:16 - 001819854 _____ C:\Users\Username\Downloads\London and Paris.pdf
2024-04-17 11:32 - 2024-04-17 11:32 - 004743667 _____ C:\Users\Username\Downloads\aKEbRqQ_460sv.mp4
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-05-17 13:03 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-17 12:47 - 2023-05-12 10:22 - 000000000 ____D C:\Users\Username\AppData\Local\Malwarebytes
2024-05-17 12:44 - 2020-05-06 12:41 - 000795742 _____ C:\Windows\system32\PerfStringBackup.INI
2024-05-17 12:44 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
2024-05-17 12:33 - 2021-01-02 20:59 - 000000000 __SHD C:\Users\Username\IntelGraphicsProfiles
2024-05-17 12:33 - 2020-11-19 02:48 - 000000000 ___HD C:\Intel
2024-05-17 12:33 - 2020-05-06 12:33 - 000008192 ___SH C:\DumpStack.log.tmp
2024-05-17 12:33 - 2020-05-06 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-05-17 12:33 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ServiceState
2024-05-17 12:31 - 2019-12-07 03:03 - 001310720 _____ C:\Windows\system32\config\BBI
2024-05-17 12:30 - 2020-11-19 03:58 - 000000000 ____D C:\Windows\TempInst
2024-05-17 12:28 - 2021-12-31 17:16 - 000000000 ____D C:\Windows\SystemTemp
2024-05-17 12:28 - 2021-01-02 20:47 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-17 12:28 - 2021-01-02 20:47 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-05-17 12:27 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-17 12:27 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
2024-05-17 12:25 - 2020-05-06 12:33 - 000642272 _____ C:\Windows\system32\FNTCACHE.DAT
2024-05-17 12:24 - 2020-11-19 03:44 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2024-05-17 12:24 - 2020-11-19 03:44 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\UNP
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\F12
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\setup
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\oobe
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\migwiz
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\Dism
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellComponents
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
2024-05-17 12:24 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\servicing
2024-05-17 12:22 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-05-17 12:22 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
2024-05-17 12:20 - 2022-11-19 09:01 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-05-17 12:20 - 2022-10-12 09:48 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-05-17 12:20 - 2021-01-02 20:43 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-05-17 12:17 - 2020-05-06 12:36 - 003017216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-05-17 12:16 - 2021-01-04 21:50 - 000000000 ____D C:\Users\Username\AppData\Local\CrashDumps
2024-05-17 12:14 - 2021-01-02 20:14 - 000000000 ____D C:\Windows\system32\MRT
2024-05-17 12:11 - 2021-03-20 18:52 - 000000000 ____D C:\Users\Username\AppData\Local\D3DSCache
2024-05-17 12:05 - 2023-10-03 16:03 - 000000000 ____D C:\Program Files\RUXIM
2024-05-17 12:05 - 2021-01-02 20:14 - 196465576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-05-17 12:00 - 2021-03-24 10:54 - 000000000 ____D C:\Users\Username\AppData\Local\WebEx
2024-05-17 11:25 - 2021-01-02 20:08 - 000000000 ____D C:\ProgramData\Packages
2024-05-17 11:21 - 2023-01-16 21:52 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-05-17 11:21 - 2020-11-19 03:52 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-14 10:35 - 2021-12-13 09:45 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-240337477-2287995252-3564736294-1002
2024-05-14 10:35 - 2021-01-02 21:00 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-240337477-2287995252-3564736294-1002
2024-05-14 10:35 - 2021-01-02 20:59 - 000002387 _____ C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-14 07:33 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-05-13 17:47 - 2021-01-23 22:02 - 000000000 ____D C:\Users\Username\AppData\Roaming\vlc
2024-05-11 16:13 - 2021-01-25 11:05 - 000000000 ____D C:\Users\Username\Desktop\Financial statements
2024-05-11 10:51 - 2021-03-24 10:54 - 000000000 ____D C:\Users\Username\AppData\LocalLow\WebEx
2024-05-11 09:57 - 2021-03-24 10:55 - 000000000 ____D C:\Users\Username\AppData\Roaming\webex
2024-05-10 12:51 - 2020-11-19 03:52 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-08 08:50 - 2021-01-02 20:59 - 000000000 ____D C:\Users\Username\AppData\Local\Packages
2024-05-08 08:46 - 2020-11-19 03:51 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-08 08:46 - 2020-11-19 03:51 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-29 18:15 - 2021-01-02 20:59 - 000002359 _____ C:\Users\Username\Desktop\Microsoft Edge.lnk
2024-04-26 11:43 - 2023-08-22 08:09 - 000000000 ____D C:\Users\Username\AppData\Roaming\Zoom
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by admin (17-05-2024 13:13:55)
Running from C:\Users\Username\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4412 (X64) (2021-01-03 18:02:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
admin (S-1-5-21-240337477-2287995252-3564736294-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-240337477-2287995252-3564736294-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-240337477-2287995252-3564736294-503 - Limited - Disabled)
Guest (S-1-5-21-240337477-2287995252-3564736294-501 - Limited - Disabled)
Username (S-1-5-21-240337477-2287995252-3564736294-1002 - Limited - Enabled) => C:\Users\Username
WDAGUtilityAccount (S-1-5-21-240337477-2287995252-3564736294-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20759 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Canon MF741C/743C (HKLM\...\{BB46A4DC-43FD-4deb-8B8D-E0211A44D94B}) (Version: 6.4.0.3 - CANON INC.)
Cisco Webex Meetings (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ActiveTouchMeetingClient) (Version: 44.4.0 - Cisco Webex LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.61 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM\...\{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel® Corporation)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.0.75.0 - Lenovo Group Ltd.)
LibreOffice 7.3.6.2 (HKLM\...\{4281811C-7F43-4020-B5AB-7AA3CC82F95D}) (Version: 7.3.6.2 - The Document Foundation)
Malwarebytes version 4.6.13.324 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.13.324 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17531.20140 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.105 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\OneDriveSetup.exe) (Version: 24.081.0421.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Teams) (Version: 1.5.00.21463 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17531.20140 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Webex (HKLM\...\{B080C79D-B4E3-5424-8492-BEBBD67B1A92}) (Version: 43.10.0.28042 - Cisco Systems, Inc)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-11-21] (INTEL CORP) [Startup Task]
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2021-09-25] (Fortemedia)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Username\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Username\AppData\Local\GoToMeeting\19796\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Username\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-01-10 20:53 - 2018-01-29 21:28 - 000005120 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6_en-US.DLL
2021-01-10 20:52 - 2018-01-29 21:26 - 000153088 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-240337477-2287995252-3564736294-1002 -> DefaultScope {003DCA94-98F2-469B-A5BA-194AE1717515} URL = 
SearchScopes: HKU\S-1-5-21-240337477-2287995252-3564736294-1002 -> {003DCA94-98F2-469B-A5BA-194AE1717515} URL = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 03:14 - 2019-12-07 03:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\StartupFolder: => "a926b4964b745999a98b8120e2816.LNk"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoSpark"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{F66FE10C-0F79-4F40-97EA-A16178E767EA}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{8D2C76DD-8F61-4AD4-B645-4D737C01F19D}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C4DAB1EB-5674-49FE-A481-243FCD8F1CF1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA7664C3-0A61-4D99-9060-2A4EF09D3CFD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8DEB1EEE-D596-4CE1-B075-2813101D65CD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{56886F33-FDC6-46EE-A402-B633104E6F3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A01B37C-DDFD-47FA-8966-E70C4AC4DD0B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2010A0F0-D7B4-4EF9-B4E3-973FCE603AD4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E8F1BAF3-0322-4C9D-99C7-1210D0EABC85}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
06-05-2024 14:00:54 Scheduled Checkpoint
17-05-2024 11:19:57 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/17/2024 01:03:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.4355 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: ff0
 
Start Time: 01daa888fd2b9d2e
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
 
Report Id: a6030eae-ff0d-4e3a-8673-7ddf1ed24af7
 
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.4239_neutral__cw5n1h2txyewy
 
Faulting package-relative application ID: SecHealthUI
 
Hang type: Cross-process
 
Error: (05/17/2024 12:24:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (05/17/2024 12:24:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (05/17/2024 12:24:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (05/17/2024 12:16:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x0cb7f68b
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x32d8
Faulting application start time: 0x01daa87e624bbdd2
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: f3d875f7-406a-4cc2-a554-0cc76bdea5bb
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (05/12/2024 09:09:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x0cb7f68b
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0xb9c
Faulting application start time: 0x01daa4782d555ea7
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 0963195e-e771-464e-8334-869884182f32
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (05/11/2024 11:01:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x0cb7f68b
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x3700
Faulting application start time: 0x01daa3b59089af24
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 5ec15c6a-c46a-42c0-b4c4-276c11e1e12e
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (05/10/2024 12:51:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-GE8FCSQN)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.
 
 
System errors:
=============
Error: (05/17/2024 12:24:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (05/17/2024 12:24:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
 
Error: (05/17/2024 12:18:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9PLFNLNT3G5G-AppUp.IntelGraphicsExperience.
 
Error: (05/17/2024 12:03:27 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74
 
Error: (05/17/2024 11:19:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74
 
Error: (05/14/2024 10:52:48 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (05/14/2024 10:52:48 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
 
Error: (05/14/2024 07:32:29 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74
 
 
Windows Defender:
================
Date: 2024-05-17 13:03:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2024-05-17 12:21:06
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-05-17 11:19:52
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...33&enterprise=0
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.411.139.0, AS: 1.411.139.0, NIS: 1.411.139.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1
 
Date: 2024-05-14 07:32:54
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...33&enterprise=0
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.411.122.0, AS: 1.411.122.0, NIS: 1.411.122.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1
 
Date: 2024-05-13 16:45:47
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...33&enterprise=0
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.411.122.0, AS: 1.411.122.0, NIS: 1.411.122.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1

CodeIntegrity:
===============
Date: 2024-05-17 12:56:20
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\igd10um64xe.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO F8CN58WW(V2.21) 03/28/2024
Motherboard: LENOVO LNVNB161216
Processor: 11th Gen Intel® Core™ i7-1165G7 @ 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 16167.3 MB
Available physical RAM: 8122.73 MB
Total Virtual: 18599.3 MB
Available Virtual: 10393 MB
 
==================== Drives ================================
 
Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:370.83 GB) (Model: NVMe SAMSUNG MZALQ512HALU-000L2) (Protected) NTFS
 
\\?\Volume{d7b7e4d4-0ce0-4798-9056-31a4d8207d11}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.39 GB) NTFS
\\?\Volume{3137f5f2-edef-40f3-b51c-acfebedcfb60}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: FE97C22C)
 
Partition: GPT.
 
==================== End of Addition.txt =======================


  • 0

Advertisements

#2
RKinner
Posted Today, 11:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,653 posts
  • MVP

Looks like it might be a false positive:

 

Copy this line:

 

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

 

Go to virustotal.com.  Click on Choose File.

 

Ctrl + v and the copied line should appear.  Hit Open.

 

If the file is not infected it will tell you:

No security vendors and no sandboxes flagged this file as malicious

 

To be sure I would run a free ESET scan.  (Takes a hour or more)

Go to

https://www.eset.com...online-scanner/

 

Click on One Time Scan that will cause it to download a file.  Go to your Downloads Folder and right click on the downloaded file (esetonlinescanner.exe).

Click on Computer Scan then Full Scan. Start Scan.

 

It will tell you if it finds anything.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

20 user(s) are reading this topic

0 members, 20 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP