Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    German authorities identify REvil and GangCrab ransomware bosses

Featured Deal: Protect up to 9 devices from ads and tracking for just $16 in this AdGuard deal

Latest Buyer's Guide:     Best VPNs in 2025

Generic User Avatar

Persistent malware issue - infected again after fresh OS reinstall

Started by faultychips_dw , Jul 15 2022 01:41 AM

  • Please log in to reply
5 replies to this topic

#1 faultychips_dw

faultychips_dw

  • Avatar image
  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:59 PM

Posted 15 July 2022 - 01:41 AM

Hi all, as the title says, Windows defender picked up on an infection on my machine a few days ago.

 

I performed a clean Windows install to try to ensure the infection was completely gone, however the Malware appears to have reappeared again so I am a bit unsure of what to do next.

 

FRST logs copied below. Please help me!


BC AdBot (Login to Remove)

 

#2 faultychips_dw

faultychips_dw
  • Topic Starter

  • Avatar image
  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:59 PM

Posted 15 July 2022 - 01:43 AM

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2022
Ran by WPAdmin (administrator) (14-07-2022 23:33:46)
Running from C:\Users\JT\Desktop
Loaded Profiles: WPAdmin & JT
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxEMN.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_09babd21965eb7e7\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\dptf_helper.exe
(DriverStore\FileRepository\fn.inf_amd64_5d9fd62172264515\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FNFD1A~1.INF\driver\shtctky.exe
(DriverStore\FileRepository\fn.inf_amd64_5d9fd62172264515\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FNFD1A~1.INF\driver\tposd.exe
(DriverStore\FileRepository\lnvsst.inf_amd64_a005aa003d5323b8\SmartSense.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_a005aa003d5323b8\UserSSCtrl.exe
(EPDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDCtrl.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
(explorer.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_09babd21965eb7e7\DAX3API.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_f1edd2d8a33dfa01\FusionAPI.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_5fe2e31c542e0065\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9bec328ff2d1d2ad\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_0f43cda6a2474b5c\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_5d9fd62172264515\driver\tphkload.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_a005aa003d5323b8\SmartSense.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_161179dd07f1e3b9\LenovoVisionService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_364ae90e61eab6bb\SmartStandby.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\ibmpmsvc.exe
(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\LITSSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_291337223b900dd5\RtkAudUService64.exe <3>
(svchost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxextN.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => %LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKU\S-1-5-21-771562356-4238827189-2155146348-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-771562356-4238827189-2155146348-1001\...\Run: [MicrosoftEdgeAutoLaunch_C138F1519E6AB3F14D42A2C23D0201B8] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-07-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1943400 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\...\Run: [MicrosoftEdgeAutoLaunch_EC8CBCF2485BEE3CB21BA442EE9AB5C2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-07-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.114\Installer\chrmstp.exe [2022-07-14] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {072BCDC6-643B-4DE8-A7FB-A7A7A08D3645} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [128976 2022-05-17] (Lenovo -> Lenovo)
Task: {0A0E123D-E4A5-4FE7-9DBA-835EF8DC07C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0D9F4525-C19A-4D3A-A726-A6B88C01D7B4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {14D97F15-E919-4330-A8A0-844B7D148DB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {26414CE1-1E29-40DD-80B1-53D2E634AD4D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C4C149E-D968-4553-808A-0E4059262C4B} - System32\Tasks\GoogleUpdateTaskMachineCore{B78A31E2-AD2A-44CD-AE36-B4C603FD0256} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-14] (Google LLC -> Google LLC)
Task: {2F49115E-F063-430F-81B4-4E3FD1B882E1} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [67472 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {4AE68EB1-F45B-4E02-969D-17EBDC14DE0E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-771562356-4238827189-2155146348-1002 => C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {696BF2C0-41A3-4809-9C7B-753002E881B0} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_291337223b900dd5\RtkAudUService64.exe [1368680 2021-10-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7760096A-0C2B-43DF-9CC9-FC0DF84C9CF6} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-771562356-4238827189-2155146348-1001 => C:\Users\WPAdmin\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [88584 2022-05-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {844DFAE0-8CE5-4337-9552-DA0211405641} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {92722020-D9C3-46A0-AAC4-58BE1196BD22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C0948B78-45C4-443B-8119-20A6079EF7CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C79EB7F0-6664-4A5C-B247-3615BB0EFD8D} - System32\Tasks\GoogleUpdateTaskMachineUA{B5EAD510-AF27-4D95-8910-4B84BF54D1F0} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-14] (Google LLC -> Google LLC)
Task: {D4F89C63-4672-4385-88E7-6EA2FA3CB49C} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [64984 2022-05-17] (Lenovo -> )
Task: {DB57EC57-98E7-4477-B403-6E5CD342FEDA} - System32\Tasks\Lenovo\SmartStandby\Uninstall Monitor => C:\Windows\system32\SmartStandbyInst.exe [42472 2022-02-27] (Lenovo -> )
Task: {DE00E9E2-DEC8-4C31-8646-B997679452B7} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-771562356-4238827189-2155146348-1001 => C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {E4A15517-78FE-4BDB-B341-0BD74C623616} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2882408 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBCC082A-506D-493D-A753-D574449E28A9} - System32\Tasks\Lenovo\SmartStandby\Daily analysis => C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_364ae90e61eab6bb\AutonomicMgr.exe [77760 2022-02-27] (Lenovo -> )
Task: {F7130962-8ABB-402D-9365-9018461DCBA5} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\103.0.1264.62\Installer\setup.exe [3274144 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {FFD2CB36-76BE-4CD5-8F3E-11D6F8E95CA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6bf025e1-ec7e-41b8-92d3-2beb93777d8f}: [DhcpNameServer] 192.168.1.254
 
Edge: 
=======
Edge Profile: C:\Users\WPAdmin\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-14]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\WPAdmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofj/JTdodee [2022-07-14]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofj/JTdodee]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofj/JTdodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988384 2022-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_09babd21965eb7e7\DAX3API.exe [2298936 2021-10-29] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 DolbyFusionAPI; C:\Windows\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_f1edd2d8a33dfa01\FusionAPI.exe [795208 2021-11-01] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 EPDService; C:\Windows\System32\EPDService.exe [207976 2021-08-17] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\FileSyncHelper.exe [2233704 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_0f43cda6a2474b5c\\AS\\IAS\\IntelAudioService.exe [531008 2022-01-26] (Intel Corporation -> Intel)
R2 LenovoSmartStandby; C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_364ae90e61eab6bb\SmartStandby.exe [329664 2022-02-27] (Lenovo -> Lenovo)
R2 LenovoVisionService; C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_161179dd07f1e3b9\LenovoVisionService.exe [409896 2022-02-10] (Lenovo -> Lenovo)
S3 LenovoVisionSetupService; C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_161179dd07f1e3b9\LvfSetupService.exe [35112 2022-02-10] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\Windows\System32\LITSSvc.exe [1217488 2022-04-12] (Lenovo -> Lenovo.)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [906216 2022-03-27] (Lenovo -> Lenovo)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\OneDriveUpdaterService.exe [2602368 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SmartSense; C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_a005aa003d5323b8\SmartSense.exe [195560 2022-04-21] (Lenovo -> Lenovo)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_5d9fd62172264515\driver\TPHKLOAD.exe [487720 2021-12-02] (Lenovo -> Lenovo Group Limited)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)
S3 SSMonitorSvc; "C:\Windows\system32\SSMonitor.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 EPD; C:\Windows\System32\drivers\EPD.sys [156280 2021-08-17] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_2cc98897d8dddf62\IntcUSB.sys [882280 2022-01-26] (Intel Corporation -> Intel® Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2020-11-05] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
R3 MpKsl9dd31bc0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6556E37-96C7-4D3B-A3D9-B7E9F671F97D}\MpKslDrv.sys [141576 2022-07-14] (Microsoft Windows -> Microsoft Corporation)
R1 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38888 2022-03-27] (Lenovo -> Lenovo)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-07-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [452856 2022-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_c34c898c5c4d0406\WiManH\WiManH.sys [175688 2021-12-08] (Intel Corporation -> Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-07-14 23:20 - 2022-07-14 23:21 - 000022291 _____ C:\Users\JT\Desktop\Addition.txt
2022-07-14 23:19 - 2022-07-14 23:33 - 000020526 _____ C:\Users\JT\Desktop\FRST.txt
2022-07-14 23:14 - 2022-07-14 23:14 - 000000000 ____D C:\Windows\system32\appmgmt
2022-07-14 22:51 - 2022-07-14 23:33 - 000000000 ____D C:\FRST
2022-07-14 22:50 - 2022-07-14 22:50 - 002369536 _____ (Farbar) C:\Users\JT\Desktop\FRST64.exe
2022-07-14 22:39 - 2022-07-14 22:39 - 003265245 _____ C:\Users\JT\Downloads\Sysmon.zip
2022-07-14 22:31 - 2022-07-14 22:31 - 000000000 ____D C:\Users\JT\AppData\Roaming\Teams
2022-07-14 22:31 - 2022-07-14 22:31 - 000000000 ____D C:\Users\JT\AppData\Local\SquirrelTemp
2022-07-14 22:20 - 2022-07-14 22:20 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2022-07-14 22:19 - 2022-07-14 22:30 - 000326290 _____ C:\Windows\ntbtlog.txt
2022-07-14 19:19 - 2022-07-14 19:19 - 000003206 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-07-14 19:19 - 2022-07-14 19:19 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-14 19:19 - 2022-07-14 19:19 - 000000000 ___RD C:\Users\Default\OneDrive
2022-07-14 19:18 - 2022-07-14 19:19 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2022-07-14 19:18 - 2022-07-14 19:18 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-07-14 19:18 - 2022-07-14 19:18 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-07-14 19:17 - 2022-07-14 19:18 - 000000000 ____D C:\Program Files\Microsoft Office
2022-07-14 19:17 - 2022-07-14 19:17 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-07-14 19:08 - 2022-07-14 19:08 - 003226040 _____ (Lenovo ) C:\Users\JT\Downloads\LSBSetup (1).exe
2022-07-14 19:05 - 2022-07-14 19:05 - 003226040 _____ (Lenovo ) C:\Users\JT\Downloads\LSBSetup.exe
2022-07-14 19:05 - 2022-07-14 19:05 - 000000000 ____D C:\Users\WPAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2022-07-14 19:00 - 2022-07-14 19:00 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\PeerDistRepub
2022-07-14 18:50 - 2022-07-14 17:51 - 000000000 ____D C:\Windows\Panther
2022-07-14 18:48 - 2022-07-14 19:10 - 000000000 ____D C:\Users\JT\AppData\Local\Google
2022-07-14 18:48 - 2022-07-14 18:48 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-14 18:48 - 2022-07-14 18:48 - 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-14 18:48 - 2022-07-14 18:48 - 000000000 ____D C:\Program Files\Google
2022-07-14 18:47 - 2022-07-14 23:20 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-14 18:47 - 2022-07-14 18:47 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{B5EAD510-AF27-4D95-8910-4B84BF54D1F0}
2022-07-14 18:47 - 2022-07-14 18:47 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{B78A31E2-AD2A-44CD-AE36-B4C603FD0256}
2022-07-14 18:46 - 2022-07-14 18:46 - 001414600 _____ (Google LLC) C:\Users\JT\Downloads\ChromeSetup.exe
2022-07-14 18:40 - 2022-07-14 18:40 - 000000000 ____D C:\Users\JT\AppData\Local\OneDrive
2022-07-14 18:35 - 2022-07-14 18:35 - 000000000 ____D C:\Users\JT\AppData\Local\Comms
2022-07-14 18:32 - 2022-07-14 19:19 - 000000000 ___RD C:\Users\JT\OneDrive
2022-07-14 18:32 - 2022-07-14 19:10 - 000000000 ____D C:\Users\JT\AppData\Local\D3DSCache
2022-07-14 18:32 - 2022-07-14 18:47 - 000000000 ____D C:\Users\JT\AppData\Local\PlaceholderTileLogoFolder
2022-07-14 18:32 - 2022-07-14 18:32 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-771562356-4238827189-2155146348-1002
2022-07-14 18:30 - 2022-07-14 23:18 - 000000000 __SHD C:\Users\JT\IntelGraphicsProfiles
2022-07-14 18:30 - 2022-07-14 23:13 - 000000000 ____D C:\Users\JT\AppData\Local\Packages
2022-07-14 18:30 - 2022-07-14 18:36 - 000000000 ____D C:\Users\JT\AppData\Local\Publishers
2022-07-14 18:30 - 2022-07-14 18:32 - 000000000 ____D C:\Users\JT
2022-07-14 18:30 - 2022-07-14 18:30 - 000000020 ___SH C:\Users\JT\ntuser.ini
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ___RD C:\Users\JT\3D Ob/JTcts
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ____D C:\Users\JT\AppData\Roaming\Adobe
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ____D C:\Users\JT\AppData\LocalLow\Intel
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ____D C:\Users\/JT\AppData\Local\VirtualStore
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ____D C:\Users\/JT\AppData\Local\Lenovo
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ____D C:\Users\/JT\AppData\Local\ConnectedDevicesPlatform
2022-07-14 18:16 - 2022-07-14 23:17 - 000000485 _____ C:\Windows\system32\config\VSMHBK
2022-07-14 18:16 - 2022-07-14 23:09 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2022-07-14 18:11 - 2022-07-14 18:11 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\mbam
2022-07-14 18:11 - 2022-07-14 18:11 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\Comms
2022-07-14 18:09 - 2022-07-14 18:09 - 202117816 _____ (Malwarebytes) C:\Users\WPAdmin\Downloads\MBSetup-0076911.0076911-4.5.2.157.exe
2022-07-14 18:04 - 2022-07-14 18:04 - 000000000 ____D C:\Windows\SystemTemp
2022-07-14 18:02 - 2022-07-14 18:02 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 001328408 _____ C:\Windows\system32\FaceTrackerInternal.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 001321984 _____ C:\Windows\system32\FaceProcessor.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000693248 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000530944 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-07-14 18:02 - 2022-07-14 18:02 - 000503576 _____ C:\Windows\system32\FaceProcessorCore.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000479744 _____ C:\Windows\system32\AssignedAccessCsp.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000470528 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-07-14 18:02 - 2022-07-14 18:02 - 000270848 _____ C:\Windows\system32\EsclScan.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000232288 _____ C:\Windows\system32\containerdevicemanagement.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2022-07-14 18:02 - 2022-07-14 18:02 - 000188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000152064 _____ C:\Windows\system32\EsclProtocol.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000104448 _____ C:\Windows\system32\nettraceex.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-07-14 18:02 - 2022-07-14 18:02 - 000061952 _____ C:\Windows\system32\printticketvalidation.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2022-07-14 18:02 - 2022-07-14 18:02 - 000057344 _____ C:\Windows\system32\APMonUI.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000040960 _____ C:\Windows\system32\uwfservicingapi.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000024576 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000018944 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\chcp.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000011811 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-07-14 18:01 - 2022-07-14 18:01 - 000640512 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-07-14 18:01 - 2022-07-14 18:01 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocOb/JTcts.dll
2022-07-14 18:01 - 2022-07-14 18:01 - 000272896 _____ C:\Windows\system32\TpmTool.exe
2022-07-14 18:01 - 2022-07-14 18:01 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-07-14 17:59 - 2022-07-14 17:59 - 000000000 ___HD C:\$WinREAgent
2022-07-14 17:59 - 2022-07-14 17:59 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-14 17:59 - 2022-07-14 17:59 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-07-14 17:58 - 2022-07-14 17:59 - 000000000 ____D C:\Windows\Firmware
2022-07-14 17:58 - 2022-07-14 17:58 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-07-14 17:58 - 2022-07-14 17:58 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-07-14 17:57 - 2022-07-14 17:58 - 000000000 ____D C:\Windows\system32\MRT
2022-07-14 17:57 - 2022-07-14 17:58 - 000000000 ____D C:\ProgramData\Dolby
2022-07-14 17:57 - 2022-07-14 17:57 - 000003366 _____ C:\Windows\system32\Tasks\RtkAudUService64_BG
2022-07-14 17:56 - 2022-07-14 23:22 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2022-07-14 17:56 - 2022-07-14 19:19 - 000000000 ___RD C:\Users\WPAdmin\OneDrive
2022-07-14 17:56 - 2022-07-14 19:05 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2022-07-14 17:56 - 2022-07-14 18:12 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\PlaceholderTileLogoFolder
2022-07-14 17:56 - 2022-07-14 17:59 - 000000000 ____D C:\ProgramData\Lenovo
2022-07-14 17:56 - 2022-07-14 17:56 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-771562356-4238827189-2155146348-1001
2022-07-14 17:56 - 2022-07-14 17:56 - 000000000 ____D C:\Windows\SysWOW64\Lenovo
2022-07-14 17:56 - 2022-07-14 17:56 - 000000000 ____D C:\Windows\system32\Lenovo
2022-07-14 17:56 - 2022-07-14 17:56 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\Lenovo
2022-07-14 17:56 - 2022-07-14 17:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-07-14 17:56 - 2022-05-17 01:37 - 005492184 _____ (Lenovo Group Limited) C:\Windows\SysWOW64\PWMTR32V.dll
2022-07-14 17:56 - 2022-05-17 01:37 - 002352368 _____ (Lenovo Group Limited) C:\Windows\SysWOW64\EasyResume.exe
2022-07-14 17:56 - 2022-05-17 01:37 - 000173008 _____ (Lenovo) C:\Windows\SysWOW64\InstHelper.dll
2022-07-14 17:56 - 2022-05-17 01:37 - 000105424 _____ (Lenovo) C:\Windows\SysWOW64\EventLogger.dll
2022-07-14 17:56 - 2022-05-17 01:37 - 000064984 _____ () C:\Windows\SysWOW64\PowerMgrInst.exe
2022-07-14 17:56 - 2022-02-27 17:54 - 000042472 _____ () C:\Windows\system32\SmartStandbyInst.exe
2022-07-14 17:56 - 2022-02-27 17:44 - 000002877 _____ C:\Windows\system32\SmartStandbyEvent.man
2022-07-14 17:56 - 2021-10-07 01:09 - 006532664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2022-07-14 17:56 - 2021-10-07 00:57 - 049041902 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2022-07-14 17:56 - 2021-08-17 00:20 - 001290360 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\EPDCtrl.exe
2022-07-14 17:56 - 2021-08-17 00:20 - 000622200 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\EPDCmds.dll
2022-07-14 17:56 - 2021-08-17 00:20 - 000441984 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\ETDUn_inst.exe
2022-07-14 17:56 - 2021-08-17 00:20 - 000430728 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\LenovoAPI.dll
2022-07-14 17:56 - 2021-08-17 00:20 - 000207976 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\EPDService.exe
2022-07-14 17:56 - 2021-08-17 00:20 - 000032368 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\Drivers\ETDHSA.sys
2022-07-14 17:56 - 2021-08-17 00:19 - 000478840 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\EPDApix.dll
2022-07-14 17:56 - 2021-08-17 00:19 - 000156280 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\Drivers\EPD.sys
2022-07-14 17:56 - 2021-05-30 23:17 - 000001344 _____ C:\Windows\system32\Drivers\RTKAMPI1.Dat
2022-07-14 17:56 - 2021-05-30 23:17 - 000001344 _____ C:\Windows\system32\Drivers\RTKAMPI0.Dat
2022-07-14 17:56 - 2020-11-23 01:37 - 000034456 _____ C:\Windows\system32\Drivers\RTSPKPT1.dat
2022-07-14 17:56 - 2020-06-01 03:08 - 000034456 _____ C:\Windows\system32\Drivers\RTSPKPT0.DAT
2022-07-14 17:55 - 2022-07-14 18:30 - 000000000 __SHD C:\Users\WPAdmin\IntelGraphicsProfiles
2022-07-14 17:55 - 2022-07-14 18:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-14 17:55 - 2022-07-14 18:25 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\Packages
2022-07-14 17:55 - 2022-07-14 18:12 - 000000000 ____D C:\ProgramData\Packages
2022-07-14 17:55 - 2022-07-14 17:58 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\D3DSCache
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ___RD C:\Users\WPAdmin\3D Ob/JTcts
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Windows\SysWOW64\hpdmsg
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\Roaming\Adobe
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\LocalLow\Intel
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\VirtualStore
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\Publishers
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\ConnectedDevicesPlatform
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Program Files\Lenovo
2022-07-14 17:55 - 2022-05-16 04:52 - 017386984 _____ C:\Windows\system32\RsEyeContactCorrection_Assets.dll
2022-07-14 17:55 - 2022-05-16 04:52 - 015823352 _____ C:\Windows\system32\RsDMFT_Assets.dll
2022-07-14 17:55 - 2022-05-16 04:52 - 013406728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsDMFT64.dll
2022-07-14 17:54 - 2022-07-14 23:17 - 000000000 ____D C:\Intel
2022-07-14 17:54 - 2022-07-14 17:56 - 000000000 ____D C:\Users\WPAdmin
2022-07-14 17:54 - 2022-07-14 17:54 - 000000020 ___SH C:\Users\WPAdmin\ntuser.ini
2022-07-14 17:54 - 2022-07-14 17:54 - 000000000 ____D C:\Windows\system32\LenovoITS
2022-07-14 17:54 - 2022-07-14 17:54 - 000000000 ____D C:\Windows\system32\icmsg
2022-07-14 17:54 - 2022-07-14 17:54 - 000000000 ____D C:\ProgramData\Intel
2022-07-14 17:54 - 2022-04-15 00:35 - 000534544 _____ (Intel) C:\Windows\system32\libvpl.dll
2022-07-14 17:54 - 2022-04-15 00:35 - 000465240 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 027903832 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 001979456 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-07-14 17:54 - 2022-04-15 00:34 - 001979456 _____ C:\Windows\system32\vulkaninfo.exe
2022-07-14 17:54 - 2022-04-15 00:34 - 001536072 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-07-14 17:54 - 2022-04-15 00:34 - 001536072 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-07-14 17:54 - 2022-04-15 00:34 - 001441960 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 001441960 _____ C:\Windows\system32\vulkan-1.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 001155216 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 001155216 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000966456 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000725184 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000609096 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000477544 _____ C:\Windows\system32\ze_tracing_layer.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000468120 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000385384 _____ C:\Windows\system32\ze_loader.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000364000 _____ C:\Windows\SysWOW64\IntelControlLib32.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000151408 _____ C:\Windows\system32\ze_validation_layer.dll
2022-07-14 17:54 - 2022-04-15 00:33 - 020646760 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2022-07-14 17:54 - 2022-04-15 00:33 - 000509800 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-07-14 17:54 - 2022-04-15 00:33 - 000372560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-07-14 17:54 - 2022-04-15 00:31 - 000250720 _____ C:\Windows\system32\ControlLib.dll
2022-07-14 17:54 - 2022-04-15 00:31 - 000204368 _____ C:\Windows\SysWOW64\ControlLib32.dll
2022-07-14 17:54 - 2022-04-15 00:31 - 000204368 _____ C:\Windows\system32\ControlLib32.dll
2022-07-14 17:53 - 2022-07-14 17:53 - 000004784 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-07-14 17:52 - 2022-07-14 17:52 - 000000000 ____D C:\Windows\CSC
2022-07-14 17:51 - 2022-07-14 17:51 - 000000000 _SHDL C:\Documents and Settings
2022-07-14 17:50 - 2022-07-14 23:17 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-14 17:50 - 2022-07-14 23:17 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-07-14 17:50 - 2022-07-14 22:19 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-14 17:50 - 2022-07-14 22:18 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-07-14 17:50 - 2022-07-14 18:28 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-07-14 17:50 - 2022-07-14 17:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-14 17:50 - 2022-07-14 17:53 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-14 17:50 - 2022-07-14 17:52 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-14 17:50 - 2022-07-14 17:52 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-14 17:50 - 2022-07-14 17:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-07-14 17:50 - 2022-07-14 17:50 - 000000000 ____D C:\Windows\ServiceProfiles
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-07-14 23:22 - 2019-12-07 02:13 - 000000000 ____D C:\Windows\INF
2022-07-14 23:20 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-14 23:17 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ServiceState
2022-07-14 23:17 - 2019-12-07 02:03 - 000786432 _____ C:\Windows\system32\config\BBI
2022-07-14 23:14 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-14 23:14 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\AppReadiness
2022-07-14 22:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-07-14 19:18 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-07-14 18:50 - 2019-12-07 02:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2022-07-14 18:36 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-07-14 18:30 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-14 18:28 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-07-14 18:26 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SystemResources
2022-07-14 18:26 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\CbsTemp
2022-07-14 18:23 - 2019-12-07 02:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-07-14 18:14 - 2019-12-07 02:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-07-14 18:06 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-07-14 18:04 - 2019-12-07 02:54 - 000000000 ___SD C:\Windows\system32\AppV
2022-07-14 18:04 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\setup
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\oobe
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\lv-LV
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\lt-LT
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\Dism
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\appraiser
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ShellComponents
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\Provisioning
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\bcastdvr
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-07-14 18:04 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\servicing
2022-07-14 17:54 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2022-07-14 17:52 - 2019-12-07 02:51 - 000000000 ____D C:\Windows\system32\FxsTmp
2022-07-14 17:52 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\spool
2022-07-14 17:52 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-07-14 17:50 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2022-07-14 17:50 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\appcompat
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

#3 faultychips_dw

faultychips_dw
  • Topic Starter

  • Avatar image
  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:59 PM

Posted 15 July 2022 - 01:46 AM

Here is the addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2022
Ran by WPAdmin (14-07-2022 23:34:25)
Running from C:\Users\JT\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1826 (X64) (2022-07-15 00:51:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-771562356-4238827189-2155146348-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-771562356-4238827189-2155146348-503 - Limited - Disabled)
Guest (S-1-5-21-771562356-4238827189-2155146348-501 - Limited - Disabled)
JT (S-1-5-21-771562356-4238827189-2155146348-1002 - Limited - Enabled) => C:\Users\JT
WDAGUtilityAccount (S-1-5-21-771562356-4238827189-2155146348-504 - Limited - Disabled)
WPAdmin (S-1-5-21-771562356-4238827189-2155146348-1001 - Administrator - Enabled) => C:\Users\WPAdmin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.114 - Google LLC)
Lenovo Service Bridge (HKU\S-1-5-21-771562356-4238827189-2155146348-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.12 - Lenovo)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.15225.20288 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (HKLM\...\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (HKLM\...\{662A0088-6FCD-45DD-9EA7-68674058AED5}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20288 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation)
ELAN TrackPoint for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTrackPointforThinkpa_24.121.18.0_x64__stws0m115j6hg [2022-07-14] (ELAN Microelectronics Corporation)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-07-14] (INTEL CORP) [Startup Task]
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1001_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1002_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\JT\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1002_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\JT\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1002_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\JT\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1002_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\JT\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.030.0211.0002\amd64\FileSyncShell64.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-07-14 17:55 - 2022-07-14 17:55 - 042859520 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\IGCC.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-771562356-4238827189-2155146348-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-771562356-4238827189-2155146348-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AF5FBF44-9010-4A40-9630-B6F1E17A5E5F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{30D0CE34-B691-4555-B1EA-DC4F12176418}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4726E354-E4D2-417A-AB2C-365DBAC56909}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5316374-A207-40E1-99D4-84809E7C76DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59942ABE-85E8-4A59-9B6A-24A6E63D9281}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3BC50E9E-58FB-4A08-8256-DDC0225E9E3D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
14-07-2022 22:52:27 CleanBootWindows
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/14/2022 11:03:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (07/14/2022 11:03:32 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (07/14/2022 06:58:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.1741 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 3538
 
Start Time: 01d897eda3b5d1d0
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
 
Report Id: 35960d96-fdb3-4da4-b0f4-c17a874845bc
 
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1682_neutral__cw5n1h2txyewy
 
Faulting package-relative application ID: SecHealthUI
 
Hang type: Cross-process
 
Error: (07/14/2022 06:29:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (07/14/2022 06:29:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (07/14/2022 06:29:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (07/14/2022 06:29:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (07/14/2022 06:23:17 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
 
System errors:
=============
Error: (07/14/2022 11:18:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SmartSense Monitor Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/14/2022 11:18:01 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred. A record describing the condition is contained in the data section of this event.
 
Error: (07/14/2022 11:17:49 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 63221225506
 
Error: (07/14/2022 11:09:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SmartSense Monitor Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/14/2022 11:09:36 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 63221225506
 
Error: (07/14/2022 11:04:39 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred. A record describing the condition is contained in the data section of this event.
 
Error: (07/14/2022 11:04:30 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 63221225506
 
Error: (07/14/2022 11:03:14 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 63221225506
 
 
Windows Defender:
================
Date: 2022-07-14 23:16:03
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2022-07-14 22:46:51
Description: 
Controlled Folder Access blocked C:\Windows\SysWOW64\format.com from making changes to memory.
Detection time: 2022-07-15T05:46:51.882Z
Path: \Device\HarddiskVolume5
Process Name: C:\Windows\SysWOW64\format.com
Security intelligence Version: 1.371.184.0
Engine Version: 1.1.19400.3
Product Version: 4.18.2205.7
 
Date: 2022-07-14 18:29:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2022-07-14 22:19:23
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===============
Date: 2022-07-14 23:18:04
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9bec328ff2d1d2ad\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO N32ET76W (1.52 ) 04/08/2022
Motherboard: LENOVO 20XW003KUS
Processor: 11th Gen Intel® Core™ i7-1185G7 @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 16087.05 MB
Available physical RAM: 9964.95 MB
Total Virtual: 19031.05 MB
Available Virtual: 12680.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:476.33 GB) (Free:430.98 GB) (Model: SKHynix_HFS512GDE9X081N) NTFS
 
\\?\Volume{6da70661-ba1b-436b-871f-b01daaf4b931}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{a54d2fc3-eaeb-4ce0-a719-36254f2a8f99}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

Edited by faultychips_dw, 15 July 2022 - 01:27 PM.

#4 nasdaq

nasdaq

  • Avatar image
  • Malware Response Team
  • 48,329 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:59 PM

Posted 15 July 2022 - 08:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start
 
Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:
 
Comment: Items from the FRST.TXT log that will be removed from the Registry.
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => %LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
Task: {4AE68EB1-F45B-4E02-969D-17EBDC14DE0E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-771562356-4238827189-2155146348-1002 => C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {DE00E9E2-DEC8-4C31-8646-B997679452B7} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-771562356-4238827189-2155146348-1001 => C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
S3 SSMonitorSvc; "C:\Windows\system32\SSMonitor.exe" [X]
 
Comment: Items from the Addition.txt log that will be removed.
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1001_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\WPAdmin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1002_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 -> C:\Users\JT\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1002_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\JT\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1002_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\JT\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-771562356-4238827189-2155146348-1002_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\JT\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
 
Comment: To rebuild the performance counter library values.
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
 
Comment: Use Farbar routine to delete temp files
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
 
Comment: The system will restart.
Reboot:
 
End
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Clean the Windows Defender Quarantine folder.
 
Comment: Delete/Restore quarantined files.
 
How to: Delete quarantined files.
 
Follow the directives on the page to delete all the files in the quarantine folder.
 
Restart the computer when done.
<<<>>>
 
Please post the Fixlog.txt and let me know what problem persists.

#5 faultychips_dw

faultychips_dw
  • Topic Starter

  • Avatar image
  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:59 PM

Posted 15 July 2022 - 11:22 AM

Thanks so much. Was it a Malware issue or some type of system misconfiguration?


Edited by faultychips_dw, 15 July 2022 - 11:25 AM.

#6 faultychips_dw

faultychips_dw
  • Topic Starter

  • Avatar image
  • Members
  • 7 posts
  • OFFLINE
    •  
  • Local time:05:59 PM

Posted 15 July 2022 - 12:25 PM

Thanks very much for your help. I stupidly ran into an issue with the fixlist, trying to run FRST from a regular/nonadmin account. I am reposting the logs below now from the admin account.

 

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2022
Ran by WPAdmin (administrator) on DESKTOP (15-07-2022 10:07:51)
Running from C:\Users\WPAdmin\Desktop
Loaded Profiles: WPAdmin
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\WPAdmin\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\dptf_helper.exe
(DriverStore\FileRepository\fn.inf_amd64_5d9fd62172264515\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FNFD1A~1.INF\driver\shtctky.exe
(DriverStore\FileRepository\fn.inf_amd64_5d9fd62172264515\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FNFD1A~1.INF\driver\tposd.exe
(DriverStore\FileRepository\lnvsst.inf_amd64_a005aa003d5323b8\SmartSense.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_a005aa003d5323b8\UserSSCtrl.exe
(EPDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDCtrl.exe
(explorer.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_09babd21965eb7e7\DAX3API.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_f1edd2d8a33dfa01\FusionAPI.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_5fe2e31c542e0065\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9bec328ff2d1d2ad\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_0f43cda6a2474b5c\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_5d9fd62172264515\driver\tphkload.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_a005aa003d5323b8\SmartSense.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_11db9784053cba96\LenovoVisionService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_364ae90e61eab6bb\SmartStandby.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\ibmpmsvc.exe
(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\LITSSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_291337223b900dd5\RtkAudUService64.exe <3>
(svchost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxextN.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-771562356-4238827189-2155146348-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2367352 2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-771562356-4238827189-2155146348-1001\...\Run: [MicrosoftEdgeAutoLaunch_C138F1519E6AB3F14D42A2C23D0201B8] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-07-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [2367352 2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\...\Run: [MicrosoftEdgeAutoLaunch_EC8CBCF2485BEE3CB21BA442EE9AB5C2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-07-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.114\Installer\chrmstp.exe [2022-07-14] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {072BCDC6-643B-4DE8-A7FB-A7A7A08D3645} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [128976 2022-05-17] (Lenovo -> Lenovo)
Task: {0A0E123D-E4A5-4FE7-9DBA-835EF8DC07C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0D9F4525-C19A-4D3A-A726-A6B88C01D7B4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {14D97F15-E919-4330-A8A0-844B7D148DB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {26414CE1-1E29-40DD-80B1-53D2E634AD4D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {291C6062-826C-4818-959E-D1B752045935} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask_Once => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 2 /f /reg:32
Task: {2C4C149E-D968-4553-808A-0E4059262C4B} - System32\Tasks\GoogleUpdateTaskMachineCore{B78A31E2-AD2A-44CD-AE36-B4C603FD0256} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-14] (Google LLC -> Google LLC)
Task: {2F49115E-F063-430F-81B4-4E3FD1B882E1} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [67472 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F9C4A3A-9169-4497-BAC3-4DAB9ACA7CF0} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {4785124D-945A-48DE-A016-6F1458AD9328} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {649B2CF4-108F-4492-AECD-B795B0653E68} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {691B5126-2EFA-48C5-BAAA-258F170D4752} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\a37e8cd6-8319-45ec-ab85-1862fdfed3d1 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {696BF2C0-41A3-4809-9C7B-753002E881B0} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_291337223b900dd5\RtkAudUService64.exe [1368680 2021-10-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {6BB1530D-B8FF-4438-8026-441E0512CB24} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {71FDC6F3-D62E-4D7D-A2E9-2415B7AC8A8F} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {7760096A-0C2B-43DF-9CC9-FC0DF84C9CF6} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-771562356-4238827189-2155146348-1001 => C:\Users\WPAdmin\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [88584 2022-05-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {7D779CD5-2171-41F4-B735-6553B7337D19} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [147864 2022-05-12] (Lenovo -> Lenovo Group Ltd.)
Task: {844DFAE0-8CE5-4337-9552-DA0211405641} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {92722020-D9C3-46A0-AAC4-58BE1196BD22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9A471B1-5284-4B57-9982-DBB5302D603D} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {AB48F268-D1FC-42D0-9961-04A23CBD3DC9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5011fc5c-e34f-4868-b478-253ceff0ca85 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {B640AF32-4BA5-4C8F-A5B0-E27163699E5B} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {C0948B78-45C4-443B-8119-20A6079EF7CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C79EB7F0-6664-4A5C-B247-3615BB0EFD8D} - System32\Tasks\GoogleUpdateTaskMachineUA{B5EAD510-AF27-4D95-8910-4B84BF54D1F0} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-07-14] (Google LLC -> Google LLC)
Task: {D4F89C63-4672-4385-88E7-6EA2FA3CB49C} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [64984 2022-05-17] (Lenovo -> )
Task: {D64AA946-69E3-4A46-BBE7-E69C573FEC83} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {DB57EC57-98E7-4477-B403-6E5CD342FEDA} - System32\Tasks\Lenovo\SmartStandby\Uninstall Monitor => C:\Windows\system32\SmartStandbyInst.exe [42472 2022-02-27] (Lenovo -> )
Task: {EBCC082A-506D-493D-A753-D574449E28A9} - System32\Tasks\Lenovo\SmartStandby\Daily analysis => C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_364ae90e61eab6bb\AutonomicMgr.exe [77760 2022-02-27] (Lenovo -> )
Task: {EC946D9F-046D-4CB8-BD84-AAC9D31AA6BE} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3060072 2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {F12E4940-CA0F-43AF-8400-22A7DE7C41E6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\19f7d883-fa83-407a-90d4-35809d7f15db => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {F7130962-8ABB-402D-9365-9018461DCBA5} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\103.0.1264.62\Installer\setup.exe [3274144 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {FFD2CB36-76BE-4CD5-8F3E-11D6F8E95CA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6bf025e1-ec7e-41b8-92d3-2beb93777d8f}: [DhcpNameServer] 192.168.1.254
 
Edge: 
=======
Edge Profile: C:\Users\WPAdmin\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-15]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\WPAdmin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-07-14]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\WPAdmin\AppData\Local\Google\Chrome\User Data\Default [2022-07-15]
CHR Extension: (Google Docs Offline) - C:\Users\WPAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\WPAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\WPAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-15]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988384 2022-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_09babd21965eb7e7\DAX3API.exe [2298936 2021-10-29] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 DolbyFusionAPI; C:\Windows\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_f1edd2d8a33dfa01\FusionAPI.exe [795208 2021-11-01] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 EPDService; C:\Windows\System32\EPDService.exe [207976 2021-08-17] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\FileSyncHelper.exe [2448232 2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_0f43cda6a2474b5c\\AS\\IAS\\IntelAudioService.exe [531008 2022-01-26] (Intel Corporation -> Intel)
R2 LenovoSmartStandby; C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_364ae90e61eab6bb\SmartStandby.exe [329664 2022-02-27] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVisionService; C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_11db9784053cba96\LenovoVisionService.exe [631128 2022-05-11] (Lenovo -> Lenovo)
S3 LenovoVisionSetupService; C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_11db9784053cba96\LvfSetupService.exe [35672 2022-05-11] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\Windows\System32\LITSSvc.exe [1217488 2022-04-12] (Lenovo -> Lenovo.)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [906216 2022-03-27] (Lenovo -> Lenovo)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\OneDriveUpdaterService.exe [2836840 2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SmartSense; C:\Windows\System32\DriverStore\FileRepository\lnvsst.inf_amd64_a005aa003d5323b8\SmartSense.exe [195560 2022-04-21] (Lenovo -> Lenovo)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_5d9fd62172264515\driver\TPHKLOAD.exe [487720 2021-12-02] (Lenovo -> Lenovo Group Limited)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)
S3 SSMonitorSvc; "C:\Windows\system32\SSMonitor.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 EPD; C:\Windows\System32\drivers\EPD.sys [156280 2021-08-17] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_2cc98897d8dddf62\IntcUSB.sys [882280 2022-01-26] (Intel Corporation -> Intel® Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2020-11-05] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
R3 MpKsl381e41c5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C6B7D19E-76FC-4B4C-ACBC-B5CFBE3BF8A9}\MpKslDrv.sys [141576 2022-07-15] (Microsoft Windows -> Microsoft Corporation)
R1 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38888 2022-03-27] (Lenovo -> Lenovo)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-07-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [452856 2022-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-07-14] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_c34c898c5c4d0406\WiManH\WiManH.sys [175688 2021-12-08] (Intel Corporation -> Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-07-15 09:51 - 2022-07-15 10:08 - 000025162 _____ C:\Users\WPAdmin\Desktop\FRST.txt
2022-07-15 09:50 - 2022-07-15 09:50 - 002369536 _____ (Farbar) C:\Users\WPAdmin\Downloads\FRST64.exe
2022-07-15 09:50 - 2022-07-15 09:50 - 002369536 _____ (Farbar) C:\Users\WPAdmin\Desktop\FRST64.exe
2022-07-15 09:48 - 2022-07-15 09:48 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\Google
2022-07-15 09:45 - 2022-07-15 09:47 - 000000127 _____ C:\Users\JE\Desktop\New Text Document.txt
2022-07-15 09:40 - 2022-07-15 09:48 - 000007531 _____ C:\Users\JE\Desktop\Fixlog.txt
2022-07-15 00:30 - 2022-07-15 00:30 - 000000000 ___HD C:\OneDriveTemp
2022-07-15 00:00 - 2022-07-15 00:07 - 000000000 ____D C:\Windows\TempInst
2022-07-14 23:59 - 2022-07-15 00:06 - 000001194 _____ C:\Windows\storelibdebug.txt
2022-07-14 23:58 - 2022-07-14 23:58 - 000000768 _____ C:\Windows\system32\InstallUtil.InstallLog
2022-07-14 23:58 - 2022-07-14 23:58 - 000000000 ____D C:\Users\JE\AppData\Local\PeerDistRepub
2022-07-14 23:57 - 2022-07-14 23:57 - 000000000 ____D C:\Windows\Lenovo
2022-07-14 23:56 - 2022-07-14 23:56 - 000000000 ____D C:\Program Files (x86)\Lenovo
2022-07-14 23:56 - 2022-01-28 20:04 - 000109312 _____ (Lenovo Group Ltd.) C:\Windows\system32\ImController.CoInstaller.dll
2022-07-14 23:56 - 2022-01-28 20:04 - 000064256 _____ (Lenovo Group Ltd.) C:\Windows\system32\ImController.InfInstaller.exe
2022-07-14 23:14 - 2022-07-14 23:14 - 000000000 ____D C:\Windows\system32\appmgmt
2022-07-14 22:51 - 2022-07-15 10:07 - 000000000 ____D C:\FRST
2022-07-14 22:50 - 2022-07-14 22:50 - 002369536 _____ (Farbar) C:\Users\JE\Desktop\FRST64.exe
2022-07-14 22:39 - 2022-07-14 22:39 - 003265245 _____ C:\Users\JE\Downloads\Sysmon.zip
2022-07-14 22:31 - 2022-07-14 22:31 - 000000000 ____D C:\Users\JE\AppData\Roaming\Teams
2022-07-14 22:31 - 2022-07-14 22:31 - 000000000 ____D C:\Users\JE\AppData\Local\SquirrelTemp
2022-07-14 22:20 - 2022-07-14 22:20 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2022-07-14 22:19 - 2022-07-14 22:30 - 000326290 _____ C:\Windows\ntbtlog.txt
2022-07-14 19:19 - 2022-07-15 00:30 - 000003206 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-07-14 19:19 - 2022-07-15 00:30 - 000002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-14 19:19 - 2022-07-14 19:19 - 000000000 ___RD C:\Users\Default\OneDrive
2022-07-14 19:18 - 2022-07-15 00:35 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2022-07-14 19:18 - 2022-07-14 19:18 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000002393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-07-14 19:18 - 2022-07-14 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-07-14 19:18 - 2022-07-14 19:18 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-07-14 19:17 - 2022-07-14 19:18 - 000000000 ____D C:\Program Files\Microsoft Office
2022-07-14 19:17 - 2022-07-14 19:17 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-07-14 19:08 - 2022-07-14 19:08 - 003226040 _____ (Lenovo ) C:\Users\JE\Downloads\LSBSetup (1).exe
2022-07-14 19:05 - 2022-07-14 19:05 - 003226040 _____ (Lenovo ) C:\Users\JE\Downloads\LSBSetup.exe
2022-07-14 19:05 - 2022-07-14 19:05 - 000000000 ____D C:\Users\WPAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2022-07-14 19:00 - 2022-07-14 19:00 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\PeerDistRepub
2022-07-14 18:50 - 2022-07-14 17:51 - 000000000 ____D C:\Windows\Panther
2022-07-14 18:48 - 2022-07-14 19:10 - 000000000 ____D C:\Users\JE\AppData\Local\Google
2022-07-14 18:48 - 2022-07-14 18:48 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-14 18:48 - 2022-07-14 18:48 - 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-14 18:48 - 2022-07-14 18:48 - 000000000 ____D C:\Program Files\Google
2022-07-14 18:47 - 2022-07-15 09:52 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-14 18:47 - 2022-07-14 18:47 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{B5EAD510-AF27-4D95-8910-4B84BF54D1F0}
2022-07-14 18:47 - 2022-07-14 18:47 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{B78A31E2-AD2A-44CD-AE36-B4C603FD0256}
2022-07-14 18:46 - 2022-07-14 18:46 - 001414600 _____ (Google LLC) C:\Users\JE\Downloads\ChromeSetup.exe
2022-07-14 18:40 - 2022-07-14 18:40 - 000000000 ____D C:\Users\JE\AppData\Local\OneDrive
2022-07-14 18:35 - 2022-07-14 18:35 - 000000000 ____D C:\Users\JE\AppData\Local\Comms
2022-07-14 18:32 - 2022-07-15 00:30 - 000000000 ___RD C:\Users\JE\OneDrive
2022-07-14 18:32 - 2022-07-14 23:54 - 000000000 ____D C:\Users\JE\AppData\Local\PlaceholderTileLogoFolder
2022-07-14 18:32 - 2022-07-14 19:10 - 000000000 ____D C:\Users\JE\AppData\Local\D3DSCache
2022-07-14 18:30 - 2022-07-15 09:47 - 000000000 ____D C:\Users\JE\AppData\Local\ConnectedDevicesPlatform
2022-07-14 18:30 - 2022-07-15 09:41 - 000000000 __SHD C:\Users\JE\IntelGraphicsProfiles
2022-07-14 18:30 - 2022-07-14 23:58 - 000000000 ____D C:\Users\JE\AppData\Local\Lenovo
2022-07-14 18:30 - 2022-07-14 23:54 - 000000000 ____D C:\Users\JE\AppData\Local\Packages
2022-07-14 18:30 - 2022-07-14 18:36 - 000000000 ____D C:\Users\JE\AppData\Local\Publishers
2022-07-14 18:30 - 2022-07-14 18:32 - 000000000 ____D C:\Users\JE
2022-07-14 18:30 - 2022-07-14 18:30 - 000000020 ___SH C:\Users\JE\ntuser.ini
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ___RD C:\Users\JE\3D Objects
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ____D C:\Users\JE\AppData\Roaming\Adobe
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ____D C:\Users\JE\AppData\LocalLow\Intel
2022-07-14 18:30 - 2022-07-14 18:30 - 000000000 ____D C:\Users\JE\AppData\Local\VirtualStore
2022-07-14 18:16 - 2022-07-15 09:41 - 000000485 _____ C:\Windows\system32\config\VSMHBK
2022-07-14 18:16 - 2022-07-15 09:16 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2022-07-14 18:11 - 2022-07-14 18:11 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\mbam
2022-07-14 18:11 - 2022-07-14 18:11 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\Comms
2022-07-14 18:09 - 2022-07-14 18:09 - 202117816 _____ (Malwarebytes) C:\Users\WPAdmin\Downloads\MBSetup-0076911.0076911-4.5.2.157.exe
2022-07-14 18:04 - 2022-07-14 18:04 - 000000000 ____D C:\Windows\SystemTemp
2022-07-14 18:02 - 2022-07-14 18:02 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 001328408 _____ C:\Windows\system32\FaceTrackerInternal.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 001321984 _____ C:\Windows\system32\FaceProcessor.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000693248 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000530944 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-07-14 18:02 - 2022-07-14 18:02 - 000503576 _____ C:\Windows\system32\FaceProcessorCore.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000479744 _____ C:\Windows\system32\AssignedAccessCsp.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000470528 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-07-14 18:02 - 2022-07-14 18:02 - 000270848 _____ C:\Windows\system32\EsclScan.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000232288 _____ C:\Windows\system32\containerdevicemanagement.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2022-07-14 18:02 - 2022-07-14 18:02 - 000188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000152064 _____ C:\Windows\system32\EsclProtocol.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000104448 _____ C:\Windows\system32\nettraceex.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-07-14 18:02 - 2022-07-14 18:02 - 000061952 _____ C:\Windows\system32\printticketvalidation.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2022-07-14 18:02 - 2022-07-14 18:02 - 000057344 _____ C:\Windows\system32\APMonUI.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000040960 _____ C:\Windows\system32\uwfservicingapi.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000024576 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000018944 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-07-14 18:02 - 2022-07-14 18:02 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\chcp.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com
2022-07-14 18:02 - 2022-07-14 18:02 - 000011811 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-07-14 18:01 - 2022-07-14 18:01 - 000640512 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-07-14 18:01 - 2022-07-14 18:01 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-07-14 18:01 - 2022-07-14 18:01 - 000272896 _____ C:\Windows\system32\TpmTool.exe
2022-07-14 18:01 - 2022-07-14 18:01 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-07-14 17:59 - 2022-07-14 17:59 - 000000000 ___HD C:\$WinREAgent
2022-07-14 17:59 - 2022-07-14 17:59 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-14 17:59 - 2022-07-14 17:59 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-07-14 17:58 - 2022-07-15 00:00 - 000000000 ____D C:\Windows\Firmware
2022-07-14 17:58 - 2022-07-14 17:58 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-07-14 17:58 - 2022-07-14 17:58 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-07-14 17:57 - 2022-07-14 17:58 - 000000000 ____D C:\Windows\system32\MRT
2022-07-14 17:57 - 2022-07-14 17:58 - 000000000 ____D C:\ProgramData\Dolby
2022-07-14 17:57 - 2022-07-14 17:57 - 000003366 _____ C:\Windows\system32\Tasks\RtkAudUService64_BG
2022-07-14 17:56 - 2022-07-15 09:51 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\Lenovo
2022-07-14 17:56 - 2022-07-15 09:46 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2022-07-14 17:56 - 2022-07-15 00:00 - 000000000 ____D C:\ProgramData\Lenovo
2022-07-14 17:56 - 2022-07-14 23:58 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2022-07-14 17:56 - 2022-07-14 19:19 - 000000000 ___RD C:\Users\WPAdmin\OneDrive
2022-07-14 17:56 - 2022-07-14 18:12 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\PlaceholderTileLogoFolder
2022-07-14 17:56 - 2022-07-14 17:56 - 000000000 ____D C:\Windows\SysWOW64\Lenovo
2022-07-14 17:56 - 2022-07-14 17:56 - 000000000 ____D C:\Windows\system32\Lenovo
2022-07-14 17:56 - 2022-07-14 17:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-07-14 17:56 - 2022-05-17 01:37 - 005492184 _____ (Lenovo Group Limited) C:\Windows\SysWOW64\PWMTR32V.dll
2022-07-14 17:56 - 2022-05-17 01:37 - 002352368 _____ (Lenovo Group Limited) C:\Windows\SysWOW64\EasyResume.exe
2022-07-14 17:56 - 2022-05-17 01:37 - 000173008 _____ (Lenovo) C:\Windows\SysWOW64\InstHelper.dll
2022-07-14 17:56 - 2022-05-17 01:37 - 000105424 _____ (Lenovo) C:\Windows\SysWOW64\EventLogger.dll
2022-07-14 17:56 - 2022-05-17 01:37 - 000064984 _____ () C:\Windows\SysWOW64\PowerMgrInst.exe
2022-07-14 17:56 - 2022-02-27 17:54 - 000042472 _____ () C:\Windows\system32\SmartStandbyInst.exe
2022-07-14 17:56 - 2022-02-27 17:44 - 000002877 _____ C:\Windows\system32\SmartStandbyEvent.man
2022-07-14 17:56 - 2021-10-07 01:09 - 006532664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2022-07-14 17:56 - 2021-10-07 00:57 - 049041902 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2022-07-14 17:56 - 2021-08-17 00:20 - 001290360 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\EPDCtrl.exe
2022-07-14 17:56 - 2021-08-17 00:20 - 000622200 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\EPDCmds.dll
2022-07-14 17:56 - 2021-08-17 00:20 - 000441984 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\ETDUn_inst.exe
2022-07-14 17:56 - 2021-08-17 00:20 - 000430728 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\LenovoAPI.dll
2022-07-14 17:56 - 2021-08-17 00:20 - 000207976 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\EPDService.exe
2022-07-14 17:56 - 2021-08-17 00:20 - 000032368 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\Drivers\ETDHSA.sys
2022-07-14 17:56 - 2021-08-17 00:19 - 000478840 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\EPDApix.dll
2022-07-14 17:56 - 2021-08-17 00:19 - 000156280 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\Drivers\EPD.sys
2022-07-14 17:56 - 2021-05-30 23:17 - 000001344 _____ C:\Windows\system32\Drivers\RTKAMPI1.Dat
2022-07-14 17:56 - 2021-05-30 23:17 - 000001344 _____ C:\Windows\system32\Drivers\RTKAMPI0.Dat
2022-07-14 17:56 - 2020-11-23 01:37 - 000034456 _____ C:\Windows\system32\Drivers\RTSPKPT1.dat
2022-07-14 17:56 - 2020-06-01 03:08 - 000034456 _____ C:\Windows\system32\Drivers\RTSPKPT0.DAT
2022-07-14 17:55 - 2022-07-15 09:58 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\Packages
2022-07-14 17:55 - 2022-07-15 09:58 - 000000000 ____D C:\ProgramData\Packages
2022-07-14 17:55 - 2022-07-15 09:48 - 000000000 __SHD C:\Users\WPAdmin\IntelGraphicsProfiles
2022-07-14 17:55 - 2022-07-14 22:25 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\D3DSCache
2022-07-14 17:55 - 2022-07-14 18:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ___RD C:\Users\WPAdmin\3D Objects
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Windows\SysWOW64\hpdmsg
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\Roaming\Adobe
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\LocalLow\Intel
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\VirtualStore
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\Publishers
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Users\WPAdmin\AppData\Local\ConnectedDevicesPlatform
2022-07-14 17:55 - 2022-07-14 17:55 - 000000000 ____D C:\Program Files\Lenovo
2022-07-14 17:55 - 2022-05-16 04:52 - 017386984 _____ C:\Windows\system32\RsEyeContactCorrection_Assets.dll
2022-07-14 17:55 - 2022-05-16 04:52 - 015823352 _____ C:\Windows\system32\RsDMFT_Assets.dll
2022-07-14 17:55 - 2022-05-16 04:52 - 013406728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsDMFT64.dll
2022-07-14 17:54 - 2022-07-15 09:41 - 000000000 ____D C:\Intel
2022-07-14 17:54 - 2022-07-14 17:56 - 000000000 ____D C:\Users\WPAdmin
2022-07-14 17:54 - 2022-07-14 17:54 - 000000020 ___SH C:\Users\WPAdmin\ntuser.ini
2022-07-14 17:54 - 2022-07-14 17:54 - 000000000 ____D C:\Windows\system32\LenovoITS
2022-07-14 17:54 - 2022-07-14 17:54 - 000000000 ____D C:\Windows\system32\icmsg
2022-07-14 17:54 - 2022-07-14 17:54 - 000000000 ____D C:\ProgramData\Intel
2022-07-14 17:54 - 2022-04-15 00:35 - 000534544 _____ (Intel) C:\Windows\system32\libvpl.dll
2022-07-14 17:54 - 2022-04-15 00:35 - 000465240 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 027903832 _____ (Intel Corporation) C:\Windows\system32\mfxplugin64_hw.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 001979456 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-07-14 17:54 - 2022-04-15 00:34 - 001979456 _____ C:\Windows\system32\vulkaninfo.exe
2022-07-14 17:54 - 2022-04-15 00:34 - 001536072 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-07-14 17:54 - 2022-04-15 00:34 - 001536072 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2022-07-14 17:54 - 2022-04-15 00:34 - 001441960 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 001441960 _____ C:\Windows\system32\vulkan-1.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 001155216 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 001155216 _____ C:\Windows\SysWOW64\vulkan-1.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000966456 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000725184 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000609096 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000477544 _____ C:\Windows\system32\ze_tracing_layer.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000468120 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000385384 _____ C:\Windows\system32\ze_loader.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000364000 _____ C:\Windows\SysWOW64\IntelControlLib32.dll
2022-07-14 17:54 - 2022-04-15 00:34 - 000151408 _____ C:\Windows\system32\ze_validation_layer.dll
2022-07-14 17:54 - 2022-04-15 00:33 - 020646760 _____ (Intel Corporation) C:\Windows\SysWOW64\mfxplugin32_hw.dll
2022-07-14 17:54 - 2022-04-15 00:33 - 000509800 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2022-07-14 17:54 - 2022-04-15 00:33 - 000372560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2022-07-14 17:54 - 2022-04-15 00:31 - 000250720 _____ C:\Windows\system32\ControlLib.dll
2022-07-14 17:54 - 2022-04-15 00:31 - 000204368 _____ C:\Windows\SysWOW64\ControlLib32.dll
2022-07-14 17:54 - 2022-04-15 00:31 - 000204368 _____ C:\Windows\system32\ControlLib32.dll
2022-07-14 17:53 - 2022-07-14 17:53 - 000004784 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask
2022-07-14 17:52 - 2022-07-14 17:52 - 000000000 ____D C:\Windows\CSC
2022-07-14 17:51 - 2022-07-14 17:51 - 000000000 _SHDL C:\Documents and Settings
2022-07-14 17:50 - 2022-07-15 09:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-14 17:50 - 2022-07-15 09:41 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-07-14 17:50 - 2022-07-15 08:39 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-14 17:50 - 2022-07-15 08:39 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-14 17:50 - 2022-07-15 08:39 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-07-14 17:50 - 2022-07-14 22:19 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-14 17:50 - 2022-07-14 18:28 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-07-14 17:50 - 2022-07-14 17:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-14 17:50 - 2022-07-14 17:53 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-14 17:50 - 2022-07-14 17:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-07-14 17:50 - 2022-07-14 17:50 - 000000000 ____D C:\Windows\ServiceProfiles
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-07-15 09:58 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-15 09:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\AppReadiness
2022-07-15 09:53 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-15 09:46 - 2019-12-07 02:13 - 000000000 ____D C:\Windows\INF
2022-07-15 09:41 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ServiceState
2022-07-15 09:41 - 2019-12-07 02:03 - 000786432 _____ C:\Windows\system32\config\BBI
2022-07-14 22:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-07-14 19:18 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-07-14 18:50 - 2019-12-07 02:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2022-07-14 18:36 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-07-14 18:30 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-14 18:28 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-07-14 18:26 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SystemResources
2022-07-14 18:26 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\CbsTemp
2022-07-14 18:23 - 2019-12-07 02:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-07-14 18:14 - 2019-12-07 02:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-07-14 18:06 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-07-14 18:04 - 2019-12-07 02:54 - 000000000 ___SD C:\Windows\system32\AppV
2022-07-14 18:04 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\setup
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\oobe
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\lv-LV
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\lt-LT
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\Dism
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\appraiser
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ShellComponents
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\Provisioning
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\bcastdvr
2022-07-14 18:04 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-07-14 18:04 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\servicing
2022-07-14 17:54 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2022-07-14 17:52 - 2019-12-07 02:51 - 000000000 ____D C:\Windows\system32\FxsTmp
2022-07-14 17:52 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\spool
2022-07-14 17:52 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-07-14 17:50 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2022-07-14 17:50 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\appcompat
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

Here is the Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2022
Ran by WPAdmin (15-07-2022 10:08:30)
Running from C:\Users\WPAdmin\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1826 (X64) (2022-07-15 00:51:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-771562356-4238827189-2155146348-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-771562356-4238827189-2155146348-503 - Limited - Disabled)
Guest (S-1-5-21-771562356-4238827189-2155146348-501 - Limited - Disabled)
JE (S-1-5-21-771562356-4238827189-2155146348-1002 - Limited - Enabled) => C:\Users\JE
WDAGUtilityAccount (S-1-5-21-771562356-4238827189-2155146348-504 - Limited - Disabled)
WPAdmin (S-1-5-21-771562356-4238827189-2155146348-1001 - Administrator - Enabled) => C:\Users\WPAdmin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.114 - Google LLC)
Lenovo Service Bridge (HKU\S-1-5-21-771562356-4238827189-2155146348-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.14.0 - Lenovo Group Ltd.)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.15225.20288 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.30.30704 (HKLM\...\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.30.30704 (HKLM\...\{662A0088-6FCD-45DD-9EA7-68674058AED5}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20288 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
ELAN TrackPoint for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTrackPointforThinkpa_24.121.18.0_x64__stws0m115j6hg [2022-07-14] (ELAN Microelectronics Corporation)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-07-14] (INTEL CORP) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\21.220.1024.0005\amd64\FileSyncShell64.dll [2022-07-15] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-07-14 17:55 - 2022-07-14 17:55 - 042859520 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\IGCC.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-14] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-771562356-4238827189-2155146348-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 1) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-771562356-4238827189-2155146348-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-771562356-4238827189-2155146348-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AF5FBF44-9010-4A40-9630-B6F1E17A5E5F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{30D0CE34-B691-4555-B1EA-DC4F12176418}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4726E354-E4D2-417A-AB2C-365DBAC56909}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5316374-A207-40E1-99D4-84809E7C76DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59942ABE-85E8-4A59-9B6A-24A6E63D9281}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3BC50E9E-58FB-4A08-8256-DDC0225E9E3D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
14-07-2022 22:52:27 CleanBootWindows
15-07-2022 09:04:25 Restore Point Created by FRST
15-07-2022 09:40:52 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/15/2022 09:40:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service SmartSense Monitor Service since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (07/15/2022 09:40:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6af2c546-52a4-4f19-b3f1-dbc2b269768b}
 
Error: (07/15/2022 09:04:33 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (07/15/2022 09:04:33 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Error: (07/15/2022 09:04:25 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9ee36ac8-2764-4b3d-bb14-be58596d5fcc}
 
Error: (07/15/2022 12:35:22 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (07/15/2022 12:35:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (07/15/2022 12:35:22 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
 
System errors:
=============
Error: (07/15/2022 09:57:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJBMP-MICROSOFT.WINDOWSSTORE.
 
Error: (07/15/2022 09:55:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJBMP-MICROSOFT.WINDOWSSTORE.
 
Error: (07/15/2022 09:41:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SmartSense Monitor Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/15/2022 09:41:35 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred. A record describing the condition is contained in the data section of this event.
 
Error: (07/15/2022 09:41:25 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 124) (User: NT AUTHORITY)
Description: 63221225506
 
Error: (07/15/2022 09:41:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\IntelIHVRouter08.dll
 
Error: (07/15/2022 09:41:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\IntelIHVRouter08.dll
 
Error: (07/15/2022 09:41:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\IntelIHVRouter08.dll
 
 
Windows Defender:
================
Date: 2022-07-15 09:45:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2022-07-15 00:07:05
Description: 
Controlled Folder Access blocked C:\ProgramData\Lenovo\Vantage\AddinData\LenovoSystemUpdateAddin\session\Repository\fwnva55\fwchksd.exe from making changes to memory.
Detection time: 2022-07-15T07:07:05.504Z
Path: \Device\Harddisk0\DR0
Process Name: C:\ProgramData\Lenovo\Vantage\AddinData\LenovoSystemUpdateAddin\session\Repository\fwnva55\fwchksd.exe
Security intelligence Version: 1.371.184.0
Engine Version: 1.1.19400.3
Product Version: 4.18.2205.7
 
Date: 2022-07-15 00:07:05
Description: 
Controlled Folder Access blocked C:\ProgramData\Lenovo\Vantage\AddinData\LenovoSystemUpdateAddin\session\Repository\fwnva55\fwchksd.exe from making changes to memory.
Detection time: 2022-07-15T07:07:05.504Z
Path: \Device\Harddisk0\DR0
Process Name: C:\ProgramData\Lenovo\Vantage\AddinData\LenovoSystemUpdateAddin\session\Repository\fwnva55\fwchksd.exe
Security intelligence Version: 1.371.184.0
Engine Version: 1.1.19400.3
Product Version: 4.18.2205.7
 
Date: 2022-07-14 23:59:54
Description: 
Controlled Folder Access blocked C:\ProgramData\Lenovo\Vantage\AddinData\LenovoSystemUpdateAddin\session\Repository\fwnva55\fwchksd.exe from making changes to memory.
Detection time: 2022-07-15T06:59:54.479Z
Path: \Device\Harddisk0\DR0
Process Name: C:\ProgramData\Lenovo\Vantage\AddinData\LenovoSystemUpdateAddin\session\Repository\fwnva55\fwchksd.exe
Security intelligence Version: 1.371.184.0
Engine Version: 1.1.19400.3
Product Version: 4.18.2205.7
 
Date: 2022-07-14 23:59:54
Description: 
Controlled Folder Access blocked C:\ProgramData\Lenovo\Vantage\AddinData\LenovoSystemUpdateAddin\session\Repository\fwnva55\fwchksd.exe from making changes to memory.
Detection time: 2022-07-15T06:59:54.479Z
Path: \Device\Harddisk0\DR0
Process Name: C:\ProgramData\Lenovo\Vantage\AddinData\LenovoSystemUpdateAddin\session\Repository\fwnva55\fwchksd.exe
Security intelligence Version: 1.371.184.0
Engine Version: 1.1.19400.3
Product Version: 4.18.2205.7
Event[0]:
 
Date: 2022-07-14 22:19:23
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===============
Date: 2022-07-15 09:41:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9bec328ff2d1d2ad\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO N32ET76W (1.52 ) 04/08/2022
Motherboard: LENOVO 20XW003KUS
Processor: 11th Gen Intel® Core™ i7-1185G7 @ 3.00GHz
Percentage of memory in use: 48%
Total physical RAM: 16087.05 MB
Available physical RAM: 8336.88 MB
Total Virtual: 19031.05 MB
Available Virtual: 11190.02 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:476.33 GB) (Free:425.48 GB) (Model: SKHynix_HFS512GDE9X081N) NTFS
 
\\?\Volume{6da70661-ba1b-436b-871f-b01daaf4b931}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{a54d2fc3-eaeb-4ce0-a719-36254f2a8f99}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·