Inactive Not sure what's going on here....

Status
Not open for further replies.
wshknwntlprtmn

wshknwntlprtmn

Posts: 12   +0
FRST.txt -
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-05-2023
Ran by BrokenSymmetry (administrator) on SPONTANEOUSLY-B (LENOVO 20HHCTO1WW) (03-05-2023 22:39:28)
Running from C:\Users\User\Desktop\FRST64.exe
Loaded Profiles: BrokenSymmetry & DefaultAppPool
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2913 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\lightway.exe
(C:\Program Files (x86)\Internet Download Manager\IDMan.exe ->) (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\nview\nviewMain64.exe ->) (Nvidia Corporation -> ) C:\Program Files\NVIDIA Corporation\nview\nviewMain.exe
(cmd.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.BrowserHelper.exe
(explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <34>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.212\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.212\GoogleCrashHandler64.exe
(Nvidia Corporation -> ) C:\Program Files\NVIDIA Corporation\nview\nviewMain64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_b117548b2e075ba1\aesm_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_6497919955c0c02c\NVWMI\nvWmi64.exe <2>
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) C:\Program Files\Sandboxie-Plus\SbieSvc.exe
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2203.1037.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> ) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4779.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d4faa0a55b66ffd8\igfxext.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(svchost.exe ->) (Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DisplayLinkTrayApp] => C:\Program Files\DisplayLink Core Software\DisplayLinkTrayApp.exe [6345760 2022-06-18] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [119344 2020-09-13] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2492128 2022-08-12] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [381288 2023-03-31] (EXPRSVPN LLC -> ExpressVPN)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4139984 2023-04-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\Run: [ExpressVPN] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [854888 2023-03-31] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\MountPoints2: {05b1a93e-6bf3-11ed-9df1-bca8a6e8b22c} - "D:\LG_PC_Programs.exe"
HKLM\...\Windows x64\Print Processors\Canon MG3100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAR.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3100 series: C:\Windows\system32\CNMLMAR.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\112.0.5615.139\Installer\chrmstp.exe [2023-05-03] (Google LLC -> Google LLC)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk [2023-04-10]
ShortcutTarget: RT-Updater.lnk -> C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC -> Ross-Tech, LLC)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00AFDE89-1FBE-4834-A733-E1CEC08D77DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {0F142924-15BC-4C99-9C3C-164BF68D496C} - System32\Tasks\GoogleUpdateTaskMachineUA{831BAD65-8153-4EC8-A613-93ABFD68214D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-07] (Google LLC -> Google LLC)
Task: {3122D734-C5B9-4080-B21E-AF987B10464D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [227888 ] (Key for TBT Legacy Driver -> Intel Corporation)
Task: {3D652CD0-ED6B-4E21-A9AB-5C742C29099E} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-545925200-1295083642-4138522499-1003 => C:\Users\User\AppData\Local\MEGAsync\MEGAupdater.exe [2531504 2023-03-16] (Mega Limited -> )
Task: {40B16AFB-BBDE-4078-9FC7-2052943EFBEA} - System32\Tasks\GoogleUpdateTaskMachineCore{40FA2655-941C-40AB-8E5F-9481688B66B8} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-07] (Google LLC -> Google LLC)
Task: {4829B78C-BE45-4FE0-9EB6-CDD26D3138EC} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618912 2022-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {59E14535-0603-449C-8205-A85AE80FCFB9} - System32\Tasks\Intel\Intel® Management and Security Status => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [235208 2022-01-27] (Intel Corporation -> Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
Task: {5A5A12F9-B3FF-4B5E-8F0C-1861BA32F33A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [227888 ] (Key for TBT Legacy Driver -> Intel Corporation)
Task: {5BD4762C-3206-4E63-A4BC-981E16397A24} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2311216 ] (Key for TBT Legacy Driver -> Intel Corporation)
Task: {783F2113-2CEE-4671-AA17-7045807A220B} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1555952 2022-07-27] (Nvidia Corporation -> )
Task: {7B845A0B-8023-4952-915E-23BE1FDB2085} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618912 2022-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {86E654EF-461A-4E72-9B04-27964889FF23} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [63936 2021-12-03] (Lenovo -> )
Task: {93712184-BCDC-460C-BA0B-D537EEE43D47} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [129016 2022-12-05] (Lenovo -> Lenovo)
Task: {F8A95C62-7987-4718-81D8-2CB052F0477E} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [227888 ] (Key for TBT Legacy Driver -> Intel Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{0370fcf8-d2d9-4163-972b-7cde2c28c406}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{12e265b3-5dac-45d1-a62b-fe4adefd0334}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{29a3868b-8f59-490e-99ac-bee24aa27497}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{3c0c1a0a-c7d7-4577-910c-022bfec01ad8}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{5105361f-36ba-48cd-b703-80273c7f5103}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{a0d2ce30-7a2c-45c2-b796-974f7116bea0}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{c80cf9d7-7ce6-4f02-8a3b-9da9ff0ab269}: [NameServer] 100.64.100.1
Tcpip\..\Interfaces\{d6b75696-debc-4733-9479-29a5559429ee}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{f362212d-0652-4d78-a367-b37ce89961bb}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{f362212d-0652-4d78-a367-b37ce89961bb}: [DhcpNameServer] 192.168.11.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-03]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-04-30]
Edge Extension: (IG Downloader) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cpgaheeihidjmolbakklolchdplenjai [2023-04-30]
Edge Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2023-04-30]
Edge Extension: (Dark Reader) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ifoakfbpdcdoeenechcleahebpibofpc [2023-04-30]
Edge Extension: (MEGA) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jemjknhgpjaacbghpdhgchbgccbpkkgf [2023-04-30]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-01]
Edge Extension: (IDM Integration Module) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2022-07-27]
Edge Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2023-04-30]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKU\S-1-5-21-545925200-1295083642-4138522499-1003\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2023-04-05]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
 
FireFox:
========
FF HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2022-07-27] [Legacy] [not signed]
FF HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-04-04] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2023-05-02]
CHR Notifications: Default -> hxxps://business.facebook.com; hxxps://www.facebook.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (MEGA) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2023-04-29]
CHR Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-04-27]
CHR Extension: (IG Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaheeihidjmolbakklolchdplenjai [2023-04-10]
CHR Extension: (Dark Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2023-04-10]
CHR Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2023-04-10]
CHR Extension: (Carbon Blackout) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ialnhggmaghopmhanfnjjneegopfpbdj [2023-03-28]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-04-13]
CHR Extension: (IDM Integration Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2023-01-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-27]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2023-04-22]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-05]
CHR HKU\S-1-5-21-545925200-1295083642-4138522499-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-05]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-04-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
S4 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2020-06-02] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ExpressVPN App Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe [437096 2023-03-31] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN System Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe [437096 2023-03-31] (EXPRSVPN LLC -> ExpressVPN)
R2 ExpressVPN VPN Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe [437096 2023-03-31] (EXPRSVPN LLC -> ExpressVPN)
S4 IBMPMSVC; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_02d728b29c6492d3\x64\ibmpmsvc.exe [850936 2022-11-24] (Lenovo -> Lenovo)
S4 Lenovo Instant On; C:\Windows\SysWOW64\EasyResume.exe [2351304 2021-12-03] (Lenovo -> Lenovo Group Limited)
S4 LPlatSvc; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_02d728b29c6492d3\x64\LPlatSvc.exe [906232 2022-11-24] (Lenovo -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9098608 2023-04-16] (Malwarebytes Inc. -> Malwarebytes)
S4 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [1229808 2020-08-30] (Novawave Inc. -> Novawave Inc.)
R2 NVWMI; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_6497919955c0c02c\NVWMI\nvWmi64.exe [4486640 2023-02-16] (Nvidia Corporation -> NVIDIA Corporation)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.0.5\ProtonVPNService.exe [472168 2023-04-19] (Proton Technologies AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.0.4\ProtonVPN.WireGuardService.exe [471656 2023-04-12] (Proton Technologies AG -> ProtonVPN)
S4 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (NETGEAR -> Realtek Semiconductor Corp.)
R2 SbieSvc; C:\Program Files\Sandboxie-Plus\SbieSvc.exe [371152 2023-02-05] (Tonalio GmbH -> Sandboxie-Plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [336256 2023-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 ss_conn_launcher_service; C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [182392 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S4 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_9c4c29de89199c58\driver\TPHKLOAD.exe [473760 2021-10-22] (Lenovo -> Lenovo Group Limited)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15228976 2020-09-13] (VMware, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe [3216064 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WifiAutoInstallSrv; C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe [141368 2021-02-08] (Realtek Semiconductor Corp. -> Realtek)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe [133544 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_6497919955c0c02c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_6497919955c0c02c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 A6100; C:\Windows\System32\drivers\A6100.sys [7957584 2022-11-24] (NETGEAR TAIWAN CO., LTD -> Realtek Semiconductor Corporation)
S3 AMTFLASH; C:\Windows\system32\drivers\AmtFlash.sys [74528 2011-09-07] (Amt-Cartech Ltd -> Amt Cartech Ltd)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AX88179A; C:\Windows\System32\DriverStore\FileRepository\netax88179x_178a_772d.inf_amd64_8e47992eb21ad4ef\ax88179x_178a_772d.sys [150368 2022-05-20] (WDKTestCert AndyChen,132652806163117881 -> ASIX Electronics Corp.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S2 DirectNT; C:\Windows\SysWow64\Drivers\DirectNT.sys [3424 1996-12-05] (c't) [File not signed]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 evcDrv; C:\Windows\system32\drivers\evcDrv.sys [307032 2016-08-16] (EVC electronic GmbH -> Jungo Connectivity)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys [46712 2023-03-31] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpntun; C:\Windows\System32\drivers\expressvpn-tun.sys [56552 2023-03-31] (Express VPN International Ltd. -> ExpressVPN)
S3 FTDIBUS; C:\Windows\SysWOW64\drivers\ftdibus.sys [47249 2006-05-18] (FTDI Ltd.) [File not signed]
S3 FTSER2K; C:\Windows\SysWOW64\drivers\ftser2k.sys [61067 2006-05-18] (FTDI Ltd.) [File not signed]
S2 HOSTNT; C:\Windows\SysWow64\Drivers\HOSTNT.sys [4032 2022-08-28] () [File not signed]
R3 IBMPMDRV; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_02d728b29c6492d3\x64\ibmpmdrv.sys [53240 2022-11-24] (Lenovo -> Lenovo)
R2 IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [171512 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-01-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198584 2023-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77736 2023-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2023-05-03] (Malwarebytes Inc. -> Malwarebytes)
R0 MsSecCore; C:\Windows\System32\drivers\msseccore.sys [26480 2023-03-21] (Microsoft Windows -> Microsoft Corporation)
S3 MsSecWfp; C:\Windows\System32\drivers\mssecwfp.sys [29568 2023-03-21] (Microsoft Windows -> Microsoft Corporation)
S3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriverWin10.sys [28216 2018-03-28] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 PMDRVS; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_02d728b29c6492d3\x64\pmdrvs.sys [38904 2022-11-24] (Lenovo -> Lenovo)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.0.5\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 rtwlanu6; C:\Windows\System32\drivers\rtwlanu6.sys [6408264 2021-12-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie-Plus\SbieDrv.sys [251912 2023-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43640 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [61496 2023-03-31] (ExprsVPN LLC -> The OpenVPN Project)
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project)
S3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [49024 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [68544 2020-09-13] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [105912 2020-08-10] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [54592 2020-08-11] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49616 2023-05-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [25704 2020-09-10] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [498944 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2023-04-22] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2022-07-27] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 ALSysIO; \??\C:\Users\User\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-05-03 22:39 - 2023-05-03 22:39 - 000028387 _____ C:\Users\User\Desktop\FRST.txt
2023-05-03 22:39 - 2023-05-03 22:39 - 000000000 ____D C:\FRST
2023-05-03 22:38 - 2023-05-03 22:38 - 002382848 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2023-05-03 22:03 - 2023-05-03 22:03 - 000181816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-05-02 22:31 - 2023-05-03 22:21 - 000000000 ____D C:\Users\User\Downloads\OLS47MhhNew
2023-05-02 22:30 - 2023-01-14 13:25 - 000025600 _____ () C:\Users\User\Downloads\OLSInstall.exe
2023-05-02 22:30 - 2023-01-14 11:50 - 064548391 _____ C:\Users\User\Downloads\WinOLS-Replace.zip
2023-05-02 22:30 - 2022-08-23 02:21 - 054906688 _____ (EVC electronic GmbH ) C:\Users\User\Downloads\WinOLS4.7.4 - Natiuve Installer.exe
2023-05-02 22:30 - 2011-08-18 05:59 - 000253440 _____ (Dino Chiesa) C:\Users\User\Downloads\Ionic.Zip.Reduced.dll
2023-05-02 22:29 - 2023-01-14 15:20 - 000000336 _____ C:\Users\User\Downloads\README.txt
2023-05-02 22:23 - 2023-05-02 22:43 - 000000000 ____D C:\Users\User\Downloads\win7 en-ru vmware clear
2023-05-02 22:22 - 2023-05-02 22:23 - 1916340553 _____ C:\Users\User\Downloads\win7 en-ru vmware clear.rar
2023-05-02 17:46 - 2023-05-02 17:52 - 117855859 _____ C:\Users\User\Downloads\OLS47MhhNew.rar
2023-04-30 13:58 - 2021-05-19 10:08 - 000000000 ____D C:\Users\User\Desktop\MPPS V21
2023-04-29 01:28 - 2023-04-29 01:32 - 000000000 ____D C:\Users\User\Downloads\ECUFix 5.7.1.0
2023-04-29 00:00 - 2023-04-29 00:00 - 000000000 ___HD C:\$WinREAgent
2023-04-27 00:51 - 2023-04-27 00:51 - 000045928 _____ C:\Users\User\Downloads\277398233_1426030504477965_5904743658825232624_n.jfif
2023-04-25 22:55 - 2023-04-25 22:55 - 000085504 _____ C:\Users\User\Downloads\VCDS List of Engine Measuring Blocks.xls
2023-04-25 16:59 - 2023-04-25 16:59 - 000140956 _____ C:\Users\User\Downloads\Submit Claim - Facebook User Privacy Settlement.pdf
2023-04-22 19:03 - 2023-04-22 19:06 - 000001411 _____ C:\Users\User\Desktop\Reboot to UEFI Settings.lnk
2023-04-22 16:31 - 2023-04-22 16:31 - 000007220 _____ C:\Users\User\Downloads\Add_Command_Prompt_Open_here_context_menu.reg
2023-04-20 00:42 - 2023-04-20 00:42 - 000157491 _____ C:\Users\User\Downloads\v1.6.zip
2023-04-19 12:40 - 2023-04-19 16:39 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2023-04-19 12:38 - 2023-04-22 21:57 - 000000981 _____ C:\Users\Public\Desktop\Proton VPN.lnk
2023-04-19 12:38 - 2023-04-22 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2023-04-19 12:38 - 2023-04-19 12:38 - 000000000 ____D C:\ProgramData\ProtonVPN
2023-04-19 12:38 - 2023-04-19 12:38 - 000000000 ____D C:\Program Files\Proton
2023-04-18 21:13 - 2023-04-18 21:13 - 000026671 _____ C:\Users\User\Downloads\Itemized_Report_2022.pdf
2023-04-16 19:28 - 2023-04-28 12:01 - 000003250 _____ C:\Users\User\Desktop\Rkill.txt
2023-04-16 05:53 - 2023-04-16 05:53 - 000000000 ____D C:\Windows\system32\%Report%
2023-04-16 04:43 - 2023-04-16 04:43 - 000000000 ____D C:\Users\Public\Documents\sun
2023-04-16 04:43 - 2023-04-16 04:43 - 000000000 ____D C:\ProgramData\Documents\sun
2023-04-16 04:40 - 2023-04-16 04:42 - 047818869 _____ C:\Users\User\Downloads\SysinternalsSuite.zip
2023-04-16 04:31 - 2023-04-16 04:33 - 037658618 _____ C:\Users\User\Downloads\nirsoft_package_enc_1.30.1.zip
2023-04-13 23:33 - 2023-04-13 23:33 - 001917553 _____ C:\Users\User\Downloads\passrecenc.zip
2023-04-13 22:20 - 2023-04-13 22:20 - 000000000 ____D C:\Users\User\AppData\Roaming\clip
2023-04-13 22:18 - 2023-04-16 06:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Init ML
2023-04-12 04:07 - 2023-04-12 04:07 - 000292512 _____ C:\Users\User\Downloads\extpassword.zip
2023-04-12 00:33 - 2023-04-30 14:12 - 000000000 ____D C:\Users\User\Desktop\Bins
2023-04-10 21:53 - 2023-04-27 19:57 - 001974677 _____ C:\Users\User\Downloads\Quasar.v1.4.1.zip
2023-04-10 17:02 - 2023-04-10 17:10 - 000000000 ____D C:\Users\User\AppData\Local\ExpressVPN
2023-04-10 17:02 - 2023-04-10 17:02 - 000002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
2023-04-10 17:02 - 2023-04-10 17:02 - 000002160 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2023-04-10 17:02 - 2023-04-10 17:02 - 000000000 ____D C:\ProgramData\ExpressVPN
2023-04-10 17:02 - 2023-04-10 17:02 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2023-04-10 17:01 - 2023-04-11 23:52 - 000000000 ____D C:\Program Files\dotnet
2023-04-10 07:53 - 2023-04-10 07:55 - 056661533 _____ C:\Users\User\Downloads\SNIPR_2.rar
2023-04-09 20:27 - 2023-04-10 17:05 - 000000000 ____D C:\Users\User\Documents\Kaspersky Password Manager
2023-04-09 17:15 - 2023-04-09 17:15 - 000000000 ____D C:\Users\User\AppData\Local\videodeluxe
2023-04-09 17:11 - 2023-04-09 17:11 - 000000000 ____D C:\Users\User\AppData\Local\Xara
2023-04-09 17:11 - 2023-04-09 17:11 - 000000000 ____D C:\Users\Public\Documents\MAGIX
2023-04-09 17:11 - 2023-04-09 17:11 - 000000000 ____D C:\ProgramData\Documents\MAGIX
2023-04-09 17:11 - 2023-04-09 17:11 - 000000000 ____D C:\Program Files\Common Files\MAGIX Shared
2023-04-09 00:56 - 2023-04-09 00:57 - 076688449 _____ C:\Users\User\Downloads\Xf1_0_3.rar
2023-04-08 16:23 - 2023-04-08 16:23 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5
2023-04-08 16:22 - 2023-04-08 16:23 - 000000000 ____D C:\Program Files\LibreOffice
2023-04-08 15:41 - 2023-04-13 17:16 - 000000000 ____D C:\Program Files (x86)\dotnet
2023-04-08 15:41 - 2023-04-08 15:41 - 000000000 ____D C:\Users\User\AppData\Local\Kaspersky Lab
2023-04-08 15:41 - 2023-04-08 15:41 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2023-04-08 15:33 - 2023-04-28 12:18 - 000000000 ____D C:\Program Files\Common Files\AV
2023-04-08 15:15 - 2023-04-16 07:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2023-04-03 23:41 - 2023-04-16 07:18 - 000000000 ____D C:\Users\DefaultAppPool
2023-04-03 23:41 - 2023-04-10 19:09 - 000000000 ___RD C:\Users\DefaultAppPool\OneDrive
2023-04-03 23:41 - 2023-04-03 23:41 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2023-04-03 23:41 - 2019-12-07 03:31 - 000000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows
2023-04-03 23:38 - 2023-04-03 23:38 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VCDSLoader
2023-04-03 23:26 - 2023-04-03 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS
2023-04-03 22:46 - 2023-04-03 22:46 - 000000000 ___RD C:\Sandbox
2023-04-03 22:44 - 2023-04-03 22:44 - 4138270720 _____ C:\Users\User\Downloads\WIN.7.SP1.Ultimate.Multilang.update.November.2020.iso
2023-04-03 22:39 - 2023-04-03 22:45 - 000001730 _____ C:\Windows\Sandboxie.ini
2023-04-03 22:38 - 2023-04-30 22:29 - 000000000 ____D C:\Users\User\AppData\Local\Sandboxie-Plus
2023-04-03 22:38 - 2023-04-03 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie-Plus
2023-04-03 22:38 - 2023-04-03 22:38 - 000000000 ____D C:\Program Files\Sandboxie-Plus
2023-04-03 20:59 - 2023-04-03 21:57 - 915578695 _____ C:\Users\User\Downloads\megahackpack.zip
2023-04-03 05:35 - 2021-01-21 04:05 - 000000000 ____D C:\Users\User\Downloads\VCDS
2023-04-03 00:51 - 2023-04-03 00:58 - 174608618 _____ C:\Users\User\Downloads\VCDS 20.4.0 20.4.1 20.4.2.rar
 
==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-05-03 22:39 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-05-03 22:17 - 2022-03-07 15:24 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-05-03 22:14 - 2022-03-07 15:24 - 000002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-05-03 22:12 - 2022-03-07 18:39 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-05-03 22:12 - 2022-03-07 18:38 - 000000000 ____D C:\Program Files (x86)\Google
2023-05-03 22:12 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
2023-05-03 22:10 - 2022-03-07 15:29 - 000882054 _____ C:\Windows\system32\PerfStringBackup.INI
2023-05-03 22:10 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
2023-05-03 22:05 - 2022-03-07 15:24 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-05-03 22:03 - 2022-06-25 19:30 - 000000516 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2023-05-03 22:03 - 2022-03-07 15:24 - 000008192 ___SH C:\DumpStack.log.tmp
2023-05-03 22:03 - 2022-03-07 15:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-05-03 22:03 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ServiceState
2023-05-03 06:18 - 2022-07-27 16:07 - 000000000 ____D C:\Users\User\AppData\Roaming\DMCache
2023-05-03 06:18 - 2019-12-07 03:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-05-02 23:19 - 2022-08-02 11:39 - 000000000 ____D C:\Users\User\AppData\Roaming\XnViewMP
2023-05-02 23:16 - 2022-07-31 03:18 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2023-05-02 22:43 - 2022-08-04 09:12 - 000000000 ____D C:\Users\User\AppData\Roaming\VMware
2023-05-02 22:43 - 2022-08-04 09:12 - 000000000 ____D C:\Users\User\AppData\Local\VMware
2023-05-02 19:27 - 2022-08-20 15:47 - 000000000 ____D C:\Users\User\Documents\Virtual Machines
2023-05-01 05:56 - 2022-07-26 19:57 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2023-04-30 20:35 - 2023-01-15 13:47 - 000000000 ___RD C:\Users\User\Desktop\random
2023-04-30 00:15 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-29 00:53 - 2022-03-07 15:24 - 000984312 _____ C:\Windows\system32\FNTCACHE.DAT
2023-04-29 00:52 - 2023-02-13 01:14 - 000000000 ____D C:\Program Files\Hyper-V
2023-04-29 00:52 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-04-29 00:52 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-04-29 00:52 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
2023-04-29 00:52 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\oobe
2023-04-29 00:52 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\inetsrv
2023-04-29 00:52 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-04-29 00:52 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
2023-04-29 00:07 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
2023-04-29 00:05 - 2022-03-07 15:27 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-04-28 13:10 - 2019-12-07 03:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-04-28 12:19 - 2019-12-07 03:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-04-28 10:13 - 2023-02-07 01:32 - 000000000 ____D C:\Users\User\Downloads\Video
2023-04-27 21:16 - 2023-02-12 11:52 - 000000000 ____D C:\Users\User\Desktop\WinOLS 4.7 100% Functional
2023-04-27 19:50 - 2023-01-17 03:46 - 3665668462 _____ C:\Users\User\Downloads\CHIP Tuning IMMOS damos 60000_autosoftos.com.rar
2023-04-27 19:34 - 2023-01-27 10:17 - 2312601957 _____ C:\Users\User\Downloads\AutoData 3.45 x86 x64 ENG[TechTools.NET].zip
2023-04-27 19:31 - 2023-01-12 05:09 - 2038193674 _____ C:\Users\User\Desktop\Ecu-software.rar
2023-04-27 15:28 - 2022-08-26 09:05 - 000000000 ____D C:\Windows\Microsoft Antimalware
2023-04-22 23:17 - 2022-08-02 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnViewMP
2023-04-22 23:17 - 2022-08-02 10:49 - 000000000 ____D C:\Program Files\XnViewMP
2023-04-22 19:35 - 2022-07-27 16:07 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2023-04-22 19:32 - 2023-02-04 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMW_KEY
2023-04-21 20:54 - 2022-03-07 18:38 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{831BAD65-8153-4EC8-A613-93ABFD68214D}
2023-04-21 20:54 - 2022-03-07 18:38 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{40FA2655-941C-40AB-8E5F-9481688B66B8}
2023-04-20 22:13 - 2022-03-07 19:00 - 000000000 ____D C:\ProgramData\Package Cache
2023-04-19 12:40 - 2022-03-08 20:24 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-04-19 12:38 - 2022-07-27 21:54 - 000000000 ____D C:\Users\User\AppData\Roaming\Proton Technologies AG
2023-04-19 12:38 - 2022-07-27 21:54 - 000000000 ____D C:\Users\User\AppData\Local\ProtonVPN
2023-04-19 12:38 - 2022-07-27 21:54 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2023-04-18 00:47 - 2022-08-12 21:12 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2023-04-17 22:17 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-04-17 22:08 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-04-16 21:02 - 2022-07-26 19:59 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2023-04-16 07:19 - 2023-02-06 04:56 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2023-04-16 07:08 - 2022-07-26 19:57 - 000000000 ____D C:\Users\User\AppData\Local\Lenovo
2023-04-14 00:44 - 2023-03-01 23:33 - 993063371 _____ C:\Users\User\Downloads\4.ECU Pinouts collection.rar
2023-04-13 22:18 - 2022-08-12 07:58 - 000000000 ____D C:\Users\User\AppData\Local\SquirrelTemp
2023-04-13 00:49 - 2022-08-01 00:26 - 000000000 ____D C:\Windows\Minidump
2023-04-12 22:08 - 2022-10-13 03:03 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-04-12 22:06 - 2022-03-07 20:46 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-04-12 00:37 - 2022-09-10 22:39 - 000000000 ____D C:\Users\User\Desktop\launch
2023-04-11 23:52 - 2022-03-07 18:53 - 000000000 ____D C:\Windows\system32\MRT
2023-04-11 23:49 - 2022-03-07 18:53 - 156112424 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-04-10 19:09 - 2022-07-26 19:57 - 000000000 __RDC C:\Users\User\OneDrive
2023-04-10 17:01 - 2022-10-19 22:00 - 000000000 ____D C:\Program Files (x86)\Notepad++
2023-04-10 17:01 - 2022-07-27 16:07 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2023-04-10 16:04 - 2022-08-03 20:28 - 000001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2023-04-10 12:29 - 2023-03-25 22:37 - 000000000 ____D C:\Users\User\Desktop\ME7_95040
2023-04-10 02:25 - 2022-07-27 16:07 - 000000000 ____D C:\Users\User\AppData\Roaming\IDM
2023-04-08 16:06 - 2022-08-03 20:28 - 000000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2023-04-06 22:32 - 2022-09-03 22:41 - 000002306 __RSH C:\ProgramData\ntuser.pol
2023-04-06 19:28 - 2022-09-15 21:12 - 000000000 ____D C:\Users\User\Documents\ME7X Dox
2023-04-06 19:02 - 2022-03-07 15:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-04-06 16:34 - 2023-03-02 23:55 - 000000000 ____D C:\Users\User\Desktop\Winhex.v15.4_
2023-04-06 15:46 - 2023-03-16 22:21 - 000000000 ____D C:\Users\User\AppData\Roaming\Amazon Cloud Drive
2023-04-05 07:40 - 2022-12-19 23:13 - 000000000 ____D C:\Windows\RTUWPSrvcMain
2023-04-04 12:22 - 2023-02-11 06:12 - 000003072 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateBrowserReplacementTask
2023-04-04 12:17 - 2022-03-07 15:24 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-04-04 12:17 - 2022-03-07 15:24 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-04-03 23:25 - 2022-09-05 15:14 - 000000000 ____D C:\Ross-Tech
2023-04-03 20:23 - 2023-02-07 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

==================== Files in the root of some directories ========

2022-12-24 10:59 - 2022-12-24 10:59 - 000004719 _____ () C:\Program Files\appl.log
2022-09-10 00:11 - 2022-09-10 00:11 - 001395272 _____ (Akeo Consulting) C:\Program Files\rufus-3.20.exe
2022-08-16 07:48 - 2022-11-24 06:27 - 000007646 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2023-04-13 22:26 - 2023-04-12 04:50 - 000087371 _____ () C:\Users\User\AppData\Local\Tempia0oThS78ahSUUpmrVUm_original.png
2022-12-25 01:23 - 2023-04-16 07:07 - 000018190 _____ () C:\Users\User\AppData\Local\Tuner.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Addition.txt -

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2023
Ran by BrokenSymmetry (03-05-2023 22:40:49)
Running from C:\Users\User\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2913 (X64) (2022-03-07 21:25:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-545925200-1295083642-4138522499-500 - Administrator - Disabled)
BrokenSymmetry (S-1-5-21-545925200-1295083642-4138522499-1003 - Administrator - Enabled) => C:\Users\User
DefaultAccount (S-1-5-21-545925200-1295083642-4138522499-503 - Limited - Disabled)
Guest (S-1-5-21-545925200-1295083642-4138522499-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-545925200-1295083642-4138522499-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky Total Security (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.001.20143 - Adobe)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0) (Version: 22.0.0.35 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Belarc Advisor 11.5a (HKLM-x32\...\Belarc Advisor) (Version: 11.5.1.0 - Belarc, Inc.)
CPUID CPU-Z 2.03 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.03 - CPUID, Inc.)
DisplayLink Graphics (HKLM\...\{32850E5F-1158-4CAC-BDA8-C7D7CF4D8EA6}) (Version: 10.2.7042.0 - DisplayLink Corp.)
Documentation Manager (HKLM\...\{669FA6D8-9A73-40F5-907C-9C8CCE1BB091}) (Version: 22.160.0.4 - Intel Corporation) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{FA0735B6-9E18-437A-A1CD-9152650FC52B}) (Version: 0.8.8.90 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{D0D32569-4680-490A-905C-5117CEAAB3EF}) (Version: 0.8.8.76 - Dolby Laboratories, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{6f1f5d02-1843-47ea-9bc9-1990f901486b}) (Version: 12.47.0.30 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B898BD784F}) (Version: 12.47.0.30 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 112.0.5615.139 - Google LLC)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel(R) Management Engine Components (HKLM\...\{1A9FE6B4-801A-4AF0-AEDB-EA49BD80C9F2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2205.15.0.2623 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B52CA235-45C5-46FE-A183-B7D2FD4966AA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{B7F27296-F1AE-46BB-8BD7-5E0EED0EA1AC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{9EB5F95A-335A-414D-BECE-BA2CE114A856}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{5f9b06c7-aa5d-482b-a7e6-5355a325f465}) (Version: 1.63.1155.2 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{af70f8b2-e114-485d-9f21-da50d8571c40}) (Version: 20.10.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4B9E32A4-D691-4D51-9683-D6954E5A4D51}) (Version: 20.10.0.1159 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{097f6fe6-d6f8-4204-b004-1e255f6cf68b}) (Version: 22.160.0.4 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.41.11 - Tonec Inc.)
JLab Work App (HKLM-x32\...\{33BEA4EC-3576-4D9E-B844-3DC0C666E08B}_is1) (Version: 1.11 - JLab)
LibreOffice 7.5.2.2 (HKLM\...\{B722792A-A194-4906-97A9-58CA688304E8}) (Version: 7.5.2.2 - The Document Foundation)
MAGIX Movie Studio Platinum (Design elements 1) (HKLM\...\{C89DB047-2B33-4D73-A662-805C16BE3A12}) (Version: 20.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Studio Platinum (Design elements 2) (HKLM\...\{CB6184E5-646F-4000-81AD-36F692A22219}) (Version: 19.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Studio Platinum (Fade effects) (HKLM\...\{5FB5DE9E-E986-4E8A-891E-8C814C5C09DB}) (Version: 19.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Studio Platinum (Menu templates) (HKLM\...\{1BD6E307-1F5F-4C7C-969C-2A0CA7AD84E9}) (Version: 19.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Studio Platinum (Migrate Content) (HKLM\...\{A0D08159-E17E-4002-8A91-4B29F0145CB8}) (Version: 22.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Studio Platinum (Movie templates 1) (HKLM\...\{275F4BB8-62DE-4E20-B72B-570C69521D95}) (Version: 19.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Studio Platinum (Movie templates 2) (HKLM\...\{18E6ED98-7D62-4C34-83BE-29363705CCEF}) (Version: 19.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Studio Platinum (Slideshow Maker styles) (HKLM\...\{915AA9BA-A0C5-4839-A650-0C93F9848CFE}) (Version: 19.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Studio Platinum (Soundtrack Maker styles) (HKLM\...\{68E428E0-51A5-409C-9B98-A0D51C7A33D5}) (Version: 19.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Movie Studio Platinum (Title effects) (HKLM\...\{E76EC20F-24D8-4017-B4EC-F32EEB0C9B19}) (Version: 19.0.0.0 - MAGIX Software GmbH) Hidden
Malwarebytes version 4.5.26.259 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.26.259 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Host - 6.0.16 (x64) (HKLM\...\{1D0AC7F1-2B34-44AF-91F6-88757D768DA7}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.16 (x86) (HKLM-x32\...\{5F37B629-52CB-480F-B71C-FD7F5E5AC674}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.16 (x64) (HKLM\...\{B8537ACA-B210-4DF5-B928-E41CEB76723D}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.16 (x86) (HKLM-x32\...\{D783E62B-5799-4D6C-8058-D9F1F16DDD37}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.16 (x64) (HKLM\...\{C71E93D2-B8B4-4858-B2A1-4C967DBC1C5F}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.16 (x86) (HKLM-x32\...\{D9C57643-68F6-4D39-8E6A-20107848904F}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.16 - Shared Framework (x64) (HKLM-x32\...\{ed4c6994-b659-4b75-a949-c8819e6c0aa9}) (Version: 6.0.16.23174 - Microsoft Corporation)
Microsoft ASP.NET Core 6.0.16 Shared Framework (x64) (HKLM\...\{0DF7C481-9E91-3118-B877-6EA9084358AD}) (Version: 6.0.16.23174 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.68 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{6ACED991-1E65-4D16-8F6A-1AA1A0B97596}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{7465FCB9-1918-4438-9337-47BAF1902684}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
 
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Debug Runtime - 14.29.30139 (HKLM\...\{A6BCA173-4218-4099-B36C-E12B3EE27B5D}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Debug Runtime - 14.29.30139 (HKLM-x32\...\{3521C75E-6E25-47A6-9831-17EE6AAF01E2}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.11.69.53063 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{F1CFD19B-3ED9-4ABC-8BCE-B08B63BA9E12}) (Version: 2.11.65.22356 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{07B8F241-1C3A-46D4-942F-01EA7E66CF68}) (Version: 2.11.65.22356 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.16 (x64) (HKLM\...\{805626FF-2BC9-4567-A71E-A76A470D000A}) (Version: 48.67.58484 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.16 (x64) (HKLM-x32\...\{8d173101-98c1-4e92-97c6-47c6840745a7}) (Version: 6.0.16.32327 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.16 (x86) (HKLM-x32\...\{8BA8D6A7-8281-40B9-B0FB-F2835CA89051}) (Version: 48.67.58484 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.16 (x86) (HKLM-x32\...\{e87d9247-916d-4f99-b417-022ca8af19e3}) (Version: 6.0.16.32327 - Microsoft Corporation)
MPPS (HKLM-x32\...\MPPS) (Version: 18.39 - Amt-Cartech Ltd)
NefMotoECUFlasher (HKLM-x32\...\{FC736BFA-B588-4D5A-A111-FDE0047777B7}) (Version: 1.9.4.3 - Nefmoto)
NETGEAR A6100 Genie (HKLM-x32\...\InstallShield_{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.36 - NETGEAR)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.5.2 - Notepad++ Team)
Novabench (HKLM\...\{32D01ECE-310C-4220-B2E9-AC4B1B34BAC7}) (Version: 4.0.9 - Novawave Inc.)
NVIDIA Graphics Driver 517.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 517.66 - NVIDIA Corporation)
NVIDIA RTX Desktop Manager 203.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 203.20 - NVIDIA Corporation)
Passware Kit Forensic 2022 v1 (64-bit) (HKLM\...\{7404C786-7E38-4560-84DE-BE4B9350FA95}) (Version: 2022.1.0.2718 - Passware)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 3.0.5 - Proton AG)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.) Hidden
Revo Uninstaller Pro 5.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.1.1 - VS Revo Group, Ltd.)
Sandboxie-Plus v1.7.2 (HKLM\...\Sandboxie-Plus_is1) (Version: 1.7.2 - hxxp://xanasoft.com/)
Thunderbolt™ Software (HKLM-x32\...\{1AA93FF8-C685-4E00-8682-7F2E5D8E8689}) (Version: 17.4.80.550 - Intel Corporation)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
VCDS Release 20.4.0 (HKLM-x32\...\VCDS Release) (Version: 20.4.0 - Ross-Tech)
vcpp_crt.redist.clickonce (HKLM-x32\...\{09184AC0-ACEE-44D5-95F2-05EE6D27A5E8}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Visual Studio Build Tools 2019 (HKLM-x32\...\ed242160) (Version: 16.11.18 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
Windows Driver Package - Amt-Cartech Ltd AMT Driver Package (09/05/2011 6.0.2.0) (HKLM\...\51E7C46456CB70E7A50E03D15C68ADFDD66025B6) (Version: 09/05/2011 6.0.2.0 - Amt-Cartech Ltd)
Windows Driver Package - EVC Electronic GmbH (FTDIBUS) USB (07/10/2015 2.12.06) (HKLM\...\6A7EBFF669F99C73447409E91FD4C2897FC3B4E4) (Version: 07/10/2015 2.12.06 - EVC Electronic GmbH)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\6FD3AF7C551020B1DC41058004187C7BD53BAAEB) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (08/16/2017 2.12.28) (HKLM\...\321E9C3B7C8E360B434912ED44CC222F08280048) (Version: 08/16/2017 2.12.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (08/16/2017 2.12.28) (HKLM\...\018B67599606F0589EA4CA42AD4CC6B5C24388A0) (Version: 08/16/2017 2.12.28 - FTDI)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Ross-Tech HIDClass (01/05/2014 6.3.0.3) (HKLM\...\3A9B09BBD4F12A76FBBD3A428729660930BA5F13) (Version: 01/05/2014 6.3.0.3 - Ross-Tech)
Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinHex (HKLM-x32\...\WinHex) (Version: - )
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
XnViewMP 1.4.4 (HKLM\...\XnViewMP_is1) (Version: 1.4.4 - Gougelet Pierre-e)

Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2023-02-15] (Canon Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4779.0_x64__8j3eq9eme6ctt [2023-04-13] (INTEL CORP) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-09] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2023-02-08] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-02-08] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-545925200-1295083642-4138522499-1003_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-545925200-1295083642-4138522499-1003_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2023-03-16] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2023-03-16] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2023-03-16] (Mega Limited -> )
 
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\contextMenu\NppShell.dll [2023-04-04] (Notepad++ -> )
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2023-03-16] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2023-03-16] (Mega Limited -> )
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2020-09-13] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2020-09-13] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2023-03-16] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll [2023-03-16] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_6497919955c0c02c\nvshext.dll [2023-02-16] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [NvQuadroView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2022-07-27] (Nvidia Corporation -> )
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRBoot => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415] ATTENTION => Default URLSearchHook is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2022-06-15] (Belarc, Inc. -> Belarc, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-11-11 20:17 - 2019-03-13 16:11 - 000003787 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 ross-tech.com
127.0.0.1 update.ross-tech.com
127.0.0.1 www.vcds.eu
127.0.0.1 www.adako.pl
127.0.0.1 www.ross-tech.com
127.0.0.1 www.vcds.pl
127.0.0.1 www.vag-com.pl
127.0.0.1 crl.certum.pl
127.0.0.1 tsa.certum.pl
127.0.0.1 www.certum.pl
127.0.0.1 ocsp.certum.pl
127.0.0.1 ross-tech.com
127.0.0.1 www.diag.ro
127.0.0.1 diag.ro
127.0.0.1 crl.verisign.net
127.0.0.1 ocsp.verisign.net
127.0.0.1 ocsp.verisign.com
127.0.0.1 OCSP.AMS1.VERISIGN.COM
127.0.0.1 OCSP.FRA1.VERISIGN.COM
127.0.0.1 OCSP.LAX2.VERISIGN.COM
127.0.0.1 OCSP.TKO2.VERISIGN.COM
127.0.0.1 crl.comodo.com
127.0.0.1 crl.geotrust.com
127.0.0.1 http://ocsp.verisign.net
127.0.0.1 http://ocsp.verisign.com
127.0.0.1 OCSP.NYC3.VERISIGN.NET
127.0.0.1 OCSP.NYC3.VERISIGN.COM
127.0.0.1 OCSP.SFO1.VERISIGN.NET
127.0.0.1 Ross-Tech-cust-66-212-10-238.netcarrier.net

2022-06-25 19:30 - 2023-05-03 22:03 - 000000516 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.23.112.1 Spontaneously-Broken-Symmetry.mshome.net # 2028 5 2 2 4 3 28 992

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;c:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Users\User\AppData\Local\Microsoft\WindowsApps;C:\adb;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\MPPS;C:\Program Files\dotnet\
HKU\S-1-5-21-545925200-1295083642-4138522499-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\right_on\Camera Roll\Copy of golden ratio as an infinite fraction.png
DNS Servers: 100.64.100.1 - 192.168.11.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Bluetooth Network Connection 2: VMware Bridge Protocol -> vmware_bridge (enabled)
Wi-Fi 4: VMware Bridge Protocol -> vmware_bridge (enabled)
Local Area Connection 2: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 4: VMware Bridge Protocol -> vmware_bridge (enabled)
vEthernet (Default Switch): VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 2: VMware Bridge Protocol -> vmware_bridge (enabled)
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled)
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled)
Wi-Fi: VMware Bridge Protocol -> vmware_bridge (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AESMService => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: Dolby DAX2 API Service => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: igccservice => 2
 
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Lenovo Instant On => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LPlatSvc => 2
MSCONFIG\Services: LPTService.exe => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NovabenchService => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NVWMI => 2
MSCONFIG\Services: ProtonVPN Service => 3
MSCONFIG\Services: ProtonVPN WireGuard => 3
MSCONFIG\Services: Realtek8723AU => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: ss_conn_launcher_service => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: ThunderboltService => 3
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: VMwareHostd => 2
MSCONFIG\Services: WifiAutoInstallSrv => 2
MSCONFIG\Services: WMIRegistrationService => 2
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\StartupFolder: => "NETGEAR A6100 Genie.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "DisplayLinkTrayApp"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\StartupApproved\StartupFolder: => "RT-Updater.lnk"
HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C"
HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-545925200-1295083642-4138522499-1003\...\StartupApproved\Run: => "Grammarly"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E59D5C21-7ADB-4D7C-8B23-F05F4E93937E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{2E99D9BD-6AE4-4D9F-B815-75B0437147E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{16A9A758-275F-450D-AA2A-CA7B4D04739B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{6C826F83-CA5C-42AD-9C7E-B00931F0F988}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{57ED0E1F-9C4B-4BB6-899E-7DEEB6A0E78E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{3C1E1695-516F-4AF1-B513-E44BB8D507B0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{D1FFC75F-FF7B-48B7-A163-EA84410537BB}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{CEB31CB8-BB70-4C0E-AC41-9104F3127876}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{074A8B13-0064-40ED-BFE0-1FA8D2506CEA}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
FirewallRules: [{3ACBF957-A60E-4C6E-A92E-15A6E8E300F4}] => (Allow) LPort=10777
FirewallRules: [{B2B7AC69-9921-42E8-A000-5CA8CA313347}] => (Block) %ProgramFiles%\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe => No File
FirewallRules: [{6CE2872A-F44B-4CEF-AD73-97A993B0326D}] => (Block) %ProgramFiles%\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe => No File
FirewallRules: [{80466588-ADB6-44BC-B73D-05E472C644CB}] => (Block) %ProgramFiles%\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe => No File
FirewallRules: [{E0D3B6E0-1DD9-4226-9718-12B618B226B2}] => (Allow) C:\Users\User\Downloads\WINOLS 4.51+Instructions\Desktop shortcut\WinOLS.exe => No File
FirewallRules: [{597A6664-467E-4B69-951C-89793AF411A9}] => (Allow) C:\Users\User\Downloads\WINOLS 4.51+Instructions\Desktop shortcut\WinOLS.exe => No File
FirewallRules: [{FFCEDE96-DDC0-49BD-8950-F6F6B45A5D6B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel(R) Wireless Connectivity Solutions -> )
FirewallRules: [TCP Query User{2F4B7602-E85E-469E-9B6B-F3D4BC211191}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{ADFD2280-3CDC-45EF-A3EA-5719AD208084}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{664A7CAC-FE8B-48C8-8BA5-0B16CD7043D1}] => (Allow) C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC -> Ross-Tech, LLC)
FirewallRules: [{58E38D7E-7AAA-40F1-A438-4950B5CFBB77}] => (Allow) C:\Ross-Tech\VCDS\VCIConfig.EXE (Ross-Tech, LLC -> Ross-Tech, LLC)
FirewallRules: [{32325EC9-9B76-449F-9118-210CBE99B28A}] => (Block) C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC -> Ross-Tech, LLC)
FirewallRules: [{E3C143E8-0BFD-4F7B-89F1-871389BE8571}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F93D91B6-08A9-43DD-95AD-6D51EF28B4D9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

28-04-2023 12:28:29 Windows Modules Installer
29-04-2023 00:00:21 Windows Modules Installer
29-04-2023 00:01:35 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (05/03/2023 10:12:18 PM) (Source: nview) (EventID: 1) (User: )
Description: Invalid window handle.

Error: (05/03/2023 10:03:22 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\SPONTANEOUSLY-B$ via https://IFX-KeyId-32c6e576663fee80d64cdd7b18e5603863b3bc8a.microsoftaik.azure.net/templates/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Date: Thu, 04 May 2023 04:03:21 GMT
Content-Length: 101
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: c3f7fb7b-423f-4cc6-ab2e-65b7e0fed1b8

Method: POST(2438ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (05/03/2023 06:18:27 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Access to performance data was denied to user "SYSTEM" (value from GetUserName() for the running thread) as attempted from module "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" (value from GetModuleFileName() for the binary that issued the query).

Error: (05/03/2023 12:22:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on My Passport (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/02/2023 05:25:54 PM) (Source: nview) (EventID: 1) (User: )
Description: Invalid window handle.

Error: (05/02/2023 05:13:57 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment for WORKGROUP\SPONTANEOUSLY-B$ via https://IFX-KeyId-32c6e576663fee80d64cdd7b18e5603863b3bc8a.microsoftaik.azure.net/templates/Aik/scep failed:

SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Date: Tue, 02 May 2023 23:13:54 GMT
Content-Length: 101
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
 
X-ms-request-id: 6a60928e-fe65-47bc-93d9-cc8d6d83faac

Method: POST(3625ms)
Stage: SubmitDone
Bad request (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (05/02/2023 02:49:33 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on My Passport (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/01/2023 10:45:31 PM) (Source: nview) (EventID: 1) (User: )
Description: Invalid window handle.


System errors:
=============
Error: (05/03/2023 10:05:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.389.140.0).

Error: (05/03/2023 10:03:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HOSTNT service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/03/2023 10:03:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\HOSTNT.SYS

Error: (05/03/2023 10:03:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DirectNT service failed to start due to the following error:
This driver has been blocked from loading

Error: (05/03/2023 10:03:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\DirectNT.SYS

Error: (05/03/2023 10:03:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The hvsics service depends on the CmService service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/03/2023 10:03:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The CmService service depends on the HvHost service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/03/2023 10:03:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HvHost service depends on the hvservice service which failed to start because of the following error:
Element not found.


Windows Defender:
================
Date: 2023-04-27 22:24:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-04-27 15:00:47
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tnega!ml
Severity: Severe
Category: Trojan
Path: containerfile:_c:\users\user\Desktop\Ecu-software.rar; file:_c:\users\user\Desktop\Ecu-software.rar->Ecu software\Immo Code Calculator v147.rar->Immo Code Calculator v147\ICC_Soft_147.exe->(RarSfx)->ICC_Tool.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.387.2435.0, AS: 1.387.2435.0, NIS: 1.387.2435.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-27 15:00:47
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Occamy.CEF
Severity: Severe
Category: Trojan
Path: containerfile:_c:\users\user\Desktop\Ecu-software.rar; file:_c:\users\user\Desktop\Ecu-software.rar->Ecu software\FSC Generator.rar->FSC Generator\copy_to_ EC-APPS\SWID_reader.exe; file:_c:\users\user\Desktop\Ecu-software.rar->Ecu software\FSC Generator.rar->FSC Generator\copy_to_ EC-APPS\SWID_reader\SWID_reader\SWID_reader.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.387.2435.0, AS: 1.387.2435.0, NIS: 1.387.2435.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-27 15:00:47
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Script/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: containerfile:_c:\users\user\Desktop\Ecu-software.rar; file:_c:\users\user\Desktop\Ecu-software.rar->Ecu software\ESYSPlus.zip
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.387.2435.0, AS: 1.387.2435.0, NIS: 1.387.2435.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-27 15:00:47
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.A!rfn
Severity: Severe
Category: Trojan
Path: containerfile:_c:\users\user\Desktop\Ecu-software.rar; file:_c:\users\user\Desktop\Ecu-software.rar->Ecu software\ECU Vonix 3.2.rar->ECU Vonix 3.2\keygen\HWIDGen.exe; file:_c:\users\user\Desktop\Ecu-software.rar->Ecu software\Immo Universal Decoding 3.2 IUD.rar->IUDv3.2\HWIDGen.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.387.2435.0, AS: 1.387.2435.0, NIS: 1.387.2435.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4
Event[0]:

Date: 2023-05-03 22:05:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.389.140.0
Previous security intelligence Version: 1.387.2599.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.20300.3
Previous Engine Version: 1.1.20200.4
Error code: 0x80070002
Error description: The system cannot find the file specified.

Date: 2023-05-03 22:05:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.389.140.0
Previous security intelligence Version: 1.387.2599.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.20300.3
Previous Engine Version: 1.1.20200.4
Error code: 0x80070002
Error description: The system cannot find the file specified.

Date: 2023-05-03 22:05:26
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.20300.3
Previous Engine Version: 1.1.20200.4
Error Code: 0x80070002
Error description: The system cannot find the file specified.

Date: 2023-04-27 06:37:02
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.387.740.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20200.4
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-04-11 06:29:02
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.385.1757.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20100.6
Error code: 0x8007045b
Error description: A system shutdown is in progress.

CodeIntegrity:
===============
Date: 2023-05-02 17:14:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO N1UET86W (1.60 ) 11/30/2022
Motherboard: LENOVO 20HHCTO1WW
Processor: Intel(R) Core(TM) i7-7820HQ CPU @ 2.90GHz
Percentage of memory in use: 11%
Total physical RAM: 65415.07 MB
Available physical RAM: 58069.23 MB
Total Virtual: 75143.07 MB
Available Virtual: 66901.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.33 GB) (Free:127.6 GB) (Model: SAMSUNG MZVKW512HMJP-000L7) NTFS
Drive d: () (Fixed) (Total:464.54 GB) (Free:0.06 GB) (Model: WDC WDS500G2B0C-00PXH0) NTFS
Drive e: (WD BLACK) (Fixed) (Total:931.48 GB) (Free:116.2 GB) (Model: WD My Passport 25E1 USB Device) NTFS
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:305.92 GB) (Model: WD My Passport 0748 USB Device) NTFS
 
\\?\Volume{30b0de69-badb-42cf-b24b-5f42330c4f2f}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{ddb03154-e027-4ad3-bfb0-16300f6fcf8e}\ () (Fixed) (Total:0.62 GB) (Free:0.07 GB) NTFS
\\?\Volume{36fa1ba1-d428-43ad-93b7-e86563a6be1a}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{17cccf9f-525a-4f20-818a-be11b17b29ae}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{891ce1c2-e400-4f5c-a8a6-54269aa06978}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 24BA3005)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt =======================
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back