Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Malware dev lures child exploiters into honeytrap to extort them

Featured Deal: Get work organized with $230 off Microsoft Project Professional 2021

Latest Buyer's Guide: How to setup a VPN on your router: Detailed walkthrough

Trojan-Ransom.Win32.Crypmod.zfq

Started by trgreene08 , Apr 06 2024 12:55 PM

This topic is locked

5 replies to this topic

#1 trgreene08

Members
2 posts
OFFLINE

Local time:06:24 AM

Posted 06 April 2024 - 12:55 PM

One of my kids installed a file on this computer that was supposed to be a mediatek driver to connect an android phone via fastboot, something like an ADB connection as I understand it. Well I noticed the page they got the driver from wasn't in English, which was the first red flag.

I ended up finding the file they installed, which is named MTK_USB_ALL_v1.0.8.exe. It shows up in the installed apps part of Control Panel as MTK Usb All 1.0.8 but it will not let me remove it. I get the following error

"Windows cannot find 'C:\Users\User\Desktop\Uninstaller.exe' Make sure you typed the name correctly, and then try again.'

My first impression here is that this seems like a simple fix. However, I'm not familiar with windows, as I have been using linux for a daily driver for the last decade. But it seems like it is trying to make the uninstall happen but it is being directed to the wrong place for the uninstall file so that should be something that should be easy to correct. As I was already suspiciouis of this file, it quickly occured to me, the WHY would it be directing incorrectly. I thought then I better scan it with virus total and got a hit hit for Trojan-Ransom.Win32.Crypmod.zfq

I decided I should then consult people who know better than I do when it comes to this. And I found this site. I have ran Windows Defender scan but nothing shows up and I have installed Malwarebytes that hasn't showed anything either.

Heres my Addition.txt and my FRST.txt. Whats the diagnosis, doc?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.04.2024
Ran by Trgre (administrator) on FUSION360 (Dell Inc. Latitude 5580) (06-04-2024 13:11:19)
Running from C:\Users\Trgre\Downloads\FRST64.exe
Loaded Profiles: Trgre
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3374 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(614A9D21-6F29-4C9D-9F7D-FF59321D9E5F -> ) C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.66.0_x64__sbe4t8mqwq93a\FileWatcher\FileWatcher.exe
(ALPS ALPINE CO., LTD. -> ALPSALPINE CO., LTD.) C:\Windows\System32\DellTPad\ApntEx.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24022.87.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24022.87.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedgewebview2.exe <7>
(C:\Users\Trgre\AppData\Local\Programs\Messenger\Messenger.exe ->) (Facebook, Inc. -> ) C:\Users\Trgre\AppData\Local\Programs\Messenger\CrashpadHandlerWindows.exe
(DellTPad\Apoint.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE CO., LTD.) C:\Windows\System32\DellTPad\ApMsgFwd.exe
(DellTPad\Apoint.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Windows\System32\DellTPad\hidfind.exe
(DellTPad\Apoint.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ALPSALPINE Co., Ltd.) C:\Windows\System32\DellTPad\ApRemote.exe
(DellTPad\HidMonitorSvc.exe ->) (ALPS ALPINE CO.,LTD. -> ALPSALPINE Co., Ltd.) C:\Windows\System32\DellTPad\Apoint.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxEM.exe
(explorer.exe ->) (CPUID -> CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
(explorer.exe ->) (Facebook, Inc. -> Meta Platforms, Inc.) C:\Users\Trgre\AppData\Local\Programs\Messenger\Messenger.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <43>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) ("STMicroelectronics Srl" -> ) C:\Windows\System32\drivers\DellFFDPWmiService.exe
(services.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Windows\System32\DellTPad\HidMonitorSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e6d6f5a306002a89\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_141eb88527011137\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d0b39b11619fd0c4\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d0b39b11619fd0c4\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_e2af5870d35e2824\aesm_service.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(services.exe ->) (Intel® Trust Services -> Intel® Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_34687bf44d0a152a\lib\SocketHeciServer.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\sshd.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_585839f97feb611a\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (prometheus-community) [File not signed] C:\Program Files\windows_exporter\windows_exporter.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Corporation -> StoreDesktopExtension) C:\Program Files\WindowsApps\Microsoft.WindowsStore_22402.1401.4.0_x64__8wekyb3d8bbwe\WinStore.DesktopExtension\StoreDesktopExtension.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24022.90.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Program Files\Intel\WiGig\CU\IntelWirelessDockManager.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.22.10861.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_22402.1401.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
Failed to access process -> vmmemCmZygote

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269120 2018-11-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2018-11-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1213736 2018-11-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [15400784 2024-03-11] (SteelSeries ApS -> SteelSeries ApS)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\RunOnce: [!BCILauncher] => C:\Windows\Temp\MUBSTemp\BCILauncher.EXE [18464 2024-04-04] (Microsoft Corporation -> ) <==== ATTENTION
HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\Run: [MicrosoftEdgeAutoLaunch_F5B3FD45A441E09F8A1316283BEBE505] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063800 2024-03-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\Run: [Proton Drive] => C:\Program Files\Proton\Drive\ProtonDrive.exe [232118976 2024-02-16] (Proton AG -> Proton AG)
HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\Run: [electron.app.Fing] => C:\Program Files\Fing\Fing.exe [136147896 2024-01-11] (Lansweeper -> Fing Ltd)
HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\Run: [com.messenger] => "C:\Users\Trgre\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {98F53272-1783-49FA-9FBA-18F7811725EC} - System32\Tasks\CUScheduled => C:\Program Files\Intel\WiGig\CU\IntelWirelessDockManager.exe [373192 2017-12-17] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
Task: {9B8CEF0E-F85D-46CA-B62C-20EFD0207D9D} - System32\Tasks\GoogleUpdateTaskMachineCore{6480B5BA-41F0-4AD3-9AA2-A2439B752287} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-03-24] (Google LLC -> Google LLC)
Task: {78BBFB91-5707-4335-84F6-AE99396FC908} - System32\Tasks\GoogleUpdateTaskMachineUA{42A81EFF-C75A-43AE-A40C-8CEBE11C0D06} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-03-24] (Google LLC -> Google LLC)
Task: {D867201D-D04A-4049-AA98-33D4D9C54045} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-4189167545-209535759-2186990464-1001 => C:\Users\Trgre\AppData\Local\Programs\Messenger\MessengerHelper.exe [2171640 2024-03-23] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {639D063D-9EF1-4FC5-9F01-DF23DF4E855F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6531E57-05D0-4D42-98CD-6D703309C870} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {13DEAC07-B4E9-4D64-BBB6-E98D30D27EF2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ADC8C139-8D5F-44DD-8E1C-82C56EDD402F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MpCmdRun.exe [1650024 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD028176-6415-46FA-A6E1-F3744589FFF0} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-06]
Edge Notifications: Default -> hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://www.messenger.com; hxxps://www.youtube.com
Edge Extension: (Edge Translate) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bfdogplmndidlpjfhoijckpakkdjkkil [2024-03-08]
Edge Extension: (Demodal - Block modals and overlays) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bpdgifbpenofpmlkfmliaocdejendefh [2024-03-07]
Edge Extension: (Tampermonkey BETA) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fcmfnpggmnlmfebfghbfnillijihnkoh [2024-03-27]
Edge Extension: (Google Docs Offline) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-01]
Edge Extension: (Sharp Video Downloader) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\glidmdlcicmeemjbdlalolkopgjgonjj [2024-02-28]
Edge Extension: (Bitwarden - Free Password Manager) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-03-12]
Edge Extension: (Edge relevant text changes) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-05]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2024-04-04]
Edge Extension: (Capital One Shopping: Save Now) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2024-04-04]
Edge Extension: (Halo) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npbihmhlfjhckkmiaogmjffkbibaonjb [2024-02-05]
Edge Extension: (Extreme paywall bypasser) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pcbgkanjdokadoaaabgmmlkcnaidcdjb [2024-02-07]
Edge Extension: (AdGuard AdBlocker) - C:\Users\Trgre\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2024-03-27]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.401.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Windows\system32\DellTPad\HidMonitorSvc.exe [894848 2021-05-25] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R2 DellFFDPWmiService; C:\Windows\System32\drivers\DellFFDPWmiService.exe [41136 2020-08-28] ("STMicroelectronics Srl" -> )
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10962688 2024-02-13] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8882936 2024-03-29] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-03-29] (Malwarebytes Inc. -> Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_585839f97feb611a\Display.NvContainer\NVDisplay.Container.exe [1275000 2023-12-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.2.10\ProtonVPNService.exe [474824 2024-02-01] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.WireGuardService.exe [474312 2024-02-01] (Proton AG -> ProtonVPN)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522080 2024-03-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SteelSeriesGGUpdateServiceProxy; C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe [1500608 2023-09-18] (SteelSeries ApS -> )
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [807352 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 windows_exporter; C:\Program Files\windows_exporter\windows_exporter.exe [22075904 2024-01-16] (prometheus-community) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ApHidfiltrService; C:\Windows\System32\drivers\ApHidfiltr.sys [371312 2021-05-25] (ALPS ALPINE CO.,LTD. -> ALPSALPINE Co., Ltd.)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44592 2024-04-06] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 fse; C:\Windows\System32\drivers\fse.sys [218592 2024-02-05] (Microsoft Windows -> Microsoft Corporation)
R3 imausbhpal; C:\Windows\System32\drivers\imausbhpal.sys [671224 2017-10-01] (Intel® Wireless Connectivity Solutions -> )
R3 imausbhub; C:\Windows\System32\drivers\imausbhub.sys [479736 2017-10-01] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 iwigig; C:\Windows\system32\DRIVERS\iwigig.sys [572392 2018-01-10] (Intel® Wireless Connectivity Solutions -> Intel® Corporation)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2024-02-13] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2024-02-13] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2024-02-13] (Logitech Inc -> Logitech)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-03-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt11.sys [233704 2024-04-04] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78912 2024-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [188784 2024-04-04] (Malwarebytes Inc. -> Malwarebytes)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [77792 2023-10-19] (Nmap Software LLC -> Insecure.Com LLC.)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.2.10\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 PSM; C:\Windows\System32\drivers\PSM.sys [107544 2018-05-04] (Intel® Wireless Connectivity Solutions -> )
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [43456 2023-12-19] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
S3 sshid; C:\Windows\System32\drivers\sshid.sys [44456 2023-09-18] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 SteelSeries_Sonar_VAD; C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys [95440 2023-03-17] (SteelSeries ApS -> Windows ® Win 7 DDK provider)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [254664 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [265536 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1064064 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [189304 2024-01-15] (Oracle Corporation -> Oracle and/or its affiliates)
S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2024-02-05] (Microsoft Windows -> )
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20928 2024-03-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [603416 2024-03-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-13] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2024-02-11] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2024-02-11] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-06 09:16 - 2024-04-06 09:16 - 000000000 ____D C:\Users\Trgre\Downloads\FRST-OlderVersion
2024-04-06 01:04 - 2024-04-06 08:40 - 000000000 ____D C:\Users\Trgre\Desktop\riversCloud_Install
2024-04-06 00:53 - 2024-04-06 08:39 - 000000000 ____D C:\Program Files\Cybelsoft
2024-04-06 00:53 - 2024-04-06 00:53 - 020789760 _____ C:\Users\Trgre\Downloads\DriversCloudx64_12_0_21.msi
2024-04-06 00:53 - 2024-04-06 00:53 - 000000000 ____D C:\Users\Trgre\AppData\Local\driverscloud
2024-04-06 00:47 - 2024-04-06 00:47 - 001538696 _____ (CPUID, Inc. ) C:\Users\Trgre\Downloads\hwmonitor_1.53.exe
2024-04-06 00:47 - 2024-04-06 00:47 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2024-04-06 00:47 - 2024-04-06 00:47 - 000000000 ____D C:\Program Files\CPUID
2024-04-04 11:34 - 2024-04-04 11:34 - 000001754 _____ C:\Users\Public\Desktop\Fing.lnk
2024-04-04 06:49 - 2024-04-04 06:49 - 000040577 _____ C:\Users\Trgre\Documents\US-Patent-7226614 OCR.txt
2024-04-04 06:26 - 2024-04-04 06:28 - 000774555 _____ C:\Users\Trgre\Documents\US-Patent-7226614 OCR.pdf
2024-04-04 06:19 - 2024-04-04 06:19 - 000684904 _____ C:\Users\Trgre\Documents\US-Patent-7226614.pdf
2024-04-04 00:05 - 2024-04-04 00:05 - 000233704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt11.sys
2024-04-04 00:05 - 2024-04-04 00:05 - 000188784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2024-04-01 12:01 - 2024-04-01 12:01 - 084575288 _____ C:\Users\Trgre\Downloads\OrcaSlicer_Windows_Installer_V2.0.0.exe
2024-03-31 18:49 - 2024-03-31 20:05 - 000000000 ____D C:\Users\Trgre\Downloads\bluebook
2024-03-31 13:18 - 2024-03-31 16:30 - 3456408473 _____ C:\Users\Trgre\Downloads\1950s.zip
2024-03-31 13:07 - 2024-03-31 13:11 - 1117224632 _____ C:\Users\Trgre\Downloads\1940s.zip
2024-03-30 05:58 - 2024-03-30 05:59 - 005573312 _____ C:\Users\Trgre\Downloads\Loaded instructions.pdf
2024-03-30 05:05 - 2024-03-30 05:05 - 000436382 _____ C:\Users\Trgre\Downloads\IMG_20210826_154254_294 (1).webp
2024-03-30 05:03 - 2024-03-30 05:03 - 000436382 _____ C:\Users\Trgre\Downloads\IMG_20210826_154254_294.webp
2024-03-30 04:02 - 2024-03-30 04:02 - 000000000 ____D C:\Windows\system32\appmgmt
2024-03-30 03:38 - 2024-03-30 03:38 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\VoiceAccess
2024-03-29 17:28 - 2024-03-29 17:28 - 000000000 ____D C:\Windows\Microsoft Antimalware
2024-03-29 15:09 - 2024-04-06 13:07 - 000000000 ____D C:\Users\Trgre\AppData\Local\Malwarebytes
2024-03-29 15:09 - 2024-03-29 15:09 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-03-29 15:08 - 2024-03-29 15:08 - 002589624 _____ (Malwarebytes) C:\Users\Trgre\Downloads\MBSetup.exe
2024-03-29 15:07 - 2024-03-29 15:09 - 000000000 ____D C:\Program Files\Malwarebytes
2024-03-29 15:06 - 2024-03-29 15:06 - 061819320 _____ (Malwarebytes ) C:\Users\Trgre\Downloads\mbarw-setup-consumer-0.9.18.807.exe
2024-03-29 15:04 - 2024-03-29 15:04 - 008791352 _____ (Malwarebytes) C:\Users\Trgre\Downloads\AdwCleaner (1).exe
2024-03-29 15:01 - 2024-03-29 15:02 - 000000000 ____D C:\AdwCleaner
2024-03-29 15:01 - 2024-03-29 15:01 - 008791352 _____ (Malwarebytes) C:\Users\Trgre\Downloads\AdwCleaner.exe
2024-03-29 15:01 - 2024-03-29 15:01 - 008790880 _____ (Malwarebytes) C:\Users\Trgre\Downloads\adwcleaner(1).exe
2024-03-29 15:00 - 2024-03-29 15:00 - 005659583 _____ (Swearware) C:\Users\Trgre\Downloads\ComboFix.exe
2024-03-29 14:50 - 2024-03-29 14:50 - 000001966 _____ C:\Users\Trgre\Desktop\Rkill.txt
2024-03-29 14:49 - 2024-03-29 14:50 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Trgre\Downloads\rkill (1).exe
2024-03-29 14:49 - 2024-03-29 14:49 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Trgre\Downloads\rkill.exe
2024-03-29 14:43 - 2024-03-29 14:44 - 000036362 _____ C:\Users\Trgre\Downloads\Addition.txt
2024-03-29 14:41 - 2024-04-06 13:12 - 000022932 _____ C:\Users\Trgre\Downloads\FRST.txt
2024-03-29 14:41 - 2024-04-06 13:11 - 000000000 ____D C:\FRST
2024-03-29 14:40 - 2024-04-06 09:16 - 002393600 _____ (Farbar) C:\Users\Trgre\Downloads\FRST64.exe
2024-03-29 13:27 - 2024-03-29 13:27 - 000000000 ____D C:\Windows\SysWOW64\DDFs
2024-03-29 12:57 - 2024-03-29 12:57 - 000024320 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-29 12:56 - 2024-03-29 12:56 - 000024320 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-03-29 12:53 - 2024-03-29 12:55 - 000000000 ___HD C:\$WinREAgent
2024-03-27 21:15 - 2024-03-27 21:15 - 000000000 ____D C:\Users\Trgre\AppData\Local\Blender Foundation
2024-03-27 21:05 - 2024-03-27 21:05 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\Blender Foundation
2024-03-27 21:04 - 2024-03-27 21:04 - 000000000 ____D C:\Users\Trgre\.thumbnails
2024-03-27 19:41 - 2024-04-05 08:00 - 000000000 ____D C:\Shared
2024-03-27 15:13 - 2024-03-27 15:26 - 2256013824 _____ C:\Users\Trgre\Downloads\Whonix-Xfce-17.1.3.1.ova
2024-03-26 13:11 - 2024-03-26 13:11 - 000000000 ____D C:\Program Files\qBittorrent
2024-03-26 11:24 - 2024-03-26 12:57 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\Telegram Desktop
2024-03-26 11:24 - 2024-03-26 11:24 - 000001032 _____ C:\Users\Trgre\Desktop\Telegram.lnk
2024-03-26 11:24 - 2024-03-26 11:24 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2024-03-24 17:20 - 2024-03-24 17:20 - 000000000 ____D C:\Users\Trgre\AppData\LocalLow\Google
2024-03-24 05:07 - 2024-04-06 13:12 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-24 05:07 - 2024-03-24 05:07 - 000003790 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{42A81EFF-C75A-43AE-A40C-8CEBE11C0D06}
2024-03-24 05:07 - 2024-03-24 05:07 - 000003666 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{6480B5BA-41F0-4AD3-9AA2-A2439B752287}
2024-03-24 05:07 - 2024-03-24 05:07 - 000002241 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2024-03-24 05:07 - 2024-03-24 05:07 - 000000000 ____D C:\Program Files\Google
2024-03-21 12:50 - 2024-03-21 15:14 - 000000000 ____D C:\Users\Trgre\Downloads\Grand Theft Auto V [FitGirl Lolly Repack]
2024-03-21 06:59 - 2024-03-29 13:27 - 000000000 ____D C:\Program Files\Hyper-V
2024-03-20 05:21 - 2024-03-20 05:22 - 000000000 ____D C:\Users\Trgre\Downloads\archive (1)
2024-03-20 05:21 - 2024-03-20 05:21 - 000001549 _____ C:\Users\Trgre\Downloads\archive (1).zip
2024-03-20 05:18 - 2024-03-20 05:22 - 000000000 ____D C:\Users\Trgre\Downloads\archive
2024-03-20 05:18 - 2024-03-20 05:18 - 000004057 _____ C:\Users\Trgre\Downloads\archive.zip
2024-03-19 10:00 - 2024-03-19 10:00 - 000000566 _____ C:\Users\Trgre\Downloads\authorized_keys (2)
2024-03-18 23:15 - 2024-03-18 23:25 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\rclone
2024-03-18 23:15 - 2024-03-18 23:15 - 000000000 ____D C:\Users\Trgre\Downloads\rclone-v1.66.0-windows-amd64
2024-03-18 23:14 - 2024-03-18 23:15 - 021071308 _____ C:\Users\Trgre\Downloads\rclone-v1.66.0-windows-amd64.zip
2024-03-18 22:54 - 2024-03-18 22:54 - 000002602 _____ C:\Users\Trgre\Downloads\trgreene08_private_key_rsa (1).txt
2024-03-18 22:54 - 2024-03-18 22:54 - 000000566 _____ C:\Users\Trgre\Downloads\trgreene08_public_key_rsa.txt
2024-03-18 22:52 - 2024-03-18 22:52 - 000000566 _____ C:\Users\Trgre\Downloads\authorized_keys (1)
2024-03-18 21:57 - 2024-03-19 10:04 - 000001706 _____ C:\Users\Trgre\Downloads\authorized_keys
2024-03-18 21:57 - 2024-03-18 21:57 - 000002602 _____ C:\Users\Trgre\Downloads\trgreene08_private_key_rsa.txt
2024-03-18 06:43 - 2024-03-18 06:43 - 000007612 _____ C:\Users\Trgre\AppData\Local\Resmon.ResmonCfg
2024-03-18 04:43 - 2024-03-18 04:43 - 000000000 ____D C:\Windows\SysWOW64\ipam
2024-03-18 04:43 - 2024-03-18 04:43 - 000000000 ____D C:\Windows\system32\ipam
2024-03-18 04:36 - 2024-03-18 04:36 - 000001315 _____ C:\Windows\DfsrAdmin.exe.config
2024-03-18 04:36 - 2024-03-18 04:36 - 000001311 _____ C:\Windows\system32\DfsMgmt.dll.config
2024-03-18 04:32 - 2024-03-18 04:32 - 000000764 _____ C:\Windows\system32\dsac.exe.config
2024-03-18 04:32 - 2024-03-18 04:32 - 000000000 ____D C:\Windows\system32\ServerManagerInternal
2024-03-18 04:32 - 2024-03-18 04:32 - 000000000 ____D C:\Windows\system32\BestPractices
2024-03-18 04:32 - 2024-03-18 04:32 - 000000000 ____D C:\Windows\ADFS
2024-03-18 04:28 - 2024-03-18 04:28 - 000000000 ____D C:\Program Files\CMAK
2024-03-18 04:28 - 2024-03-18 04:28 - 000000000 ____D C:\Program Files (x86)\CMAK
2024-03-18 03:48 - 2024-03-18 03:48 - 000000000 __RSD C:\Windows\SysWOW64\WindowsDevicePortal
2024-03-18 03:48 - 2024-03-18 03:48 - 000000000 __RSD C:\Windows\system32\WindowsDevicePortal
2024-03-18 03:48 - 2024-03-18 03:48 - 000000000 ___RD C:\Windows\WebManagement
2024-03-18 03:48 - 2024-03-18 03:48 - 000000000 ____D C:\Users\DevToolsUser
2024-03-18 03:48 - 2022-05-07 01:42 - 000000000 ____D C:\Users\DevToolsUser\AppData\Roaming\Microsoft\Windows
2024-03-18 03:48 - 2022-05-07 01:24 - 000000000 ____D C:\Users\DevToolsUser\AppData\Roaming\Microsoft\Spelling
2024-03-18 03:26 - 2024-03-18 03:26 - 000000228 _____ C:\Users\Trgre\Downloads\discord_backup_codes.txt
2024-03-17 20:25 - 2024-03-20 21:01 - 000000000 ____D C:\Users\Trgre\AppData\Local\Microsoft_Corporation
2024-03-17 05:43 - 2024-03-17 05:43 - 007508456 _____ C:\Users\Trgre\Downloads\ufo1.pdf
2024-03-16 06:39 - 2024-04-06 13:13 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\Messenger
2024-03-16 06:39 - 2024-04-06 13:13 - 000000000 ____D C:\Users\Trgre\AppData\Local\Messenger
2024-03-16 06:39 - 2024-04-04 00:49 - 000002325 _____ C:\Users\Trgre\Desktop\Messenger.lnk
2024-03-16 06:39 - 2024-03-16 06:39 - 000002333 _____ C:\Users\Trgre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Messenger.lnk
2024-03-16 06:39 - 2024-03-16 06:39 - 000000000 ____D C:\Windows\system32\Tasks\Meta
2024-03-16 06:39 - 2024-03-16 06:39 - 000000000 ____D C:\Users\Trgre\AppData\LocalLow\Messenger
2024-03-16 06:39 - 2024-03-16 06:39 - 000000000 ____D C:\Users\Trgre\AppData\Local\messenger-updater
2024-03-14 16:33 - 2024-03-14 16:33 - 000770048 _____ C:\Users\Trgre\Downloads\truenas-TrueNAS-SCALE-23.10.2-20240314163329.db
2024-03-14 05:44 - 2024-03-14 05:47 - 1585971200 _____ C:\Users\Trgre\Downloads\TrueNAS-SCALE-23.10.2.iso
2024-03-14 04:42 - 2024-03-30 04:03 - 000000000 ____D C:\Program Files (x86)\SeaTools5
2024-03-14 04:40 - 2024-03-14 04:40 - 010674176 _____ C:\Users\Trgre\Downloads\HFS4WIN.msi
2024-03-12 15:50 - 2024-03-12 15:51 - 1600482176 _____ (Autodesk, Inc.) C:\Users\Trgre\Downloads\DesktopConnector-x64.exe
2024-03-12 15:47 - 2024-03-12 15:47 - 000000000 ____D C:\Users\Trgre\AppData\Local\CEF
2024-03-12 15:44 - 2024-03-12 15:44 - 272221418 _____ C:\Users\Trgre\Downloads\creality-ender-3-v2-2.snapshot.5.zip
2024-03-12 12:16 - 2024-03-12 12:43 - 082899399 _____ C:\Users\Trgre\Downloads\OrcaSlicer_Windows_Installer_V2.0.0-beta.exe
2024-03-11 23:07 - 2024-03-11 23:10 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\vlc
2024-03-11 23:02 - 2024-03-11 23:02 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2024-03-11 23:01 - 2024-03-11 23:01 - 000000000 ____D C:\Program Files\VideoLAN
2024-03-11 17:22 - 2024-03-11 17:22 - 005309091 _____ C:\Users\Trgre\Downloads\win_01.07.01.04.zip
2024-03-11 02:58 - 2024-03-11 03:16 - 088770326 _____ C:\Users\Trgre\Downloads\OrcaSlicer_Windows_Installer_1.9.1.exe
2024-03-08 22:44 - 2024-03-08 22:44 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2024-03-08 22:32 - 2024-03-08 22:32 - 000000000 ____D C:\Users\Trgre\.android
2024-03-08 22:28 - 2024-03-28 11:21 - 000000000 ____D C:\platform-tools_r35.0.0-windows
2024-03-08 22:28 - 2024-03-08 22:28 - 006542858 _____ C:\Users\Trgre\Downloads\platform-tools_r35.0.0-windows.zip
2024-03-07 20:22 - 2024-03-07 22:51 - 013110089 _____ C:\Users\Trgre\Downloads\Niagara_Launcher_v1.11.4_Pro_By_RBMods.apk
2024-03-07 20:18 - 2024-03-07 20:20 - 208761890 _____ C:\Users\Trgre\Downloads\Photoshop Express Photo Editor_12.8.334_arm8.apk
2024-03-07 11:02 - 2024-03-07 10:52 - 000072997 _____ C:\Users\Trgre\Desktop\First_Layer_Patch-0.25mm_PLA_6m36s.gcode

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-06 13:12 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\SystemTemp
2024-04-06 13:07 - 2024-02-06 01:59 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-04-06 09:35 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\AppReadiness
2024-04-06 08:49 - 2024-02-27 06:32 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\Fing
2024-04-06 08:47 - 2024-02-05 21:02 - 000000000 ____D C:\Users\Trgre\AppData\Local\Packages
2024-04-06 08:46 - 2022-05-07 01:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-06 08:45 - 2024-02-12 11:33 - 000000000 ____D C:\Users\Trgre\.VirtualBox
2024-04-05 05:22 - 2024-02-27 06:32 - 000000000 ____D C:\Program Files\Fing
2024-04-04 10:14 - 2024-02-06 01:59 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-04 10:14 - 2024-02-06 01:59 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-04 06:56 - 2024-02-05 21:17 - 000000000 ____D C:\Users\Trgre\AppData\Local\Publishers
2024-04-04 00:09 - 2024-02-06 02:06 - 000804932 _____ C:\Windows\system32\PerfStringBackup.INI
2024-04-04 00:09 - 2022-05-07 01:22 - 000000000 ____D C:\Windows\INF
2024-04-04 00:05 - 2024-02-12 08:47 - 000000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2024-04-04 00:05 - 2024-02-06 01:59 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-04 00:05 - 2024-02-06 01:59 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-04-04 00:05 - 2024-02-05 21:02 - 000000000 __SHD C:\Users\Trgre\IntelGraphicsProfiles
2024-04-04 00:05 - 2024-02-05 18:21 - 000000000 ____D C:\Intel
2024-04-04 00:05 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\ServiceState
2024-04-01 19:21 - 2022-05-07 01:17 - 000524288 _____ C:\Windows\system32\config\BBI
2024-04-01 18:43 - 2024-02-12 08:44 - 000001575 _____ C:\Windows\system32\config\VSMIDK
2024-04-01 18:31 - 2024-02-11 04:19 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\OrcaSlicer
2024-04-01 13:41 - 2024-02-05 21:14 - 000000000 ____D C:\Users\Trgre\AppData\Local\Autodesk
2024-04-01 12:03 - 2024-02-11 03:39 - 000000882 _____ C:\Users\Public\Desktop\OrcaSlicer.lnk
2024-04-01 12:02 - 2024-02-11 03:39 - 000000000 ____D C:\Program Files\OrcaSlicer
2024-03-31 23:26 - 2024-02-12 11:40 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\qBittorrent
2024-03-31 04:09 - 2024-02-05 21:04 - 000000000 ____D C:\Users\Trgre\AppData\Local\D3DSCache
2024-03-30 17:34 - 2024-02-05 20:00 - 000000000 ____D C:\Users\Trgre
2024-03-30 06:07 - 2024-02-06 10:10 - 000000000 ____D C:\Windows\system32\SteelSeries
2024-03-30 03:39 - 2024-02-05 21:03 - 000000000 ____D C:\Users\Trgre\AppData\Local\PlaceholderTileLogoFolder
2024-03-29 17:21 - 2024-02-06 01:59 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-03-29 15:09 - 2022-05-07 01:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-03-29 14:25 - 2024-02-11 18:09 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\Microsoft\MMC
2024-03-29 13:37 - 2024-02-06 01:59 - 000295328 _____ C:\Windows\system32\FNTCACHE.DAT
2024-03-29 13:27 - 2022-05-07 03:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ___SD C:\Windows\system32\lxss
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\SystemResources
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\oobe
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\DDFs
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\ShellComponents
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\Provisioning
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-03-29 13:27 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\bcastdvr
2024-03-29 12:59 - 2022-05-07 01:17 - 000000000 ____D C:\Windows\CbsTemp
2024-03-29 12:57 - 2024-02-06 02:03 - 003213824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-03-28 09:18 - 2024-02-12 08:13 - 000000000 ____D C:\Users\Trgre\3DPrints
2024-03-27 19:15 - 2024-02-12 15:55 - 000000000 ____D C:\Users\Trgre\VirtualBox VMs
2024-03-27 19:07 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\SecurityHealth
2024-03-21 06:59 - 2024-03-03 23:48 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\discord
2024-03-21 06:59 - 2022-05-07 01:24 - 000000000 ___SD C:\Windows\SysWOW64\lxss
2024-03-21 06:59 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2024-03-21 06:59 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\inetsrv
2024-03-21 06:59 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\schemas
2024-03-21 06:58 - 2024-02-16 12:38 - 000000000 ____D C:\Users\Trgre\Documents\Notes
2024-03-21 06:03 - 2024-03-03 23:48 - 000000000 ____D C:\Users\Trgre\AppData\Local\Discord
2024-03-21 02:15 - 2024-02-05 20:00 - 000000000 ___SD C:\Users\Trgre\AppData\Roaming\Microsoft\Credentials
2024-03-20 21:01 - 2024-02-05 20:00 - 000000000 ____D C:\Users\Trgre\AppData\Roaming\Microsoft\Windows
2024-03-20 06:03 - 2024-03-03 23:48 - 000002227 _____ C:\Users\Trgre\Desktop\Discord.lnk
2024-03-19 11:40 - 2024-02-13 22:44 - 000000000 ____D C:\Users\Trgre\AppData\Local\ElevatedDiagnostics
2024-03-18 23:19 - 2024-02-27 08:52 - 000000000 ____D C:\Users\Trgre\.zenmap
2024-03-18 19:08 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\LiveKernelReports
2024-03-18 04:44 - 2022-05-07 01:20 - 001585236 _____ C:\Windows\system32\WindowsVirtualization.V2.mof
2024-03-18 04:44 - 2022-05-07 01:20 - 001153282 _____ C:\Windows\system32\WindowsHyperVCluster.V2.mof
2024-03-18 04:44 - 2022-05-07 01:20 - 000733184 _____ C:\Windows\system32\hgattest.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000701800 _____ (Microsoft Corporation) C:\Windows\system32\VmEmulatedStorage.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000406888 _____ (Microsoft Corporation) C:\Windows\system32\VmEmulatedNic.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000284000 _____ (Microsoft Corporation) C:\Windows\system32\vmfirmwarepcat.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000279920 _____ (Microsoft Corporation) C:\Windows\system32\vmsynthfcvdev.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000243024 _____ (Microsoft Corporation) C:\Windows\system32\vpcievdev.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000191480 _____ (Microsoft Corporation) C:\Windows\system32\vmsp.exe
2024-03-18 04:44 - 2022-05-07 01:20 - 000144967 _____ C:\Windows\system32\virtmgmt.msc
2024-03-18 04:44 - 2022-05-07 01:20 - 000111976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcip.sys
2024-03-18 04:44 - 2022-05-07 01:20 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\BootExpCfg.exe
2024-03-18 04:44 - 2022-05-07 01:20 - 000099688 _____ (Microsoft Corporation) C:\Windows\system32\rtpm.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000087392 _____ (Microsoft Corporation) C:\Windows\system32\vmmsprox.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\hgsclientplugin.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000071024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lunparser.sys
2024-03-18 04:44 - 2022-05-07 01:20 - 000067520 _____ (Microsoft Corporation) C:\Windows\system32\vmplatformca.exe
2024-03-18 04:44 - 2022-05-07 01:20 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\AttestationWmiProvider.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000050536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxss.sys
2024-03-18 04:44 - 2022-05-07 01:20 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\shelllauncherproviderevents.dll
2024-03-18 04:44 - 2022-05-07 01:20 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\HostGuardianServiceClientResources.dll
2024-03-18 04:32 - 2022-05-07 01:20 - 000144646 _____ C:\Windows\system32\dssite.msc
2024-03-18 04:32 - 2022-05-07 01:20 - 000144380 _____ C:\Windows\system32\adsiedit.msc
2024-03-18 04:32 - 2022-05-07 01:20 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\ldifde.exe
2024-03-18 04:32 - 2022-05-07 01:20 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\dsacls.exe
2024-03-18 04:32 - 2022-05-07 01:20 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\csvde.exe
2024-03-18 03:48 - 2022-05-07 03:38 - 000000000 ____D C:\Windows\system32\OpenSSH
2024-03-18 03:48 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\SystemApps
2024-03-16 00:24 - 2024-03-04 16:35 - 000000000 ____D C:\Users\Trgre\.ssh
2024-03-14 21:48 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\NDF
2024-03-14 01:06 - 2024-02-05 18:30 - 000000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2024-03-13 03:15 - 2024-02-06 01:59 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-03-13 03:03 - 2024-02-05 20:31 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-03-13 03:03 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-03-13 03:03 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-03-13 03:03 - 2022-05-07 01:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-03-13 03:03 - 2022-05-07 01:17 - 000000000 ____D C:\Windows\servicing
2024-03-12 17:13 - 2024-02-06 10:08 - 000000000 ____D C:\Windows\system32\MRT
2024-03-12 17:11 - 2024-02-06 10:08 - 190470136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-03-08 12:02 - 2024-02-05 21:04 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4189167545-209535759-2186990464-1001
2024-03-08 12:02 - 2024-02-05 21:04 - 000003366 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4189167545-209535759-2186990464-1001
2024-03-08 12:02 - 2024-02-05 21:04 - 000002379 _____ C:\Users\Trgre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ========

2024-03-18 06:43 - 2024-03-18 06:43 - 000007612 _____ () C:\Users\Trgre\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.04.2024
Ran by Trgre (06-04-2024 13:14:00)
Running from C:\Users\Trgre\Downloads
Microsoft Windows 11 Pro Version 23H2 22631.3374 (X64) (2024-02-06 06:01:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4189167545-209535759-2186990464-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4189167545-209535759-2186990464-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-4189167545-209535759-2186990464-1003 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-4189167545-209535759-2186990464-501 - Limited - Disabled)
Trgre (S-1-5-21-4189167545-209535759-2186990464-1001 - Administrator - Enabled) => C:\Users\Trgre
WDAGUtilityAccount (S-1-5-21-4189167545-209535759-2186990464-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Autodesk Fusion (HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.18719 - Autodesk, Inc.)
blender (HKLM\...\{9895B058-9168-49B2-A99D-31970EC35033}) (Version: 4.0.2 - Blender Foundation)
CPUID HWMonitor 1.53 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.53 - CPUID, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.216 - ALPSALPINE CO., LTD.)
Discord (HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Fing 3.6.1 (HKLM\...\Fing Desktop) (Version: 3.6.1 - Fing Ltd)
Google Earth Pro (HKLM\...\{3470AD08-85F2-4B1D-8487-FC4750732087}) (Version: 7.3.6.9796 - Google)
Intel® Wireless Dock Manager (HKLM-x32\...\{74935c89-a294-4e27-b7a1-1e19139e4d5e}) (Version: 3.0.53144.2 - Intel Corporation)
Java 8 Update 401 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Kodi (HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\Kodi) (Version: 20.3.0.0 - XBMC Foundation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.1.515200 - Logitech)
Malwarebytes version 5.1.1.106 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.1.106 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9669.1 - Waves Audio Ltd.) Hidden
Messenger (HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 208.0.580469446 - Facebook, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.65 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.65 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\OneDriveSetup.exe) (Version: 24.025.0204.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
MTK Usb All 1.0.8 (HKLM-x32\...\MTK Usb All 1.0.8) (Version: 1.0.8 - MTK 2000)
Nmap 7.94 (HKLM-x32\...\Nmap) (Version: 7.94 - Nmap Project)
Notion 3.1.1 (HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\661f0cc6-343a-59cb-a5e8-8f6324cc6998) (Version: 3.1.1 - Notion Labs, Inc)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.78 - Nmap Project)
NVIDIA Graphics Driver 537.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.77 - NVIDIA Corporation)
Obsidian (HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\bd400747-f0c1-5638-a859-982036102edf) (Version: 1.5.3 - Obsidian)
Oracle VM VirtualBox 7.0.14 (HKLM\...\{8DDF4B7A-DE1A-4619-B426-959B44E40A87}) (Version: 7.0.14 - Oracle and/or its affiliates)
OrcaSlicer (HKLM-x32\...\OrcaSlicer) (Version: 2.0.0 - SoftFever)
Proton Drive (HKLM\...\{F63D04B1-4D0C-4616-9124-D1DE18A1DF88}) (Version: 1.4.10 - Proton AG) Hidden
Proton Drive (HKLM\...\Proton Drive 1.4.10) (Version: 1.4.10 - Proton AG)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 3.2.10 - Proton AG)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.4 - The qBittorrent project)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8569 - Realtek Semiconductor Corp.)
SteelSeries GG 58.1.0 (HKLM\...\SteelSeries GG) (Version: 58.1.0 - SteelSeries ApS)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.57.0 - TechPowerUp)
Telegram Desktop (HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.15.2 - Telegram FZ-LLC)
USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WiGig Installer For NB (HKLM\...\{B490C105-9555-4F27-A82A-712138B9C0DF}) (Version: 3.0.53144.2 - Intel ® Corporation) Hidden
windows_exporter (HKLM\...\{D68397F1-CBE2-4450-9CFD-18F51B790BAE}) (Version: 0.25.1 - prometheus-community)
Wireshark 4.2.3 x64 (HKLM-x32\...\Wireshark) (Version: 4.2.3 - The Wireshark developer community, hxxps://www.wireshark.org)

Packages:
=========

ADB Explorer -> C:\Program Files\WindowsApps\57163AlexSSB.ADBExplorer_0.8.24030.0_x64__945x2b8a76bwt [2024-03-28] (AlexSSB)
AdobeSystemsIncorporated.AdobePhotoshopExpress -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.12.430.0_x64__ynb6jyjzte8ga [2024-03-20] (Adobe Inc.)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5390.0_x64__8j3eq9eme6ctt [2024-03-13] (INTEL CORP) [Startup Task]
Dell Free Fall Data Protection -> C:\Program Files\WindowsApps\STMicroelectronicsMEMS.DellFreeFallDataProtection_1.0.27.0_x64__rp6h1c31mfy1y [2024-02-14] (STMICROELECTRONICS S.R.L.)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1200.442.0_x64__8wekyb3d8bbwe [2024-03-21] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-03-31] (Meta)
GpgFrontend -> C:\Program Files\WindowsApps\15599Saturneric.GpgFrontend_2.1.2.0_x64__cmzh4yccza0qa [2024-03-27] (Saturneric)
Image Scan OCR -> C:\Program Files\WindowsApps\36727ttop324.195639DD2ACDC_1.0.12.0_x64__ewrm79pevfdzc [2024-04-04] (ttop324)
LibreWolf -> C:\Program Files\WindowsApps\31856maltejur.LibreWolf_123.1.100.0_x64__ssmwz6s360tct [2024-03-21] (LibreWolf)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2024-02-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2024-02-27] (Microsoft Corporation) [MS Ad]
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-14] (Microsoft Corporation)
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-03-13] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24022.90.0_x64__cw5n1h2txyewy [2024-03-26] (Microsoft Windows) [Startup Task]
Network Inspector -> C:\Program Files\WindowsApps\48425ShipwreckSoftware.NetworkInspector_2.3.24.0_x64__jh2negtepkzpr [2024-02-27] (Shipwreck Software) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj [2024-03-25] (NVIDIA Corp.)
OfficeSuite Personal Free -> C:\Program Files\WindowsApps\MobiSystems.OfficeSuitePersonalFree_8.40.55121.0_x64__8m57vzdwnbybp [2024-04-04] (MobiSystems)
PDF X -> C:\Program Files\WindowsApps\6760NGPDFLab.PDFX_1.3.66.0_x64__sbe4t8mqwq93a [2024-04-04] (NG PDF Lab) [Startup Task]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-09] (Microsoft Studios) [MS Ad]
Speech Pack - English (United States) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-US.1_1.0.16.0_x64__cw5n1h2txyewy [2024-03-30] (Microsoft Windows)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0 [2024-03-22] (Spotify AB) [Startup Task]
Virustotal Scan -> C:\Program Files\WindowsApps\56424Roast247.WinAntivirus_1.0.0.0_neutral__tvnndvqfdvvsa [2024-04-06] (Roast247)
Visual-Physical-Converter -> C:\Program Files\WindowsApps\61923AuroraDigital.Visual-Physical-Converter_1.3.3.0_x64__kv9bh2mz121p4 [2024-03-02] (Erif Digital)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-13] (Microsoft Corporation)
xplorer² lite - desktop file manager -> C:\Program Files\WindowsApps\ZabKat.xplorer2_5.4.0.0_x86__p8ja4pry6vsjm [2024-02-06] (ZabKat)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4189167545-209535759-2186990464-1001_Classes\CLSID\{1dcb280c-9699-aefe-803c-2007c35cbb5a}\localserver32 -> C:\Program Files\Proton\Drive\ProtonDrive.exe (Proton AG -> Proton AG)
CustomCLSID: HKU\S-1-5-21-4189167545-209535759-2186990464-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.exe (Proton AG -> )
CustomCLSID: HKU\S-1-5-21-4189167545-209535759-2186990464-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-4189167545-209535759-2186990464-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\Trgre\AppData\Local\Autodesk\webdeploy\production\b6226a03d2af9e144aa8b1b7e17cf8eb0cd990f1\NPreview10.dll (Autodesk, Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_585839f97feb611a\nvshext.dll [2023-12-28] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Trgre\Downloads\DriversCloudx64_12_0_21.msi:MBAM.Zone.Identifier [161]
AlternateDataStreams: C:\Users\Trgre\Downloads\hwmonitor_1.53.exe:MBAM.Zone.Identifier [127]
AlternateDataStreams: C:\Users\Trgre\Downloads\OrcaSlicer_Windows_Installer_V2.0.0.exe:MBAM.Zone.Identifier [681]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 01:24 - 2022-05-07 01:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2024-02-12 08:47 - 2024-04-04 00:05 - 000000437 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.19.48.1 Fusion360.mshome.net # 2029 4 2 3 4 5 40 771

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4189167545-209535759-2186990464-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img19.jpg
HKU\S-1-5-21-4189167545-209535759-2186990464-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.165
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SteelSeriesGG"
HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\StartupApproved\Run: => "Proton Drive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [RemoteTask-In-TCP-NoScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteEventLogSvc-In-TCP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Block) C:\Windows\system32\wininit.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [EventForwarder-RPCSS-In-TCP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RVM-RPCSS-In-TCP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) C:\Windows\system32\raserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteEventLogSvc-RPCSS-In-TCP-NoScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [EventForwarder-In-TCP] => (Block) C:\Windows\system32\NetEvtFwdr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RVM-VDS-In-TCP] => (Block) C:\Windows\system32\vds.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteTask-RPCSS-In-TCP-NoScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteSvcAdmin-RPCSS-In-TCP-NoScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteSvcAdmin-In-TCP] => (Block) C:\Windows\system32\services.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteSvcAdmin-RPCSS-In-TCP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteSvcAdmin-In-TCP-NoScope] => (Block) C:\Windows\system32\services.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RVM-RPCSS-In-TCP-NoScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RVM-VDSLDR-In-TCP] => (Block) C:\Windows\system32\vdsldr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteTask-RPCSS-In-TCP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope] => (Block) C:\Windows\system32\msra.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteTask-In-TCP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Block) C:\Windows\system32\wininit.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteEventLogSvc-RPCSS-In-TCP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RVM-VDSLDR-In-TCP-NoScope] => (Block) C:\Windows\system32\vdsldr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteEventLogSvc-In-TCP-NoScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RVM-VDS-In-TCP-NoScope] => (Block) C:\Windows\system32\vds.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) C:\Windows\system32\msra.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Block) C:\Windows\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-UDP-NoScope] => (Block) C:\Windows\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Block) C:\Windows\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Block) C:\Windows\system32\RdpSa.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-SSDP-Discovery-PlayToScope] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Block) C:\Windows\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Block) C:\Windows\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteDesktop-UserMode-In-TCP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteDesktop-UserMode-In-UDP] => (Block) C:\Windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Block) C:\Windows\system32\mdeserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{9F750383-3874-4B5F-8D88-B2F7D219911D}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{3FEC38F5-3085-49DE-9E3C-69DC2641C602}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{29F1E7DD-BDC5-4C78-9260-5EFD335BA9E4}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [UDP Query User{803E9794-976A-4698-A19D-30192E65173C}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [TCP Query User{2A7C5709-EDE4-4843-A144-B17D788062AC}C:\program files\qbittorrent\qbittorrent.exe] => (Block) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [UDP Query User{AF2511FF-9F86-4308-B913-C55AD22785CF}C:\program files\qbittorrent\qbittorrent.exe] => (Block) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{2DAFA4D4-4629-464C-9A02-64C5FBEE5E64}] => (Allow) C:\Program Files\windows_exporter\windows_exporter.exe (prometheus-community) [File not signed]
FirewallRules: [TCP Query User{26526269-5AD1-440B-929E-AB588A86C5FC}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{F8B993D4-5229-48DB-9C6E-4F3023CEBE55}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [OpenSSH-Server-In-TCP] => (Block) C:\Windows\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Block) C:\Windows\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D3AAA7CD-6E80-48A2-8960-ADCD43BD28B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5E47987B-CE71-4BA5-8F5A-F63DBCF96AD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D891441C-9372-4FFE-B698-02C2636DD39F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1FC13CCB-20C8-451F-81C8-2B77A5385681}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DB61C690-00CE-4FFA-B942-5DFFA18F1A43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7D801FFA-D45E-41CE-A962-5BB970BD93AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3EA45AEF-6886-46DA-A92F-0E38ACDC5D62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F68B78FC-C910-406C-BA31-2E8EB3C2F4FF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B591C818-A21F-4FCF-B528-4C9F6F192A5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{60278C67-B481-45B1-ADD6-50A600F4239D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{678DFB03-000E-4028-BAFF-DCD2E90EF3E6}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{13953E49-4995-4B47-BD8B-A55D31406526}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{98560323-B4F3-4ED6-AD38-A70BC7EE3182}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8695A2C-8C1E-4814-8B86-D9DC693F5A1B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{14CB962F-9EED-446F-9AF0-2EF1E84E6DCE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{080233FE-24AE-407F-958D-527F73E45766}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe => No File
FirewallRules: [{7E2B6E59-9F72-446C-A3EB-105DA5D94EE7}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe => No File
FirewallRules: [{9DC93EBF-34AB-48A9-9039-EC43BE639A2E}] => (Allow) C:\Program Files\Fing\Fing.exe (Lansweeper -> Fing Ltd)
FirewallRules: [{EF93802E-BB87-40BB-AA74-3198BC6596E1}] => (Allow) C:\Program Files\Fing\Fing.exe (Lansweeper -> Fing Ltd)
FirewallRules: [{73086276-21B9-4DFC-AFA3-B23E28067886}] => (Allow) C:\Program Files\Fing\Fing.exe (Lansweeper -> Fing Ltd)
FirewallRules: [{5A03C2B7-6333-4900-A019-617C30C21EE4}] => (Allow) C:\Program Files\Fing\Fing.exe (Lansweeper -> Fing Ltd)

==================== Restore Points =========================

06-04-2024 00:53:39 Installed DriversCloud.com

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/30/2024 04:01:41 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program VoiceAccess.exe version 10.0.22621.3235 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Error: (03/29/2024 01:18:12 PM) (Source: Application Error) (EventID: 1000) (User: FUSION360)
Description: Faulting application name: SystemSettings.exe, version: 10.0.22621.3235, time stamp: 0x3a143f4b
Faulting module name: CoreUIComponents.dll, version: 10.0.22621.2506, time stamp: 0xd2acef3f
Exception code: 0xc0000005
Fault offset: 0x00000000000b8381
Faulting process id: 0x0x1d9c
Faulting application start time: 0x0x1da81fd13abe944
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\system32\CoreUIComponents.dll
Report Id: 0ac524b7-4c93-4cc4-88b5-33449b4d01cd
Faulting package full name: windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (03/27/2024 09:04:34 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program Taskmgr.exe version 10.0.22621.3235 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Error: (03/25/2024 04:28:04 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program Fusion360.exe version 18477.2.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Error: (03/21/2024 06:58:48 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program Notepad.exe version 11.2401.26.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Error: (03/20/2024 11:45:38 PM) (Source: Application Error) (EventID: 1000) (User: FUSION360)
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.22621.1, time stamp: 0x004687c2
Faulting module name: twinapi.appcore.dll, version: 10.0.22621.3235, time stamp: 0xb6c4ed60
Exception code: 0xc000027b
Fault offset: 0x00000000000c9c03
Faulting process id: 0x0xbb7c
Faulting application start time: 0x0x1da7b423c470069
Faulting application path: C:\Windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 24c58ec9-4b42-40ff-a2b4-b119de0f27c1
Faulting package full name: Microsoft.YourPhone_1.24021.105.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (03/20/2024 11:45:38 PM) (Source: Application Error) (EventID: 1000) (User: FUSION360)
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.22621.1, time stamp: 0x004687c2
Faulting module name: twinapi.appcore.dll, version: 10.0.22621.3235, time stamp: 0xb6c4ed60
Exception code: 0xc000027b
Fault offset: 0x00000000000c9c03
Faulting process id: 0x0xa2dc
Faulting application start time: 0x0x1da7b423c66db6e
Faulting application path: C:\Windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 342cd1ea-777c-4f84-bedb-c1afff10bbd8
Faulting package full name: Microsoft.YourPhone_1.24021.105.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (03/20/2024 11:45:38 PM) (Source: Application Error) (EventID: 1000) (User: FUSION360)
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.22621.1, time stamp: 0x004687c2
Faulting module name: twinapi.appcore.dll, version: 10.0.22621.3235, time stamp: 0xb6c4ed60
Exception code: 0xc000027b
Fault offset: 0x00000000000c9c03
Faulting process id: 0x0xaa70
Faulting application start time: 0x0x1da7b423c5ba7af
Faulting application path: C:\Windows\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 2e565eb0-6f89-4d8e-88a6-78f9d4deb70f
Faulting package full name: Microsoft.YourPhone_1.24021.105.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

System errors:
=============
Error: (04/06/2024 12:53:50 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The DriversCloud Agent service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/05/2024 05:28:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Alps Electric - HIDClass - 4/6/2017 12:00:00 AM - 1.0.0.13.

Error: (04/04/2024 12:05:35 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents.

Error: (04/04/2024 12:05:28 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents.

Error: (04/04/2024 12:05:28 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (04/01/2024 06:43:26 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents.

Error: (04/01/2024 06:43:18 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents.

Error: (04/01/2024 06:43:18 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Windows Defender:
================
Date: 2024-04-06 09:33:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-29 15:03:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2024-03-28 03:40:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-27 04:18:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-03-26 06:38:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2024-04-01 18:31:51
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.407.800.0;1.407.800.0
Engine Version: 1.1.24020.9

Date: 2024-03-11 11:08:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.253.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2024-03-11 11:08:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.407.253.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===============
Date: 2024-02-14 02:54:15
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.

Date: 2024-02-05 20:06:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d0b39b11619fd0c4\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.35.0 01/29/2024
Motherboard: Dell Inc. 0DN786
Processor: Intel® Core™ i7-7820HQ CPU @ 2.90GHz
Percentage of memory in use: 46%
Total physical RAM: 32607.1 MB
Available physical RAM: 17598.97 MB
Total Virtual: 34655.1 MB
Available Virtual: 14450.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.17 GB) (Free:302.51 GB) (Model: SK hynix SC401 SATA 512GB) NTFS

\\?\Volume{af7be943-a110-48b1-a4c0-0ba24e7b2b6b}\ () (Fixed) (Total:0.66 GB) (Free:0.08 GB) NTFS
\\?\Volume{d8fd7d20-09df-4a5d-9dc2-0c8892cf5680}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 37B5D855)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files

Addition.txt 37.87KB 2 downloads
FRST.txt 45.01KB 2 downloads

Edited by Oh My!, 06 April 2024 - 05:46 PM.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,410 posts
OFFLINE

Gender:Male
Location:California
Local time:03:24 AM

Posted 06 April 2024 - 05:44 PM

Greetings and :welcome:

to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:

First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
It is important to not run any tools or take any steps other than those I will provide for you.
Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
Please copy and paste all logs into your post unless otherwise requested.
When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.

===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted. While I do that can you tell me if any of your files are encrypted preventing access, have strange file extensions, or you are receiving any ransomware pop ups?

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#3 trgreene08

Topic Starter

Members
2 posts
OFFLINE

Local time:06:24 AM

Posted 06 April 2024 - 08:43 PM

No ransomware pop ups. But some files are seemingly becoming corrupt and I'm getting errors when I try to access my virtual machines via virtual box. I am going to try to restart the pc and see if any of that is resolved and I will update within the next few minutes the results of that and more specifically what exact errors I'm getting

Edited by trgreene08, 06 April 2024 - 08:44 PM.

#4 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,410 posts
OFFLINE

Gender:Male
Location:California
Local time:03:24 AM

Posted 06 April 2024 - 09:41 PM

I'm ending for the evening and wanted to leave you with this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
File: C:\Windows\Temp\MUBSTemp\BCILauncher.EXE
C:\Windows\Temp\MUBSTemp
2024-04-06 01:04 - 2024-04-06 08:40 - 000000000 ____D C:\Users\Trgre\Desktop\riversCloud_Install
2024-04-06 00:53 - 2024-04-06 08:39 - 000000000 ____D C:\Program Files\Cybelsoft
2024-04-06 00:53 - 2024-04-06 00:53 - 020789760 _____ C:\Users\Trgre\Downloads\DriversCloudx64_12_0_21.msi
2024-04-06 00:53 - 2024-04-06 00:53 - 000000000 ____D C:\Users\Trgre\AppData\Local\driverscloud
HKLM\...\RunOnce: [!BCILauncher] => C:\Windows\Temp\MUBSTemp\BCILauncher.EXE [18464 2024-04-04] (Microsoft Corporation -> ) <==== ATTENTION 
HKU\S-1-5-21-4189167545-209535759-2186990464-1001\...\Run: [com.messenger] => "C:\Users\Trgre\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
FirewallRules: [{080233FE-24AE-407F-958D-527F73E45766}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe => No File 
FirewallRules: [{7E2B6E59-9F72-446C-A3EB-105DA5D94EE7}] => (Allow) C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe => No File 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.

===================================================

Farbar Recovery Scan Tool SearchAll

--------------------

Right click on FRST and select Run as administrator
Copy/paste the following in the Search: box

SearchAll: MTK;Cybelsoft;"DriversCloud"

Click Search Files button
When completed click OK and a Search.txt document will open on your desktop
Zip and upload the file here

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlist
Search.txt

Edited by Oh My!, 07 April 2024 - 09:05 AM.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#5 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,410 posts
OFFLINE

Gender:Male
Location:California
Local time:03:24 AM

Posted 11 April 2024 - 08:24 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.

Do you still need help with this?
If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

#6 Oh My!

Adware and Spyware and Malware

Malware Response Instructor
57,410 posts
OFFLINE

Gender:Male
Location:California
Local time:03:24 AM

Posted 14 April 2024 - 01:45 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Gary

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.
John 6:68-69

Back to Virus, Trojan, Spyware, and Malware Removal Help