Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Haphazard behaviour, sporadic, maybe malware, maybe not? [Solved]

Started by valleyboy , Feb 13 2023 02:12 PM

This topic is locked

#1
valleyboy

Posted 13 February 2023 - 02:12 PM

Member

Member
245 posts

Good evening.

The PC has started acting up over the last few months and got progressively worse. Initially, general speed got noticeably slower all of a sudden, particularly startup. I played along with this for a few months. Then, more recently (last few weeks), WiFi connection speed via my USB adaptor slowed right down to a consistent 8m/s download from a consistent 50m/s. Very old, cheap, wifi adaptor from China so I thought that was likely cause and binned it. Bought new adaptor, (modern one from high street seller, not cheap crap from China). It refused to work unless I manually set the wifi protocol to IEEExxx/n every time I start the PC. ***EDIT - I tried to cure this by installing Windows updates.*** Then, within a day, the PC failed to boot. Tried several of the recovery options in this order: auto repair, system restore, full reset. None successful but when returning to PC after reset it had started up and was displaying a message saying the reset was unsuccessful. Since then all seems to be working fine with the exception of slow startup. Just waiting for it to die again, would appreciate some assistance to give it a check over as it belongs to my teenage son so there may be all manner of nasties lurking so far undetected.

Help gratefully received, thank you! Logs below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-02-2023 01
Ran by maxxy (administrator) on DESKTOP-JSB8L0E (Gigabyte Technology Co., Ltd. B550M DS3H) (13-02-2023 19:56:19)
Running from C:\Users\maxxy\Desktop
Loaded Profiles: maxxy
Platform: Microsoft Windows 11 Home Version 22H2 22621.963 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe ->) (Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.CpuIdRemote64.exe
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.DisplayAdapter.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_422.33900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe <6>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <52>
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CorsairMsiPluginService.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_8.71.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_8.71.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\WINDOWS\System32\CorsairGamingAudioCfgService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\WINDOWS\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\WINDOWS\System32\RtkAudUService64.exe <2>
(services.exe ->) (Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(svchost.exe ->) (iolo technologies, LLC -> iolo technologies, LLC) [File not signed] C:\Program Files (x86)\Phoenix360\System Mechanic\ioloGovernor64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22102.229.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1090784 2020-07-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [CORSAIR iCUE 4 Software] => C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE Launcher.exe [182888 2021-11-12] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3071192 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\Run: [MicrosoftEdgeAutoLaunch_EA410C61FB31D73AFA3C71DD38F22C9A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188616 2023-01-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32613856 2022-04-29] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\Run: [Discord] => C:\Users\maxxy\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [7313360 2022-04-21] (Voicemod Sociedad Limitada -> Voicemod)
HKLM\...\Print\Monitors\EPSON Universal Print Driver 64MonitorBE: C:\Windows\system32\E_2LM0DE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
AppInit_DLLs: C:\PROGRA~1\VIRTUA~1\VIRTUA~4.DLL => C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Injector64.dll [134872 2022-12-03] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
AppInit_DLLs-x32: C:\PROGRA~1\VIRTUA~1\VIRTUA~3.DLL => C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Injector32.dll [114904 2022-11-30] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0418EB53-E754-4DDB-AF11-8778E3C6D314} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1009872 2021-11-02] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {19BFBE79-ADBF-4B24-B0BF-6C2E7393A663} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {202FAAA2-A05F-4EEA-8C68-1B643FE31001} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647376 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {33942BC2-782A-4FE3-B955-8643255A0AE0} - System32\Tasks\ioloSystemShield => C:\Program Files (x86)\Phoenix360\System Mechanic\ioloSSTray.exe [344304 2017-12-08] (iolo technologies, LLC -> iolo technologies, LLC)
Task: {441F6C7F-8BAB-44C7-A14A-6C53C7CDE757} - System32\Tasks\ActiveMessenger-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\ActiveMessenger.exe [323328 2017-12-07] (iolo technologies, LLC -> iolo technologies, LLC)
Task: {4608EE82-2324-4B9F-B280-4CAECD489D08} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\Phoenix360\System Mechanic\iologovernor64.exe [713648 2017-12-07] (iolo technologies, LLC -> iolo technologies, LLC) [File not signed]
Task: {47CCF1DC-86EC-4F7E-B333-ECA12ECB9E05} - System32\Tasks\ioloAVDefsDownloader => C:\Program Files (x86)\Phoenix360\System Mechanic\SSDefs.exe [134888 2017-12-08] (iolo technologies, LLC -> iolo technologies, LLC)
Task: {5C93D029-D6DD-4A3B-A3D8-E1A45CCE348A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5D6F7FD4-CF08-481C-8327-94DE8C184853} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {87FACB63-E6D8-4842-9D68-C183027AD9F3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {93DB6238-2CE7-44C1-BB42-8AF9C66F7A75} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {95CB09EA-1ADC-4A59-AB41-BBEB7ABA4C51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {96B3D3BF-F4AD-4E73-871C-1E1858C5105B} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1537960 2020-10-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9C59FF48-5D64-410E-B834-911D96546B6E} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\Phoenix360\System Mechanic\systemmechanic.exe [414968 2017-12-08] (iolo technologies, LLC -> iolo technologies, LLC)
Task: {B0815A57-15C1-47BD-9760-679B30CB5076} - System32\Tasks\ActiveSync-SystemMechanic => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [194800 2017-12-07] (iolo technologies, LLC -> iolo technologies, LLC)
Task: {B0C596CC-ABE3-4972-909F-5A466C1EC69C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BA34769F-FB6D-458D-9A38-028113600E69} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
Task: {BBFA1805-340F-4F5F-BD50-75540A53D069} - System32\Tasks\ioloTUDsDownloader => C:\Program Files (x86)\Common Files\Phoenix360\ActiveCore\activesync.exe [194800 2017-12-07] (iolo technologies, LLC -> iolo technologies, LLC)
Task: {BDA47919-4A96-4370-B35B-C6C257713B10} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C03A0CA9-61E4-447F-BB1D-E6E19E9BAB96} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D7450E21-60F9-4049-BEDD-F844E64E9DCA} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {E7F32B52-A864-4614-BE72-56AECBE24658} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBD8D12C-7D6F-4410-900E-C9B361FD2B1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ED342AD8-BAF0-4B18-A8E7-03A88E6D4508} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339472 2022-02-03] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FE0C3551-D3FE-422A-8031-89B2FBEA8EED} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1acad439-652f-45f3-a3ff-e410298e2d98}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1eb97fbb-e8b2-4061-b146-11cd0c7910fa}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{595ff362-39cb-43c0-98e0-46e620079cc4}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{a2afe84f-84f3-4927-9eee-da24f6ce7302}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{a2afe84f-84f3-4927-9eee-da24f6ce7302}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c646682c-8898-42ab-812b-3452646595dc}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\maxxy\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-13]
Edge Notifications: Default -> hxxps://calendar.google.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://www.duolingo.com
Edge HomePage: Default -> hxxp://www.google.co.uk/
Edge StartupUrls: Default -> "hxxps://www.google.co.uk/"
Edge Extension: (Google Docs Offline) - C:\Users\maxxy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-12-25] (BattlEye Innovations e.K. -> )
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2021-10-22] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe [231528 2021-11-12] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairMsiPluginService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CorsairMsiPluginService.exe [205928 2021-11-12] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe [81512 2021-11-12] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-03-04] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-10-01] (Epic Games Inc. -> Epic Games, Inc.)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-10-16] (Microsoft Windows -> Microsoft Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-10-16] (Microsoft Windows -> Microsoft Corporation)
S3 Updater; C:\Program Files\Virtual Desktop Streamer\Updater.exe [1163480 2022-12-19] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10420944 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
S2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [10657496 2022-12-16] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [129696 2022-04-29] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137552 2022-12-04] (Microsoft Windows -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-10-16] (Microsoft Windows -> Microsoft Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-10-09] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-10-09] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2021-10-22] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccessC2D033F14715AA7325305EA42FBFC65BF867CC1D; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CorsairLLAccess64.sys [21752 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [46600 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22536 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz152; C:\WINDOWS\temp\cpuz152\cpuz152_x64.sys [35840 2023-02-12] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-12-15] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R3 vdvad_WaveExtensible; C:\WINDOWS\System32\drivers\vdvad.sys [44936 2022-05-02] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
R3 vdvge; C:\WINDOWS\System32\drivers\vdvge.sys [77864 2022-05-02] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8736232 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [48136 2022-03-08] (Voicemod Sociedad Limitada -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2022-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473376 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-13 19:56 - 2023-02-13 19:57 - 000022449 _____ C:\Users\maxxy\Desktop\FRST.txt
2023-02-13 19:56 - 2023-02-13 19:56 - 000000000 ____D C:\Users\maxxy\Desktop\FRST-OlderVersion
2023-02-13 19:55 - 2023-02-13 19:56 - 002378240 _____ (Farbar) C:\Users\maxxy\Desktop\FRST64.exe
2023-02-13 19:55 - 2023-02-13 19:56 - 000000000 ____D C:\FRST
2023-02-13 19:53 - 2023-02-13 19:54 - 000000000 ____D C:\Users\maxxy\Desktop\PC Maintenance Tools - Do Not Delete
2023-02-13 19:42 - 2023-02-13 19:43 - 008995336 _____ (Piriform Software Ltd) C:\Users\maxxy\Downloads\spsetup132 (1).exe
2023-02-12 20:55 - 2023-02-12 21:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-12 20:16 - 2022-10-14 17:40 - 000001491 _____ C:\Users\Public\Desktop\Riot Client.lnk
2023-02-12 20:16 - 2022-09-23 18:45 - 000001627 _____ C:\Users\Public\Desktop\VALORANT.lnk
2023-02-12 19:49 - 2023-02-12 21:01 - 000000000 ____D C:\$Windows.~BT
2023-02-12 19:49 - 2023-02-12 20:36 - 000000000 ___HD C:\$SysReset
2023-02-12 14:08 - 2023-02-12 14:08 - 000000000 ___HD C:\$WinREAgent
2023-02-11 14:36 - 2023-02-11 14:36 - 001726298 _____ C:\Users\maxxy\Desktop\dofe-self-teach-workbook-1 (2).pdf
2023-02-11 13:58 - 2023-02-11 13:58 - 001705187 _____ C:\Users\maxxy\Downloads\dofe-self-teach-workbook-1 (1).pdf
2023-02-11 13:38 - 2023-02-11 13:38 - 001698940 _____ C:\Users\maxxy\Downloads\dofe-self-teach-workbook-1.pdf
2023-02-11 13:36 - 2023-02-11 13:37 - 000000000 ____D C:\Users\maxxy\AppData\LocalLow\Adobe
2023-02-11 13:36 - 2023-02-11 13:36 - 000000000 ____D C:\Users\maxxy\AppData\Roaming\com.adobe.dunamis
2023-02-11 13:36 - 2023-02-11 13:36 - 000000000 ____D C:\Users\maxxy\AppData\Local\SolidDocuments
2023-02-11 13:36 - 2023-02-11 13:36 - 000000000 ____D C:\Users\maxxy\.ms-ad
2023-02-11 13:30 - 2023-02-11 13:30 - 000000000 ____D C:\Program Files\Adobe
2023-02-11 13:27 - 2023-02-11 13:37 - 000000000 ____D C:\ProgramData\Adobe
2023-02-11 13:27 - 2023-02-11 13:30 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-02-11 13:25 - 2023-02-11 13:37 - 000000000 ____D C:\Users\maxxy\AppData\Local\Adobe
2023-02-11 09:38 - 2023-02-12 10:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2023-02-11 09:36 - 2023-02-12 10:18 - 000000000 ____D C:\Users\maxxy\AppData\Local\TP-Link
2023-02-11 09:36 - 2023-02-11 09:36 - 000000000 ____D C:\ProgramData\TP-Link
2023-02-11 09:35 - 2023-02-11 09:35 - 047560044 _____ C:\Users\maxxy\Downloads\Archer T3U(EUUS)_V1_180724_Win.zip
2023-02-10 20:23 - 2023-02-12 10:19 - 000000000 ____D C:\Users\maxxy\AppData\Local\MicroApp
2023-02-10 20:23 - 2023-02-12 10:18 - 000000000 ____D C:\Users\maxxy\AppData\Local\ServiceApp
2023-02-10 20:23 - 2023-02-10 20:23 - 000000000 ____D C:\Program Files\Edge Extension
2023-02-10 19:04 - 2023-02-10 19:04 - 000000016 _____ C:\Users\maxxy\Desktop\pword.txt
2023-01-15 17:43 - 2023-02-12 10:19 - 000000000 ____D C:\Users\maxxy\AppData\Local\Home2
2023-01-15 17:43 - 2023-01-15 18:11 - 000000000 ____D C:\Users\maxxy\Documents\Dash
2023-01-15 17:43 - 2023-01-15 17:43 - 000000000 ____D C:\Users\maxxy\AppData\LocalLow\Oculus
2023-01-15 17:35 - 2023-02-11 14:43 - 000000000 ____D C:\Users\maxxy\AppData\Roaming\OculusClient
2023-01-15 17:35 - 2023-02-05 17:39 - 000000000 ____D C:\Users\maxxy\AppData\Roaming\Oculus
2023-01-15 17:35 - 2023-01-15 17:37 - 000000000 ____D C:\ProgramData\Oculus
2023-01-15 17:26 - 2023-02-12 10:19 - 000000000 ____D C:\Program Files\Oculus
2023-01-15 17:26 - 2023-01-15 17:26 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2023-01-15 16:44 - 2023-02-11 14:49 - 000000000 ____D C:\Users\maxxy\AppData\Local\Oculus

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-13 19:49 - 2022-05-07 05:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-13 19:49 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-13 19:49 - 2022-05-07 05:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-13 19:43 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-13 19:43 - 2021-12-30 16:46 - 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk
2023-02-13 19:42 - 2022-05-07 05:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-13 19:33 - 2021-12-26 06:08 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-13 19:33 - 2021-12-26 06:08 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-13 19:29 - 2021-12-25 22:08 - 000000000 ____D C:\ProgramData\NVIDIA
2023-02-13 19:25 - 2022-10-09 18:46 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-13 19:25 - 2022-10-09 18:46 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-13 19:25 - 2022-01-03 19:27 - 000000000 ____D C:\Users\maxxy\AppData\Local\CrashDumps
2023-02-12 21:04 - 2021-12-25 22:09 - 000000000 ____D C:\Users\maxxy\AppData\Local\D3DSCache
2023-02-12 20:57 - 2022-10-09 18:44 - 000013338 _____ C:\WINDOWS\diagwrn.xml
2023-02-12 20:57 - 2022-10-09 18:44 - 000013338 _____ C:\WINDOWS\diagerr.xml
2023-02-12 20:56 - 2022-10-09 18:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-12 20:55 - 2021-12-26 06:06 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-12 20:53 - 2022-10-09 12:54 - 000000000 ___DC C:\WINDOWS\Panther
2023-02-12 20:44 - 2022-09-23 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2023-02-12 20:44 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-02-12 20:44 - 2021-12-30 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2023-02-12 20:44 - 2021-12-30 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-02-12 20:44 - 2021-12-25 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-02-12 19:51 - 2022-06-19 12:34 - 000000000 __SHD C:\found.000
2023-02-12 15:16 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-12 15:16 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-12 15:16 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-12 14:18 - 2022-05-07 05:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-02-12 14:15 - 2022-05-07 05:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-12 14:02 - 2021-12-26 01:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-02-12 13:58 - 2021-12-26 01:08 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-02-12 13:47 - 2022-10-09 14:21 - 000000000 ____D C:\Users\maxxy
2023-02-12 10:22 - 2021-12-26 11:03 - 000000000 ____D C:\Users\maxxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-02-12 10:21 - 2022-05-07 10:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-02-12 10:21 - 2022-05-07 10:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-02-12 10:21 - 2022-05-07 10:17 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___SD C:\WINDOWS\system32\lxss
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\downlevel
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\Com
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\IME
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\DiagTrack
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2023-02-12 10:21 - 2022-05-07 05:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-02-12 10:21 - 2022-05-07 05:17 - 000000000 ____D C:\WINDOWS\servicing
2023-02-12 10:20 - 2022-08-05 20:21 - 000000000 ____D C:\Users\maxxy\AppData\Roaming\Krnl
2023-02-12 10:20 - 2022-05-07 05:25 - 000000000 ____D C:\WINDOWS\system32\Pbr
2023-02-12 10:20 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\Containers
2023-02-12 10:20 - 2021-12-26 11:03 - 000000000 ____D C:\Users\maxxy\AppData\Local\Roblox
2023-02-12 10:19 - 2021-12-26 01:13 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-02-12 10:19 - 2021-12-25 22:42 - 000000000 ____D C:\ProgramData\Package Cache
2023-02-12 10:19 - 2021-12-25 22:18 - 000000000 ____D C:\Program Files (x86)\Steam
2023-02-12 10:02 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\registration
2023-02-12 09:58 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-02-12 09:53 - 2022-10-09 14:16 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-02-12 09:53 - 2022-05-07 05:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-11 14:11 - 2021-12-25 22:09 - 000000000 ____D C:\Users\maxxy\AppData\Local\Packages
2023-02-11 14:11 - 2021-12-25 22:09 - 000000000 ____D C:\ProgramData\Packages
2023-02-11 13:36 - 2021-12-25 22:09 - 000000000 ____D C:\Users\maxxy\AppData\Roaming\Adobe
2023-02-11 13:25 - 2023-01-01 18:53 - 000000000 ____D C:\ProgramData\Virtual Desktop
2023-02-11 09:37 - 2021-12-30 17:54 - 000000000 ____D C:\temp

==================== Files in the root of some directories ========

2022-01-15 12:47 - 2022-11-06 19:49 - 000000396 _____ () C:\Users\maxxy\AppData\Roaming\jjv5conf.json
2022-03-18 18:02 - 2022-03-18 18:03 - 000000265 _____ () C:\Users\maxxy\AppData\Roaming\MelonLoader.Installer.cfg
2022-10-21 18:45 - 2022-10-21 18:45 - 000007626 _____ () C:\Users\maxxy\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2023 01
Ran by maxxy (13-02-2023 19:58:05)
Running from C:\Users\maxxy\Desktop
Microsoft Windows 11 Home Version 22H2 22621.963 (X64) (2022-10-09 18:46:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-589984618-1337359365-324211944-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-589984618-1337359365-324211944-503 - Limited - Disabled)
Guest (S-1-5-21-589984618-1337359365-324211944-501 - Limited - Disabled)
maxxy (S-1-5-21-589984618-1337359365-324211944-1001 - Administrator - Enabled) => C:\Users\maxxy
WDAGUtilityAccount (S-1-5-21-589984618-1337359365-324211944-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\uTorrent) (Version: 3.6.0.46590 - BitTorrent Inc.)
AutoHotkey 1.1.34.04 (HKLM\...\AutoHotkey) (Version: 1.1.34.04 - Lexikos)
blender (HKLM\...\{8E411BEA-E05E-4E73-B9D3-A89A3084D67D}) (Version: 3.0.0 - Blender Foundation)
CORSAIR iCUE 4 Software (HKLM\...\{97E0262E-4B0A-4DD1-B432-8BE71A8BDC0A}) (Version: 4.18.209 - Corsair)
Discord (HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Documentation Manager (HKLM\...\{EC7D2299-EAEC-498A-947B-ADC4495AA6D6}) (Version: 22.20.0.6 - Intel Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
EPSON Universal Print Driver Printer Uninstall (HKLM\...\EPSON Universal Print Driver) (Version: - SEIKO EPSON Corporation)
Intel® Software Installer (HKLM-x32\...\{76cc8e2a-8308-43d3-a3c3-423d2a1ca435}) (Version: 22.20.0.6 - Intel Corporation) Hidden
JJSploit 6.4.0 (HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\b1e3a7e5-766b-5910-bd89-4bbe7200c627) (Version: 6.4.0 - )
JJS-UI 6.4.12 (HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\08d3cffc-d9a7-55a8-82d8-201f042a4e89) (Version: 6.4.12 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.173 - MediatekWiFi)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.41 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{6BBE9278-659F-FA16-E4B8-C2D60DE0DCC7}) (Version: 10.1.22621.1863 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\OneDriveSetup.exe) (Version: 22.227.1030.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.55 - Nmap Project)
NVIDIA FrameView SDK 1.2.7321.30900954 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7321.30900954 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 497.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 497.29 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.94 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA Quadro View 200.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 200.93 - NVIDIA Corporation)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Roblox Player for maxxy (HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for maxxy (HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\roblox-studio) (Version: - Roblox Corporation)
Save Wizard for PS4 MAX (HKLM-x32\...\{D0DDCFB5-446F-423A-8C72-6CFE537AF959}) (Version: 1.1.0.0 - DataPower)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Mechanic (HKLM-x32\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 17.5.0.116 - iolo technologies, LLC)
VALORANT (HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
Virtual Desktop Service (HKLM\...\{12B28B16-C77A-4D19-A5E2-B3648C6EE134}) (Version: 1.18.31 - Virtual Desktop, Inc.)
Virtual Desktop Streamer (HKLM\...\{C441ED60-E5A5-4A9D-BC8B-3D7769C0B937}) (Version: 1.25.10 - Virtual Desktop, Inc.)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.30.1.0 - Voicemod S.L.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{BCA59500-933F-4608-A295-104635925BE0}) (Version: 3.5.2204.04001 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Wireshark 3.6.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.3 - The Wireshark developer community, hxxps://www.wireshark.org)

Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-02-12] (Microsoft Corp.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.44.2.0_x64__6rarf9sa4v8jt [2023-02-12] (Disney)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa [2023-02-12] (Apple Inc.) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.37.0_x64__8wekyb3d8bbwe [2023-02-12] (Microsoft Corp.)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2022-08-26] (Microsoft Studios)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe [2023-02-12] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.32791.0_x64__8wekyb3d8bbwe [2023-02-12] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2023-02-12] (Microsoft Corporation)
ms-resource:ProductPkgDisplayName -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-02-12] (ms-resource:ProductPublisherDisplayName)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2023-02-12] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2023-02-12] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-02-12] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0 [2023-02-12] (Spotify AB) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2022-06-17] (0)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-589984618-1337359365-324211944-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-589984618-1337359365-324211944-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada -> Voicemod)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2017-12-08] (iolo technologies, LLC -> iolo technologies, LLC)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\Phoenix360\System Mechanic\Incinerator.dll [2017-12-08] (iolo technologies, LLC -> iolo technologies, LLC)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_0bc9105c62ca22fb\nvshext.dll [2021-12-15] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [NvQuadroView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2020-10-05] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-10-11 16:41 - 2021-10-11 16:41 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files\Corsair\CORSAIR iCUE 4 Software\SiUSBXp.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10470]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 09:14 - 2019-12-07 09:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-589984618-1337359365-324211944-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\maxxy\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
WiFi 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "CORSAIR iCUE 4 Software"
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_EA410C61FB31D73AFA3C71DD38F22C9A"
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-589984618-1337359365-324211944-1001\...\StartupApproved\Run: => "Voicemod"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4A178632-653C-4EB5-AB49-74ECAB874E26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A025DCD7-791B-4FF2-90F0-53B5639ECDFB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E93CBCFF-D0FA-487D-BFEF-BE1B46356A83}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D709A2A2-4AF0-4396-B450-FD03933435ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F34DBE26-9B81-42CD-99A7-39802E28C6FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{81A71A95-1CFA-4895-A0FE-8F5E36D33606}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{5715D549-E0C7-481C-925C-49A9B3120F81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6BDEF31A-12B9-4096-88F4-24CDF6B7D057}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [UDP Query User{FE8B4F8C-B683-4ABA-A75A-2552B81E9C07}C:\users\maxxy\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\maxxy\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{F93E33E5-45D6-4358-8B7D-42F377F28FC9}C:\users\maxxy\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\maxxy\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{619749B8-82D5-45B4-AFF2-6CA753C17024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed]
FirewallRules: [{A2A54FBE-CE43-4FA4-9713-CB5D78000A89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\launch.exe () [File not signed]
FirewallRules: [{F1D5DA29-2ED8-49D4-8EF1-25FB253D7B2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{A6AE7A4E-8BC0-426A-A488-348378E9F30B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{0FFCF6DF-D27C-4240-8ADC-2E4AD256ADD8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{185FDA5A-E0B4-43B9-B8F4-387B84BC475A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4653FA05-A4C0-4AC5-97E7-CEA98629172A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BAAC3112-3C6F-4665-AB26-98628F07F89D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{735A2AB9-8707-480D-AD24-7AAD6278D3A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Muck\Muck.exe () [File not signed]
FirewallRules: [{5DCF850E-59BC-4A4F-A0FD-708861458E3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Muck\Muck.exe () [File not signed]
FirewallRules: [{CDB5AF47-C937-47F7-BD96-1F2F86787094}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9A0E102F-D554-469C-8FF5-DA6C9A50CFB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{DF8F7084-AE2A-4F57-9F76-04591DD2DEFB}] => (Allow) D:\Driver Tool\DriverTalent.exe => No File
FirewallRules: [{139E3148-8778-4673-8159-96CF633676CE}] => (Allow) D:\Driver Tool\DTLService.exe => No File
FirewallRules: [{CCF3E7C8-3BB8-4ABB-A4AD-4457A8EDAAD6}] => (Allow) D:\Driver Tool\download\MiniThunderPlatform.exe => No File
FirewallRules: [{57F76B62-75A4-4A0D-A58E-9AED332D9CF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{189C20B9-0A93-45C3-9763-4EEADDA7CCB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{3A380407-4752-4D5A-A4A6-BC9789422866}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [{FA9B54B7-7F91-45FB-A579-85604C313E48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [{57A82355-B769-4024-B766-B4B5180E0BC7}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada -> Voicemod)
FirewallRules: [{45319983-04B2-459C-87C5-A9481E7B9EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\People Playground\People Playground.exe () [File not signed]
FirewallRules: [{201E8315-E9E9-4970-AE56-31EB32884F46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\People Playground\People Playground.exe () [File not signed]
FirewallRules: [{A1D450B4-1F19-4F04-83B3-9DD1E17329E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{80BEDA79-42FD-408C-BA7D-D984ECD92006}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{640B0180-444E-48BC-B734-2BB0E3C88587}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{18A87070-7AE0-4BB3-96B1-BB8C91289654}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D7173273-5CA8-4E00-871A-3D3C3FB2EDE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (Epic Games, Inc) [File not signed]
FirewallRules: [{CE3C9902-8AEF-4E2C-96FD-E392D1D09C8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RecRoom\Recroom_Release.exe (Epic Games, Inc) [File not signed]
FirewallRules: [{7F8CA51F-5289-4FFF-9B80-26503204B633}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada -> Voicemod)
FirewallRules: [{15C875D1-6145-4520-9348-F201E5EC8E5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{B267731D-1ED8-4BCB-8727-5566106DE5C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VRChat\VRChat.exe () [File not signed]
FirewallRules: [{F3CF7546-9099-4FA0-86C5-0F625418AD7C}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada -> Voicemod)
FirewallRules: [{4BCA4DDE-57FA-49C4-A039-5B7C73867321}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{2A8C3C15-E282-4358-B0F1-10501F039472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{2BBA5860-F31B-4299-85E5-014E540A8B3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{7C5B0CE6-635B-475E-A4DA-ADCF2E9E610B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{B3A616D8-809C-4FE1-9069-3D6EF9B91E5A}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada -> Voicemod)
FirewallRules: [{7EA67384-F17B-4BD1-9091-D8317EA4FB91}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada -> Voicemod)
FirewallRules: [TCP Query User{FB617EEB-BA27-4B8B-AE33-C5E804A974D6}C:\program files\windowsapps\spotifyab.spotifymusic_1.195.893.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.195.893.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{6748B19D-4663-47BC-B54B-992FEEC400B7}C:\program files\windowsapps\spotifyab.spotifymusic_1.195.893.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.195.893.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [{8CE7CE0E-1DB3-40CF-93E4-D76AD8A5367D}] => (Allow) C:\Users\maxxy\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{0FFD7AD6-8539-4EDE-9B39-CAD48F5230A2}] => (Allow) C:\Users\maxxy\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{EF765D15-9E03-400F-9E86-A300741DB970}] => (Allow) C:\Users\maxxy\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{425084C0-1556-443D-9BDE-71D628459DD7}] => (Allow) C:\Users\maxxy\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{FC609945-DD61-4A6E-A3B6-3687B3FFD640}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{03255B51-C0BF-4095-86BE-0DE909C5DCDB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3E169E8E-B169-4245-B22B-FCA77FC13E8D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C9CF022F-B874-4616-A5B0-D5F645AF600B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{21CA6C23-6F0E-4C20-8D01-B49E9A7D4AE1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{23BF4BBD-F57F-4C52-840F-BCF5B5AD760F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3485973B-39E5-420F-B723-002E67EF200E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E4B86C02-D689-478A-9955-C29B477BD24D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{500B487C-EE1A-4221-AA79-D51F4D4E72CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E5EC5190-0796-4D37-A1E1-54633E16BB26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BB72BC75-4825-4CD9-AE84-E78FBBFA74CD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{735BFFEE-0B65-45E7-A473-7C668BBC51A1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3204.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8E8C60DE-D81B-4B65-AE48-C92559B20BF1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1F8C7F4-C4F1-4981-9890-0FEEAE0D6FD8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{44A8485C-21C1-411F-B447-2023D9F1EAC4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2E5DB4DF-C7FF-4224-A718-96E1005E7645}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E372E386-21C9-4DA9-A7A9-879E9682E421}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4D2646CC-4480-4448-9536-7AF58C51E887}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8EAC4928-DCCF-4131-B6D8-94891C053797}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{98EB3D6F-FC1F-4FB9-B52B-C29A90E2C480}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F5793512-BEAD-4E78-9DCE-E238528179A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{B761E187-DAB0-4B15-B6BD-D5ED8BAA3C9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{7376A7C9-9C46-482E-A0A2-D6B5526297E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{EA74BF1A-E619-4435-A1FE-E718318F8A65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{c0ef4d58-c5fa-4d06-8df0-bc83d3c87d7b}] => (Allow) C:\Program Files\Virtual Desktop Streamer\VirtualDesktop.Streamer.exe (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
FirewallRules: [{3180C962-66FF-4F94-985F-C1274566489E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{330BED93-E5F4-4B3F-9113-68FD757AE85E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{21A62B2B-1FA7-4407-B1EA-405A5F23696A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{E303E827-BB81-458E-9F8E-36E7F9F45240}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve -> )
FirewallRules: [{1BF0468F-A69F-491E-8040-2ED04F54C208}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{4B3693A3-9CAA-4BCF-B0C0-E62847EF29BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve -> )
FirewallRules: [{ED8E3082-B323-41C8-9D96-B8A6DC469C62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gorilla Tag\Gorilla Tag.exe () [File not signed]
FirewallRules: [{B79E2ABE-A3A0-421A-9B82-3EFC379FFB0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gorilla Tag\Gorilla Tag.exe () [File not signed]
FirewallRules: [{9BF86E5F-4BBD-4718-9F22-8775837E1C71}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B02E3FE-EBF1-4080-9B92-3047ABA5A4E7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE374781-900D-4255-B96D-D08DBFE4D69E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

15-01-2023 11:48:19 Windows Modules Installer
12-02-2023 10:52:17 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Virtual Desktop Monitor
Description: Virtual Desktop Monitor
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Virtual Desktop, Inc.
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Voicemod Virtual Audio Device (WDM)
Description: Voicemod Virtual Audio Device (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Voicemod S.L.
Service: VOICEMOD_Driver
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: ========================

Application errors:
==================
Error: (02/13/2023 07:25:09 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-JSB8L0E)
Description: Faulting application name: ioloSSTray.exe, version: 17.5.0.116, time stamp: 0x5a2a4485
Faulting module name: KERNELBASE.dll, version: 10.0.22621.963, time stamp: 0x766ca8ae
Exception code: 0xe0434352
Fault offset: 0x00000000000906bc
Faulting process ID: 0x0x2608
Faulting application start time: 0x0x1d93fe0abebcf46
Faulting application path: C:\Program Files (x86)\Phoenix360\System Mechanic\ioloSSTray.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: eedc8263-b50b-4c14-a278-5ab3811e7135
Faulting package full name:
Faulting package-relative application ID:

Error: (02/13/2023 07:25:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ioloSSTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at iolo.Controller.EntitlementController.get_IsServiceExpired()
at iolo.SSTray.SSTrayApp..ctor()
at iolo.SSTray.Program.Main()

Error: (02/12/2023 09:02:12 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-JSB8L0E)
Description: Faulting application name: ioloSSTray.exe, version: 17.5.0.116, time stamp: 0x5a2a4485
Faulting module name: KERNELBASE.dll, version: 10.0.22621.963, time stamp: 0x766ca8ae
Exception code: 0xe0434352
Fault offset: 0x00000000000906bc
Faulting process ID: 0x0xd58
Faulting application start time: 0x0x1d93f2526238f34
Faulting application path: C:\Program Files (x86)\Phoenix360\System Mechanic\ioloSSTray.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: f71be1f3-550f-4775-8063-6105496fa2e7
Faulting package full name:
Faulting package-relative application ID:

Error: (02/12/2023 09:02:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ioloSSTray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at iolo.Controller.EntitlementController.get_IsServiceExpired()
at iolo.SSTray.SSTrayApp..ctor()
at iolo.SSTray.Program.Main()

Error: (02/12/2023 09:01:35 PM) (Source: System Restore) (EventID: 8204) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Scheduled Checkpoint).

Error: (02/12/2023 08:57:15 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-JSB8L0E$ via https://AMD-KeyId-90...plates/Aik/scepfailed:

GetCACaps

Method: GET(0ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/12/2023 08:57:14 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-90...plates/Aik/scepfailed:

GetCACaps

Method: GET(1031ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

System errors:
=============
Error: (02/13/2023 07:29:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JSB8L0E)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (02/12/2023 08:59:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: 2023-01 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5022303).

Error: (02/12/2023 08:56:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VirtualDesktop.Service.exe service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/12/2023 08:56:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the VirtualDesktop.Service.exe service to connect.

Error: (02/12/2023 08:55:49 PM) (Source: volmgr) (EventID: 162) (User: )
Description: Dump file generation succeded.

Error: (02/12/2023 08:55:44 PM) (Source: RtlWlanu) (EventID: 5003) (User: )
Description: TP-Link Wireless USB Adapter : Could not find a network adapter.

Error: (02/12/2023 08:55:26 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (02/12/2023 01:53:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JSB8L0E)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

CodeIntegrity:
===============
Date: 2023-02-12 20:55:48
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume2\WINDOWS\System32\drivers\vmdrv.sys that did not meet the Authenticode signing level requirements or violated code integrity policy (Policy ID:{d2bda982-ccf6-4344-ac5b-0b44427b6816}).

Date: 2023-02-12 20:55:48
Description:
The driver \Device\HarddiskVolume2\WINDOWS\System32\drivers\vmdrv.sys is blocked from loading as the driver has been revoked by Microsoft.

==================== Memory info ===========================

BIOS: American Megatrends International, LLC. F14e 10/14/2021
Motherboard: Gigabyte Technology Co., Ltd. B550M DS3H
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 37%
Total physical RAM: 16289.46 MB
Available physical RAM: 10174.38 MB
Total Virtual: 17313.46 MB
Available Virtual: 8998.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.21 GB) (Free:601.6 GB) (Model: ST1000DM010-2EP102) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.04 GB) (Model: ST1000DM010-2EP102) NTFS

\\?\Volume{bc608de8-b5c5-49c0-a6fd-f6f722dacc54}\ () (Fixed) (Total:0.65 GB) (Free:0.08 GB) NTFS
\\?\Volume{c552ccf1-b8be-11ec-8486-18c04da8b499}\ () (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
\\?\Volume{3a67c860-4f4a-07bf-1000-5763d3e2c1e4}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{c552ccf0-b8be-11ec-8486-18c04da8b499}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 06FE7201)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End of Addition.txt =======================

Edited by valleyboy, 13 February 2023 - 02:20 PM.

#2
valleyboy

Posted 13 February 2023 - 02:19 PM

Member

Topic Starter
Member
245 posts

Forgot to mention - There was another step prior to boot problems - Installed windows updates to try to cure issues.

#3
DR M

Posted 16 February 2023 - 01:46 AM

The Grecian Geek

Malware Removal
4,113 posts

Hello, valleyboy.

For some reason the symbol > is shown as > in the logs. To avoid any mistake, please run FRST once more, and attach the 2 logs instead of copy/paste them. To attach them, click More Reply Options, Browse to find the files and then Attach This File.

#4
valleyboy

Posted 17 February 2023 - 11:23 AM

Member

Topic Starter
Member
245 posts

Thank you....

Ok, files attached. Also, a small status update....

Upon running FRST64 again the PC immediately shut down and tried to restart. Got stuck on Boot screen again. After manual reset via power switch, now back up. Aslo, this website constantly stating that there has been too many redirects and failing to load this page, making it difficult to respond.

Kind regards

Attached Files

Addition.txt 42.6KB 111 downloads
FRST.txt 38.55KB 103 downloads

#5
DR M

Posted 17 February 2023 - 01:00 PM

The Grecian Geek

Malware Removal
4,113 posts

Hi, valleyboy.

Here we can check the computer for malware.

Here are some guidelines to have in mind during the cleaning procedure:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

===================================

Let's begin.

1. P2P program

You have μtorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

If you decide to keep it, DON'T use it during the cleaning procedure.
If you decide to uninstall it, uninstall it now.

2. System Mechanic by Iolo

This program is installed in the computer, but there are signs that it doesn't work properly. It is used basically for computer's optimization but it includes also an antivirus (Phoenix360), which, in your case, is not shown in the Security Center part of the logs. Have in mind that I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that with these programs, the potential is ever present to cause more problems than they claim to fix. Considering that you have an antivirus (Windows Defender is the embedded antivirus in Windows 10 and above), I wonder if you want to keep this program.

So... before we continue, I would like to know what is your decision regarding the above two programs. If you decide to uninstall them, both or one of them, I'll need fresh FRST logs.

#6
valleyboy

Posted 17 February 2023 - 01:56 PM

Member

Topic Starter
Member
245 posts

Hi. Thank you

I will be uninstalling the software as advised. However, the computer has just decided to update itself again. It's now restarted and stuck on the boot screen again.

I will have to try and get it to boot again and get back to you as soon as I can.

#7
DR M

Posted 17 February 2023 - 02:10 PM

The Grecian Geek

Malware Removal
4,113 posts

Can you take a photo and attach it for me to see what exactly is happening?

P.S. It's bedtime for me now (22:10), so I'll be back to you tomorrow.

#8
valleyboy

Posted 17 February 2023 - 02:40 PM

Member

Topic Starter
Member
245 posts

Ok sleep well!

I've attached a photo. Boot screen. Progress wheel never stops.

Long press power button to restart boot process and sometimes it actually boots.

Attached Thumbnails

Edited by valleyboy, 17 February 2023 - 02:43 PM.

#9
valleyboy

Posted 17 February 2023 - 02:50 PM

Member

Topic Starter
Member
245 posts

Eventually it does this after restarting via on/off switch several times......

Attached Thumbnails

Edited by valleyboy, 17 February 2023 - 02:51 PM.

#10
valleyboy

Posted 17 February 2023 - 04:16 PM

Member

Topic Starter
Member
245 posts

Right, after much messing around, I eventually managed to do a system restore from the blue recovery boot screen that eventually presented itself. Restore point is earlier today.

Upon startup, windows immediately began downloading/installing the updates that are preventing startup so I have paused them. Hopefully will be able to resolve problems in the meantime.

I've removed the software that you suggested for removal and uploaded new logs.

Thank you.

Attached Files

FRST.txt 37.86KB 79 downloads
Addition.txt 59.67KB 74 downloads

#11
DR M

Posted 18 February 2023 - 02:22 AM

The Grecian Geek

Malware Removal
4,113 posts

Hi, VB.

It seems to me that the system has issues, that's why there are repair attempts at startup.

FRST.txt is not complete.

Go here C:\FRST\Logs and find FRST.txt. Open it, scroll down and check for the line End of FRST.txt. If you see that line, then attach this file here for me to check. If you don't see that line, run FRST once more and attach the 2 logs again.

#12
valleyboy

Posted 18 February 2023 - 03:40 AM

Member

Topic Starter
Member
245 posts

Good morning

I have re-run the scan and attached new logs. I have also attached the resultant file that you mention in your last post. Thanks again.

Attached Files

Addition.txt 43.42KB 76 downloads
FRST.txt 38.03KB 77 downloads
FRST_18-02-2023 09.37.14.txt 38.03KB 73 downloads

#13
DR M

Posted 18 February 2023 - 05:29 AM

The Grecian Geek

Malware Removal
4,113 posts

Hi.

Please run the following fix with FRST, having in mind it will take some time. Even if it seems stuck, let it run until the end. It will restart automatically and hopefully it won't stay at the logo screen.

FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-589984618-1337359365-324211944-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
FirewallRules: [{4A178632-653C-4EB5-AB49-74ECAB874E26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{A025DCD7-791B-4FF2-90F0-53B5639ECDFB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E93CBCFF-D0FA-487D-BFEF-BE1B46356A83}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D709A2A2-4AF0-4396-B450-FD03933435ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{F34DBE26-9B81-42CD-99A7-39802E28C6FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{81A71A95-1CFA-4895-A0FE-8F5E36D33606}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{5715D549-E0C7-481C-925C-49A9B3120F81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6BDEF31A-12B9-4096-88F4-24CDF6B7D057}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.194.874.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{DF8F7084-AE2A-4F57-9F76-04591DD2DEFB}] => (Allow) D:\Driver Tool\DriverTalent.exe => No File
FirewallRules: [{139E3148-8778-4673-8159-96CF633676CE}] => (Allow) D:\Driver Tool\DTLService.exe => No File
FirewallRules: [{CCF3E7C8-3BB8-4ABB-A4AD-4457A8EDAAD6}] => (Allow) D:\Driver Tool\download\MiniThunderPlatform.exe => No File
FirewallRules: [TCP Query User{FB617EEB-BA27-4B8B-AE33-C5E804A974D6}C:\program files\windowsapps\spotifyab.spotifymusic_1.195.893.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.195.893.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{6748B19D-4663-47BC-B54B-992FEEC400B7}C:\program files\windowsapps\spotifyab.spotifymusic_1.195.893.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.195.893.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [{8CE7CE0E-1DB3-40CF-93E4-D76AD8A5367D}] => (Allow) C:\Users\maxxy\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{0FFD7AD6-8539-4EDE-9B39-CAD48F5230A2}] => (Allow) C:\Users\maxxy\AppData\Local\Temp\utorrent\utorrent.exe => No File
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Task: {19BFBE79-ADBF-4B24-B0BF-6C2E7393A663} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
Task: {5D6F7FD4-CF08-481C-8327-94DE8C184853} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {87FACB63-E6D8-4842-9D68-C183027AD9F3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (No File)
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt on your Desktop.
Post the log in your next reply.

#14
valleyboy

Posted 18 February 2023 - 06:26 AM

Member

Topic Starter
Member
245 posts

It started up ok after the fix. :yes:

I have attached the fix log.

Attached Files

Fixlog.txt 28.65KB 75 downloads

#15
DR M

Posted 18 February 2023 - 07:02 AM

The Grecian Geek

Malware Removal
4,113 posts

As you can see in the log:

Windows Resource Protection found corrupt files and successfully repaired them.

This is good!

To ensure that everything is clean:

1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

Double click AdwCleaner.exe to run it.
Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
Now click the Log Files tab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)

Download Malwarebytes and save it to your Desktop.
Once downloaded, close all programs and Windows on your computer.
Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
Follow the instructions to install the program.
When finished, double click the program's icon created on your Desktop.

Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:

Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.

Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
Find the report with the most recent date and double click on it.
Click on Export and then Copy to Clipboard.
Paste its content here, in your next reply.