Malware removal / windows security is not launching

Collapse
X
Collapse
 
  • Page of 5
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
  • taimrarchy
    PCHF Member
    • Jul 2023
    • 38
    #1

    Malware removal / windows security is not launching

    Yesterday, I downloaded software from a shady website which I have used before without any incident. However, this time I think I installed malware that acts like an admin and has disabled windows security. I can’t open the windows security app and every time the pc is started a blank CMD window opens which has never happened before. I can’t find anything to fix it, any help would be appreciated.???
    Tags: None
    • veeg
      PCHF Director
      • Jul 2016
      • 8982
      #2
      Hello

      If all possible i would disconnect the pc from the internet.. I will tag our expert..

      @Malnutrition

        Comment

        • Malnutrition
          PCHF Moderator
          • Jul 2016
          • 7045
          #3
          Please read this and post requested FRST logs for review.

          Forums - PC Help Forum
          https://pchelpforum.net/t/prework-please-read-before-posting.11235/post-11788
          PCHF Forums

            Comment

            • taimrarchy
              PCHF Member
              • Jul 2023
              • 38
              #4
              FRST.txt:

              Code:
              Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2023
Ran by tmmrcy (administrator) on LAPTOP-BQN0JE4L (HUAWEI BOD-WXX9) (06-07-2023 03:34:20)
Running from C:\Users\tzahi\Downloads\FRST64.exe
Loaded Profiles: tmmrcy
Platform: Microsoft Windows 11 Home Version 22H2 22621.1928 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files\Huawei\HMS Core\HMSCoreService.exe ->) (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HMS Core\HMSCoreContainer.exe
(C:\Program Files\Huawei\PCManager\MateBookService.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\HwMdcCenter.exe
(C:\Program Files\Huawei\PCManager\MateBookService.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\DFSSearchService.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MessageCenterUI.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\PerfWndMonHelper.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\PerfWndMonHelper_x86.exe
(C:\Program Files\Intel\Intel Arc Control\ArcControl.exe ->) (Intel Corporation → Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlAssist.exe <5>
(DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxEMN.exe
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(HWVEAudioService.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\WINDOWS\System32\HWVEAudioSession.exe
(Intel Corporation → ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation → Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControl.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (A-Volute SAS → Nahimic) C:\WINDOWS\System32\NahimicService.exe
(services.exe ->) (Electronic Arts, Inc. → Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (FOXIT SOFTWARE INC. → Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\BasicService\BasicService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MateBookService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\WINDOWS\System32\HWVEAudioService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\WINDOWS\System32\RPC\OSD\osdservice.exe
(services.exe ->) (Huawei Technologies Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\Hiview\HiviewService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HMS Core\HMSCoreService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\wucs\WUCSProxyService.exe
(services.exe ->) (Intel Corporation → ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation → ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3b3ce26993cf233b\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\piecomponent.inf_amd64_0570478011758f12\Intel_PIE_Service.exe
(services.exe ->) (Intel Corporation → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher → Fortemedia) C:\WINDOWS\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher → Goodix) C:\WINDOWS\System32\drivers\SessionService.exe
(services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4b6fe1c4e6f1d68a\RtkAudUService64.exe <3>
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 → Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 → ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.17.0_x64__w2gh52qy24etm\Nahimic3.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 → ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2324.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (A-Volute SAS → Nahimic) C:\WINDOWS\System32\NahimicSvc64.exe
(svchost.exe ->) (A-Volute SAS → Nahimic) C:\WINDOWS\SysWOW64\NahimicSvc32.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 → Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows → ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.1916_none_e90f859443098e59\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4b6fe1c4e6f1d68a\RtkAudUService64.exe [1256520 2021-04-13] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM...\Run: => 
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [739448 2023-03-17] (Oracle America, Inc. → Oracle Corporation)
HKLM-x32...\Run: [Intel® Arc™ Control] => C:\Program Files\Intel\Intel Arc Control\ArcControl.exe [1529384 2023-06-08] (Intel Corporation → Intel Corporation)
HKLM-x32...\Run: => 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2606472 2023-06-29] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Run: [MicrosoftEdgeAutoLaunch_2CDA1A8278879F750DEE63BCC2A16BEC] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [4113872 2023-06-29] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Run: => 
HKLM...\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard → HP Inc.)
HKLM\Software...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] →

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A1D9BE4-B8EC-4C57-A91D-D7E8D8DE94A0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157552 2023-06-17] (Microsoft Corporation → Microsoft Corporation)
Task: {1D7C5CAC-737A-452D-A236-EAA580A231D6} - System32\Tasks\NahimicTask64 => C:\WINDOWS\system32.\NahimicSvc64.exe [1088616 ] (A-Volute SAS → Nahimic)
Task: {1EBDEC72-F7EB-4367-A91D-1407EB41AB1F} - System32\Tasks\WpsExternal_tzahi_20221119083148 => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe [1057928 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd) → /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {34DD68F5-B7EC-4BB3-B895-51CC362E44EB} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4150136 2023-06-29] (Microsoft Corporation → Microsoft Corporation)
Task: {376EBB42-42AF-4D9B-996E-9A2C76460B6B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557376 2023-06-17] (Microsoft Corporation → Microsoft Corporation)
Task: {3C2411E2-875F-4A96-803B-AD1FC43AB975} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [829544 2021-07-02] (A-Volute SAS → Nahimic)
Task: {42FE7CEB-8F85-4C25-95A6-4BD0F736AAC7} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [200704 2023-05-12] (Microsoft Windows → Microsoft Corporation) → //B //NoLogo “C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs”
Task: {4398F590-BA0E-4042-B566-80B5E6BB3313} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557376 2023-06-17] (Microsoft Corporation → Microsoft Corporation)
Task: {52CC6F32-6BA1-4633-B68E-42724D7EA72F} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-06-15] (HP Inc. → HP Inc.)
Task: {6DEF4AB9-144A-495D-82D7-9170E5329F5D} - System32\Tasks\Window Update => C:\Users\tzahi\AppData\Local\Updates\Run.vbs [1015 2022-05-09] () [File not signed] <==== ATTENTION
Task: {74BD4F6A-54CF-4A9E-A8A5-B3328ED7AA71} - System32\Tasks\Windows Service Task => C:\Users\tzahi\AppData\Local\Updates\WindowsService.exe [5581312 2022-05-11] () [File not signed] <==== ATTENTION
Task: {783D56D1-678F-498D-8088-49B2C66E6E21} - System32\Tasks\NahimicTask32 => C:\WINDOWS\system32..\SysWOW64\NahimicSvc32.exe [829544 ] (A-Volute SAS → Nahimic)
Task: {89C88217-6FE5-472C-A4A5-BA18A1CA5495} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002472 2023-03-28] (Intel Corporation → Intel Corporation)
Task: {8AA31196-BD71-4997-9C0F-C5E5CC521A95} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [58832 2023-06-15] (HP Inc. → HP Inc.)
Task: {8B915058-845F-43C0-A27E-CF36D34D133D} - System32\Tasks\WpsUpdateTask_tmmrcy => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpsupdate.exe [172168 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {A848FA44-1C8C-479F-A946-7E1AC9C29A71} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1088616 2021-07-02] (A-Volute SAS → Nahimic)
Task: {A976026E-4D8C-469E-AEFF-3F088580BC8B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {AC849E86-7356-4C55-A623-42BE30F8F601} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170456 2023-06-07] (Microsoft Corporation → Microsoft Corporation)
Task: {BD2A0C06-9B8F-41A6-A561-6C469C93768F} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002472 2023-03-28] (Intel Corporation → Intel Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {D16417EF-0C5E-40D7-821D-FA90EEA2B722} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-516455074-3529725477-31475253-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4150136 2023-06-29] (Microsoft Corporation → Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {E3A30FA9-D4F7-476E-85D1-09C722F93023} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {E48D667A-D43B-41D1-AE87-35C0BBF0EB86} - System32\Tasks\WpsUpdateTask_tzahi => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpsupdate.exe [172168 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {F12241CF-2EA8-43C2-9758-4D88AF469257} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157552 2023-06-17] (Microsoft Corporation → Microsoft Corporation)
Task: {F6A39165-6DE6-464C-8918-7E05503ED911} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{0e1db6e2-967c-4181-ad20-1a7c8debc340}: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{f8d21a67-f548-45c5-a7aa-e808c1aba960}: [DhcpNameServer] 40.42.1.13
[HEADING=1]Edge:[/HEADING]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-07-06]
Edge Notifications: Profile 1 → hxxps://pchelpforum.net; hxxps://teams.microsoft.com
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-06-17]
Edge Extension: (Halo – Arrival) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ddgdgdmkcagpbibgcilbidjfokdngfld [2022-09-07]
Edge Extension: (Edge relevant text changes) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-19]
Edge HKU\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Microsoft\Edge\Extensions...\Edge\Extension: [njjljiblognghfjfpcdpdbpbfcmhgafg]
[HEADING=1]FireFox:[/HEADING]
FF HKLM...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2020-04-22] [Legacy]
FF HKLM...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2020-04-22]
FF HKLM-x32...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-10-29] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.371.2 → C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.371.2 → C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-10-29] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR HKLM...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-04-22]
CHR HKU\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [gjgfobnenmnljakmhboildkafdkicala]
CHR HKLM-x32...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-04-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-07-06] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11774392 2023-06-07] (Microsoft Corporation → Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43272 2023-07-03] (Intel Corporation → Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [212744 2023-07-03] (Intel Corporation → Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2022-07-06] (EasyAntiCheat Oy → Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-15] (Epic Games Inc. → Epic Games, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncHelper.exe [3446648 2023-06-29] (Microsoft Corporation → Microsoft Corporation)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [381312 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher → Fortemedia)
R2 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe [1995184 2020-04-29] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
R2 HiviewService; C:\Program Files\Huawei\Hiview\HiviewService.exe [5127064 2022-12-05] (Huawei Technologies Co., Ltd. → Huawei Device Co., Ltd.)
S3 HmdfsOfficeSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [786312 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
S3 HmdfsPcSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [786312 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
S3 HmdfsPhoneSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [786312 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 HMSCoreService; C:\Program Files\Huawei\HMS Core\HMSCoreService.exe [176712 2022-06-29] (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-06-15] (HP Inc. → HP Inc.)
R2 HwPCCoreService; C:\Program Files\Huawei\BasicService\BasicService.exe [629640 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 HWVEAudioService; C:\WINDOWS\system32\HWVEAudioService.exe [104592 2021-03-27] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 HW_OSDServer; C:\Windows\system32\RPC\OSD\osdservice.exe [252168 2020-12-23] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1432104 2023-06-08] (Intel Corporation → Intel Corporation)
R2 LCD_Service; C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe [44424 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 MBAMainService; C:\Program Files\Huawei\PCManager\MateBookService.exe [589192 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1675384 2021-07-02] (A-Volute SAS → Nahimic)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.122.0611.0001\OneDriveUpdaterService.exe [3782520 2023-06-29] (Microsoft Corporation → Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2572096 2023-03-13] (Electronic Arts, Inc. → Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3491144 2023-03-13] (Electronic Arts, Inc. → Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1244144 2023-06-29] (Rockstar Games, Inc. → Rockstar Games)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182296 2021-06-23] (Samsung Electronics Co., Ltd. → Samsung Electronics Co., Ltd.)
S3 ucldr_Crowz_ST; C:\Program Files\Common Files\UNCHEATER\ucldr_Crowz_ST.exe [5613296 2022-04-10] (Wellbia.com Co., Ltd. → Wellbia.com Co., Ltd.)
R2 WUCSProxy; C:\Program Files\HuaWei\wucs\WUCSProxyService.exe [7016008 2022-06-29] (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.)
S4 uhssvc; “C:\Program Files\Microsoft Update Health Tools\uhssvc.exe” 
S4 WdNisSvc; “%ProgramData%\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe” 
S4 WinDefend; “C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe”

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [561152 2023-06-28] (Microsoft Windows → Microsoft Corporation)
R3 ALSysIO; C:\Users\tzahi\AppData\Local\Temp\ALSysIO64.sys [47240 2023-07-04] (ALCPU (Arthur Liberman) → Arthur Liberman) <==== ATTENTION
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
R1 dokan2; C:\Program Files\Huawei\PCManager\dokan2.sys [117176 2021-10-19] (Huawei Device Co., Ltd. → Dokan Project)
R1 dokan2a; C:\Program Files\Huawei\PCManager\dokan2a.sys [403472 2022-05-03] (Huawei Device Co., Ltd. → Dokan Project)
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher → Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher → Windows (R) Win 7 DDK provider)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-10] (Intel Corporation → Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-10] (Intel Corporation → Intel Corporation)
R3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-10] (Intel Corporation → Intel Corporation)
R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-10] (Intel Corporation → Intel Corporation)
R0 IBtRstd; C:\WINDOWS\System32\drivers\ibtrstd.sys [61376 2020-07-15] (Intel(R) Wireless Connectivity Solutions → Intel Corporation)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-06-16] (A-Volute → Windows (R) Win 7 DDK provider)
S3 UniFairy_x64; C:\WINDOWS\system32\drivers\UniFairy_x64.sys [8209904 2022-07-05] (Tencent Technology(Shenzhen) Company Limited → TENCENT)
S3 unirsdt; C:\WINDOWS\system32\drivers\unirsdt.sys [6166504 2022-09-22] (Tencent Technology(Shenzhen) Company Limited → TENCENT)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239664 2021-07-28] (Oracle Corporation → Oracle Corporation)
R3 virtbus; C:\WINDOWS\System32\drivers\virtbus.sys [42968 2022-10-23] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R3 WDTDrv; C:\WINDOWS\System32\Drivers\WDTDrv.sys [46912 2020-07-14] (Microsoft Windows Hardware Compatibility Publisher → )
R2 WUCS; C:\WINDOWS\system32\drivers\WUCSDriver.sys [993728 2022-06-29] (Microsoft Windows Hardware Compatibility Publisher → Huawei Device Co., Ltd.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1431256 2022-04-10] (Wellbia.com Co., Ltd. → Wellbia.com Co., Ltd.)
U4 MsSecFlt; no ImagePath
U4 Sense; no ImagePath
U4 SgrmAgent; no ImagePath
U4 SgrmBroker; no ImagePath
S4 WdBoot; \SystemRoot\system32\drivers\wd\WdBoot.sys 
S4 WdFilter; \SystemRoot\system32\drivers\wd\WdFilter.sys 
S4 WdNisDrv; system32\drivers\wd\WdNisDrv.sys 
S3 WmFilter; \SystemRoot\system32\drivers\WmFilter.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-06 03:34 - 2023-07-06 03:34 - 000030726 _____ C:\Users\tzahi\Downloads\FRST.txt
2023-07-06 03:33 - 2023-07-06 03:34 - 000000000 ____D C:\FRST
2023-07-06 03:33 - 2023-07-06 03:33 - 002383360 _____ (Farbar) C:\Users\tzahi\Downloads\FRST64.exe
2023-07-04 08:43 - 2023-07-04 14:16 - 000000000 ___HD C:\Intel
2023-07-04 08:43 - 2023-04-01 07:17 - 000001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telegram.lnk
2023-07-04 08:43 - 2021-09-05 05:39 - 000001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photoshop.lnk
2023-07-04 08:43 - 2021-09-05 05:30 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS Pro 16.lnk
2023-07-04 08:43 - 2021-09-05 05:07 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Teams for School.lnk
2023-07-04 08:33 - 2023-07-04 08:49 - 000000000 ___HD C:$SysReset
2023-07-04 08:33 - 2023-07-03 21:51 - 000000000 ____D C:$Windows.~BT
2023-07-03 22:11 - 2023-07-03 22:11 - 000000000 ____D C:\Users\tzahi\Documents\TotalAV
2023-07-03 22:10 - 2023-07-03 22:10 - 000000000 ____D C:\Users\tzahi\AppData\Local\GUI
2023-07-03 22:10 - 2023-07-03 22:10 - 000000000 ____D C:\ProgramData\SecuritySuite
2023-07-03 21:52 - 2023-07-03 22:13 - 000000000 ____D C:\Users\tzahi\AppData\Local\D3DSCache
2023-07-03 21:51 - 2023-07-04 21:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-03 21:27 - 2023-07-03 21:27 - 000000000 ____D C:\Users\tzahi\AppData\Local\ElevatedDiagnostics
2023-07-03 19:24 - 2023-07-03 19:24 - 000001427 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2023-07-03 18:58 - 2023-07-06 03:32 - 000000000 ____D C:\Users\tzahi\AppData\Local\Updates
2023-07-03 18:58 - 2023-07-03 19:22 - 000003288 _____ C:\WINDOWS\system32\Tasks\Windows Service Task
2023-07-03 18:58 - 2023-07-03 19:22 - 000003252 _____ C:\WINDOWS\system32\Tasks\Window Update
2023-07-03 18:58 - 2023-07-03 18:58 - 000014544 _____ (OpenLibSys.org) C:\WINDOWS\system32\WinRing0x64.sys
2023-07-03 18:58 - 2023-07-03 18:58 - 000000000 ____D C:\Program Files (x86)\OceanofGames.ccom
2023-06-29 12:58 - 2023-06-29 12:58 - 000000360 _____ C:\Users\tzahi\Desktop\Grand Theft Auto V.url
2023-06-28 11:44 - 2023-07-03 19:24 - 000000000 ____D C:\Users\tmmrcy
2023-06-28 10:47 - 2023-06-28 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2023-06-28 10:44 - 2023-06-20 18:58 - 000515528 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2023-06-28 10:44 - 2023-06-20 18:58 - 000455664 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2023-06-28 10:44 - 2023-06-20 18:57 - 000937504 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2023-06-28 10:44 - 2023-06-20 18:56 - 000700360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2023-06-28 10:44 - 2023-06-20 18:55 - 000586232 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2023-06-28 10:44 - 2023-06-20 18:55 - 000447760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2023-06-28 10:44 - 2023-06-20 18:54 - 000488056 _____ C:\WINDOWS\SysWOW64\IntelControlLib32.dll
2023-06-28 10:44 - 2023-06-20 18:51 - 002184128 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-06-28 10:44 - 2023-06-20 18:51 - 002184128 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-06-28 10:44 - 2023-06-20 18:51 - 001618368 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-06-28 10:44 - 2023-06-20 18:51 - 001618368 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-06-28 10:44 - 2023-06-20 18:51 - 001481672 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-06-28 10:44 - 2023-06-20 18:51 - 001481672 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-06-28 10:44 - 2023-06-20 18:51 - 001214400 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-06-28 10:44 - 2023-06-20 18:51 - 001214400 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-06-28 10:44 - 2023-06-20 18:51 - 000497648 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2023-06-28 10:44 - 2023-06-20 18:51 - 000437752 _____ C:\WINDOWS\system32\ze_loader.dll
2023-06-28 10:44 - 2023-06-20 18:51 - 000288192 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2023-06-28 10:44 - 2023-06-20 18:50 - 027958720 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2023-06-28 10:44 - 2023-06-20 18:50 - 020682736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2023-06-28 10:44 - 2023-06-20 18:49 - 000274288 _____ C:\WINDOWS\system32\ControlLib.dll
2023-06-28 10:44 - 2023-06-20 18:49 - 000223608 _____ C:\WINDOWS\SysWOW64\ControlLib32.dll
2023-06-22 01:35 - 2023-06-22 01:37 - 000000795 _____ C:\Users\tzahi\Untitled1.ipynb
2023-06-22 01:32 - 2023-06-22 01:34 - 000001270 _____ C:\Users\tzahi\Final Exam Practice.ipynb
2023-06-22 01:19 - 2023-06-22 01:51 - 000041694 _____ C:\Users\tzahi\CMPE_107_CH5_Functions.ipynb
2023-06-18 09:52 - 2023-06-18 09:52 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2023-06-14 16:31 - 2023-06-14 16:31 - 000638976 _____ C:\WINDOWS\system32\smartscreen.exe
2023-06-13 17:28 - 2023-07-04 08:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher
2023-06-07 08:39 - 2023-06-07 08:39 - 000003670 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2023-06-07 08:39 - 2023-04-25 11:32 - 000047240 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-06 03:33 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-06 03:33 - 2022-05-07 08:22 - 000000000 ____D C:\WINDOWS\INF
2023-07-06 03:32 - 2023-05-12 10:31 - 000001517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2023-07-06 03:32 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-06 03:32 - 2021-09-13 21:38 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\PCManager
2023-07-06 03:32 - 2021-09-03 22:17 - 000000000 ___RD C:\Users\tzahi\OneDrive
2023-07-06 03:32 - 2021-03-09 05:43 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-04 22:30 - 2022-05-07 08:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-04 21:20 - 2021-04-14 21:10 - 000000000 ____D C:\ProgramData\Goodix
2023-07-04 21:18 - 2022-05-07 08:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-04 14:29 - 2021-11-25 11:07 - 000000000 ___RD C:\Users\tzahi\Documents\EXCEL Files
2023-07-04 14:20 - 2022-09-22 08:53 - 000850372 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-04 14:16 - 2022-09-22 08:53 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2023-07-04 14:16 - 2022-09-22 08:53 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2023-07-04 14:16 - 2022-09-22 08:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-04 14:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-07-04 14:16 - 2022-05-07 08:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2023-07-04 14:16 - 2021-03-09 05:39 - 000012288 ___SH C:\DumpStack.log.tmp
2023-07-04 14:15 - 2021-09-04 12:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-07-04 08:51 - 2023-03-01 21:48 - 000000000 ____D C:\WINDOWS\Panther
2023-07-04 08:50 - 2023-02-21 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2023-07-04 08:50 - 2022-09-22 08:51 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Crypto
2023-07-04 08:50 - 2022-09-22 08:50 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Windows
2023-07-04 08:50 - 2022-09-22 08:50 - 000000000 ____D C:\Users\tzahi
2023-07-04 08:50 - 2022-05-12 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-07-04 08:50 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-07-04 08:50 - 2022-03-03 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HUAWEI
2023-07-04 08:50 - 2021-09-05 05:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2023-07-04 08:50 - 2020-11-19 10:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-07-04 06:41 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-07-03 22:15 - 2022-05-07 08:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-07-03 21:51 - 2022-09-22 08:52 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2023-07-03 21:51 - 2022-09-22 08:52 - 000015243 _____ C:\WINDOWS\diagerr.xml
2023-07-03 21:26 - 2021-10-21 14:44 - 000000000 ____D C:\Users\tzahi\AppData\Local\CrashDumps
2023-07-03 21:23 - 2022-05-07 08:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-07-03 21:23 - 2022-05-07 08:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-07-03 21:22 - 2022-09-22 08:49 - 000618256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-03 21:13 - 2022-05-07 08:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-03 20:08 - 2021-09-05 05:01 - 000000000 ____D C:\Program Files\TeamViewer
2023-07-03 19:38 - 2022-05-07 08:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-03 19:30 - 2021-09-03 22:16 - 000000000 ____D C:\Users\tzahi\AppData\Local\Packages
2023-07-03 19:24 - 2022-05-14 12:04 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-06-30 14:39 - 2022-10-11 00:20 - 000000000 ____D C:\Users\tzahi\Desktop\Important Documents
2023-06-30 14:39 - 2022-05-12 02:59 - 000000000 ____D C:\Users\tzahi\Documents\Recovery Codes
2023-06-30 14:39 - 2021-09-05 05:41 - 000000000 ____D C:\Users\tzahi\Documents\PDF FIles
2023-06-30 13:59 - 2022-04-27 01:53 - 000000525 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2023-06-30 13:57 - 2020-11-19 10:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-29 13:33 - 2021-09-04 03:20 - 000000000 ____D C:\Users\tzahi\Documents\Rockstar Games
2023-06-29 13:32 - 2023-02-22 22:46 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2023-06-29 13:32 - 2021-09-04 03:15 - 000000000 ____D C:\ProgramData\Rockstar Games
2023-06-29 13:32 - 2021-09-04 03:13 - 000000000 ____D C:\Program Files\Rockstar Games
2023-06-29 13:32 - 2021-09-04 03:13 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2023-06-29 10:00 - 2022-09-22 08:53 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-516455074-3529725477-31475253-1001
2023-06-29 10:00 - 2022-09-22 08:53 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-06-29 10:00 - 2021-09-03 22:14 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-06-29 09:55 - 2022-11-19 11:05 - 000000000 ____D C:\Users\tzahi\Desktop\English 181-191
2023-06-28 11:43 - 2023-05-12 11:43 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2023-06-28 11:22 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\UUS
2023-06-28 11:22 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-06-28 11:22 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-06-28 11:22 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-06-28 11:22 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-06-28 11:22 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-06-28 11:22 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-06-28 11:22 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-06-28 11:22 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-06-28 11:00 - 2022-09-22 08:51 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-06-28 10:44 - 2021-03-09 05:43 - 000000000 ____D C:\Program Files\Intel
2023-06-28 08:59 - 2021-03-09 05:43 - 000000000 ____D C:\Program Files (x86)\Intel
2023-06-23 19:15 - 2021-10-20 20:46 - 000000000 ____D C:\Users\tzahi\AppData\Roaming.tlauncher
2023-06-23 08:03 - 2023-02-20 22:34 - 000000000 ____D C:\ProgramData\Nahimic
2023-06-22 01:51 - 2023-04-06 15:35 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\jupyter
2023-06-22 01:35 - 2023-04-06 15:35 - 000000000 ____D C:\Users\tzahi.ipynb_checkpoints
2023-06-19 00:52 - 2021-09-04 22:14 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Word
2023-06-17 03:25 - 2022-05-12 08:08 - 000000000 ____D C:\Program Files\Microsoft Office
2023-06-17 02:52 - 2022-10-25 19:32 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2023-06-17 02:52 - 2022-10-25 19:32 - 000062968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2023-06-17 02:52 - 2021-09-04 22:46 - 002807296 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2023-06-17 02:52 - 2021-09-04 22:46 - 000247288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2023-06-17 02:52 - 2021-09-04 22:46 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2023-06-17 02:51 - 2021-11-20 19:39 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2023-06-17 02:51 - 2021-09-04 22:46 - 000493048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2023-06-17 02:51 - 2021-09-04 22:46 - 000202232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2023-06-15 21:29 - 2022-09-22 08:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-06-15 21:29 - 2021-09-05 06:13 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-06-15 05:28 - 2021-09-04 04:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-06-15 05:26 - 2021-09-04 04:44 - 170078616 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-06-15 00:59 - 2022-09-22 08:53 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-15 00:59 - 2022-09-22 08:53 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-14 04:10 - 2022-11-19 09:31 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\kingsoft
2023-06-14 00:39 - 2022-04-14 09:32 - 000000000 ____D C:\Users\tzahi\AppData\Roaming.minecraft
2023-06-13 17:21 - 2021-09-04 22:42 - 000000000 ____D C:\Program Files (x86)\Steam
2023-06-09 12:10 - 2022-10-16 19:25 - 000000000 ____D C:\Users\tzahi\Desktop\Physics 101 Notes
2023-06-07 13:56 - 2022-09-22 08:53 - 000003834 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2023-06-07 08:39 - 2022-09-22 08:53 - 000003762 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2023-06-07 08:39 - 2022-09-22 08:53 - 000003528 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon

==================== Files in the root of some directories ========

2021-09-05 05:08 - 2021-09-05 05:08 - 000000128 ____H () C:\Users\tzahi\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2021-09-12 10:38 - 2021-12-06 20:52 - 082428480 _____ (Sony) C:\Users\tzahi\AppData\Local\pcc.exe
2021-12-29 21:33 - 2022-01-14 10:15 - 000007597 _____ () C:\Users\tzahi\AppData\Local\Resmon.ResmonCfg

==================== FLock ==============================

2023-06-14 16:31 C:\WINDOWS\system32\smartscreen.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

                Comment

                • taimrarchy
                  PCHF Member
                  • Jul 2023
                  • 38
                  #5
                  Addition.txt:
                  [HEADING=1]
                  Code:
                  Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2023
Ran by tmmrcy (06-07-2023 03:34:57)
Running from C:\Users\tzahi\Downloads
Microsoft Windows 11 Home Version 22H2 22621.1928 (X64) (2022-09-22 05:53:16)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-516455074-3529725477-31475253-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-516455074-3529725477-31475253-503 - Limited - Disabled)
Guest (S-1-5-21-516455074-3529725477-31475253-501 - Limited - Disabled)
tmmrcy (S-1-5-21-516455074-3529725477-31475253-1001 - Administrator - Enabled) => C:\Users\tzahi
WDAGUtilityAccount (S-1-5-21-516455074-3529725477-31475253-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\uTorrent) (Version: 3.5.5.46348 - BitTorrent Inc.)
Anaconda3 2022.10 (Python 3.9.13 64-bit) (HKLM...\Anaconda3 2022.10 (Python 3.9.13 64-bit)) (Version: 2022.10 - Anaconda, Inc.)
Anaconda3 2022.10 (Python 3.9.13 64-bit) (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Anaconda3 2022.10 (Python 3.9.13 64-bit)) (Version: 2022.10 - Anaconda, Inc.)
Batman Episode 5 (HKLM-x32...\Batman Episode 5_is1) (Version: - )
Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
Core Temp 1.17.1 (HKLM...{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Dev-C++ (HKLM-x32...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Discord (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Discord) (Version: 1.0.9003 - Discord Inc.)
Documentation Manager (HKLM...{619AF8CA-69CA-4463-88F7-86E2E387FB66}) (Version: 22.230.0.8 - Intel Corporation) Hidden
DroidCam Client (HKLM-x32...\DroidCam) (Version: 6.4.3 - DEV47APPS)
Dynamic Application Loader Host Interface Service (HKLM...{1216C70E-6887-41B6-8EDB-FD91B5A8708F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Epic Games Launcher (HKLM-x32...{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32...{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FiveM (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\CitizenFX_FiveM) (Version: - Cfx.re)
Foxit PhantomPDF (HKLM-x32...{0a0d1ae2-8a54-11ea-8e74-54bf64a63c26}) (Version: 10.0.0.35798 - Foxit Software Inc.)
Free Cam 8 (HKLM-x32...{31FACC6B-2EB0-4092-B715-FE8B8916A967}) (Version: 8.7.27159 - iSpring Solutions Inc.)
Halo 2 Project Cartographer (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Halo 2 Project Cartographer) (Version: 01.7.00.00 - H2PC)
HMS Core (HKLM...\HMS Core) (Version: 6.6.0.300 - Huawei Technologies Co., Ltd.)
HP DeskJet 2130 series Basic Device Software (HKLM...{A81ACE32-12C9-43C8-BFD6-BEA725ACB9F4}) (Version: 40.11.1124.17107 - HP Inc.)
HP Dropbox Plugin (HKLM-x32...{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32...{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
Huawei PC Manager(Multi-screen Collaboration and Official Driver) (HKLM...\PC Manager) (Version: 13.0.2.370 - Huawei Device Co., Ltd.)
HW OSD (HKLM...\HwOsd) (Version: 11.0.5.3 - Huawei Device Co., Ltd.)
Intel Driver && Support Assistant (HKLM-x32...{0F7F6F7B-684E-435A-9FCE-C8A1F71EDA14}) (Version: 23.3.25.6 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM...{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32...{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel(R) Corporation)
Intel(R) Computing Improvement Program (HKLM...{438CD419-50DF-4A15-B9AD-986D47085E54}) (Version: 2.4.09146 - Intel Corporation)
Intel(R) Dynamic Tuning (HKLM-x32...{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10400.15556 - Intel Corporation)
Intel(R) Dynamic Tuning Technology (HKLM-x32...{bb67b2ec-1792-405b-8351-21bcc9f00f45}) (Version: 8.7.10400.15556 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{0703311b-31d5-4c17-9668-c48dee4b7749}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{209fc91f-5b9a-4901-ac8f-cb1759c75a18}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{34663e82-6c5e-4b48-b1b1-fee1881dc39b}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{55fc13d0-814b-49bb-b13b-27836022cfb9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{8850e5d7-7f46-4a65-8f61-90533664733c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{907b050d-5a10-4585-a175-7003de7204b2}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{c4456f6f-fe06-4281-b612-7431efe37891}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{d1d0fa4c-90ba-4580-9bc0-161e91344b1c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{e8608a5e-87fa-4830-99b6-f679b87d3cb6}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Icls (HKLM...{DA3AEB76-773F-417C-B053-7A9A28F413B2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) LMS (HKLM...{2C22227F-09AF-4498-AEFD-6DC10FCD664F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2033.15.0.1783 - Intel Corporation)
Intel(R) Management Engine Components (HKLM...{B3956502-1A32-4061-8A99-015E9EA66132}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM...{C046A888-9C09-411B-B3C8-73F77E861243}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM...{A670C124-DF72-42A3-8C1A-061FF3A09E29}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM...{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2031.2 - Intel Corporation)
Intel(R) Serial IO (HKLM...{BA425414-4D86-4FB0-8EEE-FA7F34E79C00}) (Version: 30.100.2031.2 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32...{00000230-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.230.0.2 - Intel Corporation)
Intel® Arc™ Control (HKLM...{13865A06-C2AB-4814-BAE6-69FCB841C8DA}) (Version: 1.69.5033.3 - Intel Corporation) Hidden
Intel® Arc™ Control (HKLM-x32...{5893f084-4b18-43be-a951-629c07848117}) (Version: 1.69.5033.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32...{0ddcdf18-17cd-44ad-af4e-ba6821421c30}) (Version: 23.3.25.6 - Intel)
Intel® Software Installer (HKLM-x32...{09b61d86-bc76-4353-a7d8-ebc9e2822195}) (Version: 22.230.0.8 - Intel Corporation) Hidden
Java 8 Update 371 (HKLM-x32...{71124AE4-039E-4CA4-87B4-2F32180371F0}) (Version: 8.0.3710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM...{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM...{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM...{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32...{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 114.0.1823.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 114.0.1823.67 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32...{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Halo (HKLM-x32...\Halo) (Version: - Microsoft)
Microsoft Office Professional Plus 2021 - en-us (HKLM...\ProPlus2021Retail - en-us) (Version: 16.0.16501.20210 - Microsoft Corporation)
Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 23.122.0611.0001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32...{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM...{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM...{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32...{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32...{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32...{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32...{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM...{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM...{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32...{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32...{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32...{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\OpenIV) (Version: 4.1.1502 - .black/OpenIV Team)
Origin (HKLM-x32...\Origin) (Version: 10.5.122.52971 - Electronic Arts, Inc.)
Rockstar Games Launcher (HKLM-x32...\Rockstar Games Launcher) (Version: 1.0.74.1546_B - Rockstar Games)
Rockstar Games Social Club (HKLM-x32...\Rockstar Games Social Club) (Version: 2.1.8.4 - Rockstar Games)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32...\TLauncher) (Version: 2.885 - TLauncher Inc.)
Ubisoft Connect (HKLM-x32...\Uplay) (Version: 125.0.10582 - Ubisoft)
WinRAR 6.02 (64-bit) (HKLM...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WPS Office (11.2.0.11388) (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Kingsoft Office) (Version: 11.2.0.11388 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
Forza Horizon 4 → C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.477.714.2_x64__8wekyb3d8bbwe [2023-04-06] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack → C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2023-02-22] (Microsoft Studios)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_146.3.1087.0_x64__v10z8vjag6ke6 [2023-07-03] (HP Inc.)
Messenger → C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1900.9.106.0_x64__8xx8rvfyw5nnt [2023-07-04] (Meta) [Startup Task]
Microsoft Family → C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
Minecraft Launcher → C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.2.16.0_x64__8wekyb3d8bbwe [2023-06-09] (Microsoft Studios)
ms-resource:app_name_ms_todo → C:\Program Files\WindowsApps\Microsoft.Todos_2.97.61391.0_x64__8wekyb3d8bbwe [2023-07-03] (Microsoft Corporation) [Startup Task]
ms-resource:AppStoreName → C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.60961.0_x64__8wekyb3d8bbwe [2023-04-24] (Microsoft Corporation)
ms-resource:AppStoreName → C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-09-22] (Microsoft Corporation)
ms-resource:System_Item_Title_IntelGraphicsControlPanel → C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-03] (INTEL CORP) [Startup Task]
Nahimic → C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.17.0_x64__w2gh52qy24etm [2023-07-03] (A-Volute)
Netflix → C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-10-26] (Netflix, Inc.)
Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-14] (Microsoft Corporation)
Realtek Audio Control → C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.247.0_x64__dt26b99r8h8gj [2023-07-03] (Realtek Semiconductor Corp)
Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0 [2023-06-22] (Spotify AB) [Startup Task]
WhatsApp → C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2324.6.0_x64__cv1g1gvanyjgm [2023-07-03] (WhatsApp Inc.) [Startup Task]
WiFi Analyzer → C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2023-07-03] (Matt Hafner)
WindowsAppRuntime.1.3 → C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-05-24] (Microsoft Corporation)
WindowsAppRuntime.1.3 → C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-06-28] (Microsoft Corporation)
WindowsAppRuntime.1.3 → C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-06-28] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-516455074-3529725477-31475253-1001_Classes\CLSID{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 → C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-516455074-3529725477-31475253-1001_Classes\CLSID{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 → C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF] → {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
ContextMenuHandlers1: [HwShareMenu] → {9557F42F-BD61-4E26-9752-33A8A20FC9F9} => C:\Program Files\Huawei\PCManager\ShareMenu.dll [2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
ContextMenuHandlers1: [MagicISO] → {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers2: [DFSDriveMenu] → {9557F42F-BD61-4E26-9752-33A8A20FC9F9} => C:\Program Files\Huawei\PCManager\ShareMenu.dll [2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [MagicISO] → {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.122.0611.0001\FileSyncShell64.dll [2023-06-29] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF] → {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
ContextMenuHandlers6: [MagicISO] → {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-516455074-3529725477-31475253-1001: [ kwpsshellext] → {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll [2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-516455074-3529725477-31475253-1001: [ kwpsshellext] → {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll [2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tzahi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk → C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) → --profile-directory=“Profile 1”

==================== Loaded Modules (Whitelisted) =============

2022-03-22 15:59 - 2021-10-30 05:08 - 001080832 _____ () [File not signed] C:\Program Files\HuaWei\wucs\sqlcipher.dll
2023-04-25 11:32 - 2023-04-25 11:32 - 001600512 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2023-04-25 11:32 - 2023-04-25 11:32 - 002165760 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2021-11-12 12:53 - 2021-11-12 12:53 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-11-12 12:53 - 2021-11-12 12:53 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-11-12 12:53 - 2021-11-12 12:53 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2023-03-14 22:10 - 2021-11-12 12:53 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2023-03-14 22:10 - 2021-11-12 12:53 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2023-03-14 22:10 - 2021-11-12 12:53 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2023-03-14 22:10 - 2021-11-12 12:53 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2023-03-14 22:10 - 2021-11-12 12:53 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2023-03-14 22:10 - 2021-11-12 12:53 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Recovery:err [1590]
AlternateDataStreams: C:\ProgramData\droidcam-client-options-v2:8329C6407A [10]
AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [10]
AlternateDataStreams: C:\ProgramData\droidcam.log:ADD74D6E12 [10]
AlternateDataStreams: C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6:2EA0371A72 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net.lnk:E2208A86CD [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DroidCam Client.lnk:96D1DD3380 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF.lnk:4851378599 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Cam 8.lnk:6991C8B2BC [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP DeskJet 2130 series.lnk:25ED2E7AB7 [10]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2734]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-516455074-3529725477-31475253-1001 → DefaultScope {D070BD48-05DB-4F29-BB4E-FCEA17667687} URL =
SearchScopes: HKU\S-1-5-21-516455074-3529725477-31475253-1001 → {D070BD48-05DB-4F29-BB4E-FCEA17667687} URL =
BHO: Foxit PhantomPDF Create PDF ToolBar Helper → {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-08] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper → {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-07] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-516455074-3529725477-31475253-1001...\sharepoint.com → hxxps://doguakdeniz-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 12:14 - 2023-07-03 22:15 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2022-04-27 01:53 - 2023-06-30 13:59 - 000000525 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.29 HUAWEI_MatePad_11-ce7ac16.mshome.net # 2023 7 5 7 10 59 24 936
192.168.137.1 LAPTOP-BQN0JE4L.mshome.net # 2028 6 3 28 10 59 24 936

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\OpenSSH;C:\Program Files\dotnet
HKU\S-1-5-21-516455074-3529725477-31475253-1001\Control Panel\Desktop\Wallpaper → C:\Users\tzahi\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\abstract-background-5544x2480-10823.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-516455074-3529725477-31475253-1001...\StartupApproved\Run: => “EpicGamesLauncher”
HKU\S-1-5-21-516455074-3529725477-31475253-1001...\StartupApproved\Run: => “Discord”
HKU\S-1-5-21-516455074-3529725477-31475253-1001...\StartupApproved\Run: => “XperiaCompanionAgent”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{EA28C9BF-57C5-43E3-A2F1-CCBA70771B67}G:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) G:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{EB19FCAB-5755-47FD-B469-2AC6B697F463}G:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) G:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [UDP Query User{B5F0B45F-121A-4751-8BCA-446A8D83452A}G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe] => (Allow) G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe => No File
FirewallRules: [TCP Query User{AD6655D5-D0F0-4383-9CFF-B4CF0DA2FF31}G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe] => (Allow) G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe => No File
FirewallRules: [UDP Query User{F628B4F6-1D8D-45A0-9E94-7CF81819442B}G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{A0BCCD4D-9A5B-4B0B-A7F2-A0786144B0BF}G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C6452449-CB73-4359-A274-18F6844A794E}G:\games\epic games\fallguys\fallguys_client_game.exe] => (Block) G:\games\epic games\fallguys\fallguys_client_game.exe => No File
FirewallRules: [TCP Query User{4D4716CE-B023-4059-8BB5-69109DE13CD6}G:\games\epic games\fallguys\fallguys_client_game.exe] => (Block) G:\games\epic games\fallguys\fallguys_client_game.exe => No File
FirewallRules: [UDP Query User{0079DD27-BE20-40EF-96B7-B041B8C38B42}C:8\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:8\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{8290BD0F-9C0D-4C57-B4E6-6BD9F1BF4979}C:8\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:8\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{EC880E9B-6339-4142-A9DF-195CF4B7F548}C:4\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:4\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{7455CCF7-4821-46E1-9AC4-99DAAC1ED0C9}C:4\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:4\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{86A1D011-AF02-4E84-905B-041E00021A8E}G:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{FD82AA22-29D1-463E-BEA6-B6BCFFE9B6F6}G:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{91A86FBF-F7E3-4D90-8B48-AB7AE27860E5}C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [TCP Query User{D7262939-48C9-4911-9D26-FC73EBD360B3}C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [{01148211-9260-478B-BFBE-BEBF656A6723}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{C6947DE2-5C0B-473A-8EEC-87C982DD0923}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{DDCD9EDB-FA3F-4A35-A805-FFDE8C260241}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{C6A1318C-2AA9-4295-B067-F1E127337781}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{B85120DE-6858-4F4F-9A5C-04534AC5DB19}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{51474B11-90B4-42F4-BA7B-2F0EF0E2EBA6}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [UDP Query User{6E76F11A-31FD-47D9-808C-DC26B315FB10}G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [TCP Query User{D74A2248-60C0-4216-BC08-9EC19356DCC4}G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [{DF69DABD-6F13-4E02-B946-3434A01E33D3}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{7B70BD56-3B0F-434B-ABF3-FC98622B5050}] => (Allow) G:\Nox\bin\Nox.exe => No File
FirewallRules: [{9EB7B4F0-A658-4C3C-8826-10F4D6FDCEE0}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{0AC01DF3-1247-44E6-9ACB-C344CC07ABCE}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{B17DD100-466D-4D6A-9761-32E58F86D229}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [{21132FD2-9F3A-446C-A5C4-26A2E43892C5}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [UDP Query User{CDAC9157-EF8A-44EF-9199-6A6DCF877134}C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{ACC88C82-6E4A-4F4F-A795-73DB027299AB}C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{2218EC88-AB59-40E2-8429-C7901D99CB2C}] => (Allow) C:6\Games\Apex\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{D80405D4-2D08-47F3-93C3-E289D250F4DF}] => (Allow) C:6\Games\Apex\EasyAntiCheat_launcher.exe => No File
FirewallRules: [UDP Query User{B67C447F-BB5D-45A2-81D9-F74B8A9638DE}C:0\games\alienisolation\ai.exe] => (Allow) C:0\games\alienisolation\ai.exe => No File
FirewallRules: [TCP Query User{0F2EE437-3297-4AD6-9036-C68B225E1ED2}C:0\games\alienisolation\ai.exe] => (Allow) C:0\games\alienisolation\ai.exe => No File
FirewallRules: [UDP Query User{6B9146FE-1C34-4923-AEF8-2C7854C53F6A}C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{40B18058-B3EA-410C-AABC-67F7B0CE5A76}C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [{AF31A34F-3AE4-4177-852C-FB25F9EA6512}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe => No File
FirewallRules: [{670A6739-0E4B-4FA0-B399-AFA9BF3DCCEB}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe => No File
FirewallRules: [{F7D4E450-DA93-4EE0-8A49-71E56D22956B}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
FirewallRules: [{48D7F757-F925-4334-9406-86D65CEEDF92}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
FirewallRules: [UDP Query User{C9823F84-1984-4090-907F-DC3702EE5C3C}G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{9B1C125E-F31B-4EB1-A660-4A42AD0031B8}G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [UDP Query User{8D778748-74C2-4A53-8246-F355CDB36559}D:\games\thealtocollection\the alto collection.exe] => (Allow) D:\games\thealtocollection\the alto collection.exe => No File
FirewallRules: [TCP Query User{BE086E0D-5C43-4C1F-9345-8CFBB02837E0}D:\games\thealtocollection\the alto collection.exe] => (Allow) D:\games\thealtocollection\the alto collection.exe => No File
FirewallRules: [UDP Query User{93616156-6050-4782-9135-382098F0125B}C:\users\tzahi\downloads_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe] => (Allow) C:\users\tzahi\downloads_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe => No File
FirewallRules: [TCP Query User{F2376F81-F25A-4240-9DA7-074BED35B83A}C:\users\tzahi\downloads_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe] => (Allow) C:\users\tzahi\downloads_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe => No File
FirewallRules: [UDP Query User{13D6E50B-8C50-4C01-BD48-F76ED594F5C1}C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe] => (Allow) C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe (BitTorrent Inc → BitTorrent Inc.)
FirewallRules: [TCP Query User{353ACCB8-F62C-488B-A610-12860458E4DE}C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe] => (Allow) C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe (BitTorrent Inc → BitTorrent Inc.)
FirewallRules: [UDP Query User{9ADC7A0D-6B8A-4780-AD91-F58B0AF10FE3}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [TCP Query User{4DD82B7C-7456-4F85-AC55-594AC94FF4F9}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [{5240E39F-9644-4A12-BD38-D757DE5CDE3B}] => (Allow) C:\Program Files\Huawei\PCManager\HWVCR.exe => No File
FirewallRules: [UDP Query User{C5CC5E83-9AE7-430E-8A69-893AAB721002}G:\games\alienisolation\ai.exe] => (Allow) G:\games\alienisolation\ai.exe => No File
FirewallRules: [TCP Query User{13C379D5-EDCE-4E1F-AAA7-7056FB3B1656}G:\games\alienisolation\ai.exe] => (Allow) G:\games\alienisolation\ai.exe => No File
FirewallRules: [UDP Query User{B31C2896-6F9F-4BB8-915F-6463DE3E92CA}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [TCP Query User{57A72B6A-3BC4-4BC4-B935-F764EE63E2C1}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [{BFDC8DDA-B806-4CFA-936F-74361414B688}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
FirewallRules: [{D349103B-4285-496E-9CB5-0D02ACF2C655}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
FirewallRules: [{3E641BF7-7B82-4104-AE0B-9DB957AD3993}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
FirewallRules: [{D4E98496-5FB9-439E-84B8-CA29C65E524D}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
FirewallRules: [UDP Query User{032F130F-CE2D-4F0B-9689-EA25664C3B61}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
FirewallRules: [TCP Query User{2E72795F-2FCB-4F29-9BC2-918C792784CE}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
FirewallRules: [UDP Query User{96736BC3-6EAF-4D40-9749-EDDA9C099D12}C:4\haloinfinite.exe] => (Allow) C:4\haloinfinite.exe => No File
FirewallRules: [TCP Query User{799FC99B-3EE1-4608-8404-58E4F28D94C1}C:4\haloinfinite.exe] => (Allow) C:4\haloinfinite.exe => No File
FirewallRules: [UDP Query User{A22BB818-D073-47B3-A13D-9EE73A3A4545}G:\games\need for speed heat\needforspeedheat.exe] => (Allow) G:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{F2201F51-2D5A-477A-950E-92DDF6F77CBC}G:\games\need for speed heat\needforspeedheat.exe] => (Allow) G:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{9147ECAD-4EA4-4DEB-BF1D-AFA2E046C448}D:\games\halo - combat evolved\halo.exe] => (Allow) D:\games\halo - combat evolved\halo.exe => No File
FirewallRules: [TCP Query User{19BA2A16-59CB-4748-B66A-B30F21E6F212}D:\games\halo - combat evolved\halo.exe] => (Allow) D:\games\halo - combat evolved\halo.exe => No File
FirewallRules: [UDP Query User{F36DEEA1-23BF-4B09-B3D4-B174E93CDB1F}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [TCP Query User{896A95CD-3759-4D51-9AF0-D659AA3F8C5B}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [UDP Query User{33AD8D6C-6243-43FD-80BF-F6F245D9FC85}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [TCP Query User{2A7286D4-1DDC-4BDC-8C8D-44F453D2D5AD}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [UDP Query User{6979730F-9FD2-4E15-851D-42273A7836B5}E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
FirewallRules: [TCP Query User{7FAF4581-5E01-4380-A2AC-6EAAFEA7D2DA}E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
FirewallRules: [UDP Query User{7D0A512A-8B78-4D8E-8FA4-6866B09C41AA}D:6\games\need for speed heat\needforspeedheat.exe] => (Allow) D:6\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{A7AEAB1E-82BA-48A9-93F3-A6422090A5CB}D:6\games\need for speed heat\needforspeedheat.exe] => (Allow) D:6\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{0ACBD6DF-7CCF-4C90-B544-0490AFF45C28}C:8\games\need for speed heat\needforspeedheat.exe] => (Allow) C:8\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{E076492C-43A7-4F0D-B98F-56C18F280BFC}C:8\games\need for speed heat\needforspeedheat.exe] => (Allow) C:8\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{34220ABC-610D-48E8-9E83-5077596F3D71}C:0\games\need for speed heat\needforspeedheat.exe] => (Allow) C:0\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{6C337EA5-260D-44CF-A356-0C9EE5A03E9D}C:0\games\need for speed heat\needforspeedheat.exe] => (Allow) C:0\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{7474242E-5991-44A3-8A26-8BBFDCD44427}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
FirewallRules: [TCP Query User{AB423B4E-4F6A-4D37-9175-822D9220F913}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
FirewallRules: [UDP Query User{20C3997E-BCFB-448B-8B6A-3C2A949E262F}E:\games\need for speed heat\needforspeedheat.exe] => (Allow) E:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{633368D0-825A-4931-A016-8C0063235851}E:\games\need for speed heat\needforspeedheat.exe] => (Allow) E:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{A3AADF0F-C0D6-4D16-8D97-6D50753F8CDE}E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe] => (Allow) E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{6F079768-278D-4793-89E7-FFAEA7A20C57}E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe] => (Allow) E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{492D7C10-DE5B-4F47-A6A7-C509ACC13DAB}E:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) E:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{A3E321D0-A618-4D5A-8CBA-D7AEDB6D02A8}E:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) E:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [{483E1497-5E75-4E0C-9C99-49677EACA549}] => (Allow) C:\Users\tzahi\AppData\Local\Temp\7zS1821\HP.EasyStart.exe => No File
FirewallRules: [{624BF7BD-7287-46A3-8BA5-DDE03D760207}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard → HP Inc.)
FirewallRules: [{745143F7-3627-4358-B774-65469BB22287}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (Hewlett Packard → HP Inc.)
FirewallRules: [UDP Query User{2BE7F379-EA57-4382-AA63-BDDF28BCC7A7}D:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{6BE017BB-76DD-4F71-BE14-7D89CA9874CE}D:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [UDP Query User{7C4ED888-1FF2-4BC2-AFC5-FADBE245A80F}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{27ECEF1F-3BA5-408E-9365-942DD0019CB7}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{B5E25C3C-619E-4DF7-8CE9-13D3BC92A016}D:\games\call of duty - world at war\codwawmp.exe] => (Allow) D:\games\call of duty - world at war\codwawmp.exe => No File
FirewallRules: [TCP Query User{3688B6D7-87FE-4ACC-AEA5-A2F1D916A656}D:\games\call of duty - world at war\codwawmp.exe] => (Allow) D:\games\call of duty - world at war\codwawmp.exe => No File
FirewallRules: [UDP Query User{B4F8C979-E8D9-4621-99DC-39CB33225CF9}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [TCP Query User{46BC3532-350C-4B08-879B-6CA2D25348B8}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{981D4048-3A8E-466A-8A6E-33CE7E14930B}D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{CEB568B2-B264-4B20-A3AC-1883A3B110CD}D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [UDP Query User{CF9F81C2-2267-47CB-A8D2-7C26F4D9F630}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{4063D162-4AE4-40DF-AFFF-DEAB784CA913}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{EBADD02C-BBC9-4F0F-9F8F-66DE30B15C99}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{0216A500-D61C-46EB-8B32-DE85C9E383D1}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{8FA96D3B-E7E6-45FF-9065-A1D32C49FB38}E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
FirewallRules: [UDP Query User{48AE4541-051A-47BB-8800-EA48B79BD852}E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
FirewallRules: [{B562A4CE-27C2-4D1D-B7E4-3A36C96E0F92}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{304EE8D8-3F5A-49A5-BECF-3575DB29617E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{BAFF4445-C787-451D-ABE8-BDC6E4FAC935}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{A24A1572-C7C5-4B01-B3AC-B0E51B6CE4E8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{4E91C996-AC44-4DBD-B236-80F2EEB400A1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{2F9AC40A-89F9-42DF-8DAC-1E95C36F659E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{E181A739-F50D-47C4-B096-B24A0FE73C69}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{D49FB4CB-2370-485A-B4F9-0F0DBEA5B0ED}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{DF49A91C-5D4E-469B-B7CE-643823718E89}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc → BitTorrent Inc.)
FirewallRules: [{FF74FF6D-CE35-49AF-BCC6-3FE721870BFC}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc → BitTorrent Inc.)
FirewallRules: [{06E27EE6-529B-47B7-B780-C7C90E0ED745}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{191F5EB6-5D65-45FD-A5C3-497B3FE7E194}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{D98FDDD9-F538-49E3-8C37-15C161B58243}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{2A31E666-7087-4A06-95CA-C91D900259B9}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{4213F32C-23B4-45CC-B534-0DF1FE3B2E5D}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{164886CA-B042-419F-9A19-8B2FD218A56B}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{55CCA0CE-89F8-46B3-A341-76D1F41F9389}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [TCP Query User{A945DC9E-537C-4D94-BE0F-5C583BF08EC2}D:\games\need for speed heat\needforspeedheat.exe] => (Allow) D:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{296D16E9-D655-4045-8277-49C46A79C436}D:\games\need for speed heat\needforspeedheat.exe] => (Allow) D:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{052E67D2-1DEF-4EF8-A9C6-0474F5E19FB8}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{A272DE0D-1538-40C5-8009-DFECDAE829F0}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{08784593-E73B-4C4B-BE0B-7BCE48CF8476}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{AF409DEC-2DB2-4B0C-B6C9-750C36ADA323}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{E5FBC816-AC93-40F4-B865-10090B2324FE}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [UDP Query User{14DBF5DF-3D0A-4F40-A274-B342EA877FF0}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [TCP Query User{688E2E3D-AAFB-40FA-9D31-39E89F90AC8F}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [UDP Query User{95A5A608-C279-42A9-ADE4-D68320D5B4CD}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [TCP Query User{F5917260-8A37-4CF4-80D9-066BEF8509A2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{B2C71823-5E92-4AA9-BC02-D15A42562402}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{404A6B72-A68D-4603-8F4C-46CF062CDD13}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{474F5B6E-7604-49E4-89B7-5EC033D01880}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{4A0FDF09-C814-4D16-8B2B-311A6B34D8BE}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{088B53CC-385E-4375-8986-0D21D16223F9}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{1739FFA1-65B5-4DA9-AAE0-AE9BDAAF28A2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{2EA08748-D7F4-4FF0-8843-A97F80082E6E}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{67879EC0-7F45-43E2-A1BE-6E172D789D8E}E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
FirewallRules: [UDP Query User{911A7058-14F7-469B-B8F3-AAF9868BD92B}E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
FirewallRules: [TCP Query User{F338CC62-138A-4312-916E-1A7175017E8C}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{3902C0A1-9C7B-4A41-AC27-62391E508EC2}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{0F56E17D-578F-4D7D-A730-0F0B080E1139}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [UDP Query User{02FE9A59-75D1-4B09-810C-BAE04F5E68BD}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [TCP Query User{82549B22-3496-4A57-9AD6-883C97470EFD}G:\games\call of duty - world at war\codwaw.exe] => (Allow) G:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{575F1E90-FC88-48C5-A116-C87C21E942DD}G:\games\call of duty - world at war\codwaw.exe] => (Allow) G:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [{868539F8-B2F4-44DB-AA82-C1B99DCC3AE9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
FirewallRules: [{F2000940-5EE3-4319-B89D-93FB90F55851}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
FirewallRules: [TCP Query User{FCF10B71-8708-4A5A-B4C2-1C88081325DD}G:\games\epic games\gtav\gta5.exe] => (Allow) G:\games\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{DFBA9E29-CF2C-4602-9AFB-5F05A40658DB}G:\games\epic games\gtav\gta5.exe] => (Allow) G:\games\epic games\gtav\gta5.exe => No File
FirewallRules: [{47A73207-3BA6-4617-9183-C3E577806E1B}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{695AA84C-C6F1-44FE-8A8B-7618020CBD29}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{C41F783A-62C6-47A9-8B25-EA25514E98F3}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{CC70A4A5-D07B-4BF0-993C-EB4F4D8E00CC}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{EA7AEB47-F243-4E32-A7F7-283E5B034C33}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{EB743446-677D-4E57-9163-574EEE2191E6}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{77FC2787-94C0-401A-8017-4937626ABB15}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{077ECFA9-D03C-48B1-A262-0305C940FE98}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{7CA8893A-BD42-4A46-BB93-B77E47B0D3B2}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{246D140C-9362-471F-9378-FFDBA944F763}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{75B3F4BD-8A15-4F76-B3A8-A87D82722CF0}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{73F30F65-AE19-4C2B-AE1C-DE4AF1996A00}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{907EDA94-129E-4E08-94F2-B3D0FD5A5DEA}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{7F5EAC2E-9BFB-4AEE-AE7A-231CFB2197B7}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{ED348C74-04D7-4833-8A83-B1461AD0B438}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{B6F7D6F6-8E19-443B-815C-18AF3CAE6958}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{BE1C6A13-DA3A-46BD-A88A-874C083EE926}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{FA1E39E1-6A96-4BB8-AC9C-EE2E4B67EF9E}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{DBDFA9E9-8495-40B3-A85E-B08396CC5B84}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{A27B01A1-3CB8-49D1-9561-8DF592C30BC3}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{7D9704AE-8F10-499D-A17C-494D69BE8B1A}] => (Allow) C:\Program Files\Huawei\PCManager\WeLook.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{A366E840-6FA3-46F7-8BA4-BC0DE8F5EA51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{B936A21D-4D1B-4007-9CE3-2A57C9687689}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{18E9511D-46B7-4AF6-B5A7-246DC43E1FD0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7C927E17-F6A0-4FF0-8A51-60413B2D3297}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{33F23815-FBA9-4F0E-AD13-86CEA1F3A12B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0F54CC9A-62FA-4252-A806-03BE91226BD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{55452FB0-B240-44E1-ABE9-353B866A3337}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{80039718-1023-4E22-9EE4-4AC364E70D2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{644642DF-CAEF-47FF-9E40-0470941187AA}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3BB5B344-A168-41FE-BC38-696315D9485D}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0B369198-1A59-4B7F-B0BC-46C9EFAD6998}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{93358649-8692-4B9B-BFD5-CF3A5462AF41}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3221B027-1D2C-4539-A3EB-7B37128F8051}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{96CA939F-6DAD-40A1-B381-68E0F1356FF3}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7C526CC0-51BE-429B-B68D-774591ADD0C9}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{DD682023-17D4-4D26-8649-59378350961A}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6D73BF28-7E09-469D-AC55-6B6BA3B07165}] => (Allow) G:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe => No File
FirewallRules: [{08B6734A-AD50-4CC9-A5AC-11BABE336224}] => (Allow) G:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe => No File
FirewallRules: [TCP Query User{3518FD20-0E74-4BCB-B848-9C4457DC352C}C:0\games\epic games\gtav\gta5.exe] => (Allow) C:0\games\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{901B7417-78B6-44AB-BC9E-84080A7A6BD9}C:0\games\epic games\gtav\gta5.exe] => (Allow) C:0\games\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{6E18A220-0088-40AB-BC50-A213E8CF5608}C:4\games\epic games\gtav\gta5.exe] => (Allow) C:4\games\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{CAEBC1F0-DE91-401C-9B66-1805EEE89BD0}C:4\games\epic games\gtav\gta5.exe] => (Allow) C:4\games\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{95F4086A-76EA-400E-86AA-86889102979E}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{754DE51B-2ECA-4221-B4A2-C12D1625CCC2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{E8CFD126-90D3-40C1-B8D7-E06FFD558F15}C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe (Discord Inc. → Discord Inc.)
FirewallRules: [UDP Query User{61E94D63-A178-41EF-9D53-2012B3394D0D}C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe (Discord Inc. → Discord Inc.)
FirewallRules: [{2EA198D2-F5CF-4D21-A571-02146DBDD8D3}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{E76499F9-0013-4AD2-92F4-24818FD67E3D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{45187A72-1DCD-44B4-8BB9-4242BD246879}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{5D43B417-5712-4C53-9794-FBCEEB050768}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation → )
FirewallRules: [{7FE08657-F96A-4A49-B769-4DD6948BC24D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation → )
FirewallRules: [{2DAA5A39-D37F-43EC-BE02-D79E3B8022A3}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation → )
FirewallRules: [{F9B8995A-E3A9-4E03-9241-99B8D9976B43}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation → )
FirewallRules: [{AF8FB3BD-94FF-4513-8DCD-1273528467A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{1D202A49-808B-4E8E-94F3-8BC9663D15C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{4279B845-E4FE-445B-A3D3-DFEAC4376956}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{D7335225-4EBC-46E7-A867-17D1DDB80472}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{C3E03410-CD02-467D-8836-FC6DFCA423D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{6E7899CD-FBCB-45F0-81DB-BC84E6EB1C69}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{746F3AD2-4DEF-47A8-930B-986DB7FA6BAE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{8D470BA2-B31F-4B3C-8BD5-16FE43DD4BF8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{F83340B9-0207-43BA-94C4-1AFE3FB664CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{754488E5-D738-4C1E-80B2-EC0008AB3185}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{3CCA5E02-682A-415F-925A-3CE189952D21}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{E84E577A-7754-4173-9F2B-46DE2F87A8B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{9100DA5C-5B5E-4108-9547-FF05EDBB0E8B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{370A3BB0-CACE-4D7A-8B86-FAD7C0F84657}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{4A13457D-585C-4564-8D5F-335639EDC997}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{077579CC-4FEC-4CA2-9ED1-AB1851B9E4EF}] => (Allow) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:461.23 GB) (Free:252 GB) (55%)

==================== Faulty Device Manager Devices ============

Name: Virtual Display Device
Description: Virtual Display Device
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Huawei
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (07/04/2023 10:36:47 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failure response trying to get MPS Discovery Endpoint from MS Graph. HttpStatus=12007, TraceId: mcpmanagementservice.dll

Error: (07/04/2023 02:35:32 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: DisplaySwitch.exe, version: 10.0.22621.1928, time stamp: 0x64ba1e96
Faulting module name: DisplaySwitch.exe, version: 10.0.22621.1928, time stamp: 0x64ba1e96
Exception code: 0xc0000409
Fault offset: 0x000000000001d7b2
Faulting process id: 0x0x4590
Faulting application start time: 0x0x1d9ae6ba3ffb97e
Faulting application path: C:\WINDOWS\system32\DisplaySwitch.exe
Faulting module path: C:\WINDOWS\system32\DisplaySwitch.exe
Report Id: 7be7d9d9-059c-494a-b970-976d04f93237
Faulting package full name:
Faulting package-relative application ID:

Error: (07/03/2023 09:51:50 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-BQN0JE4L$ via https://intc-keyid-b066d9697f5d3a07b425c10f587cceecf16ffe58.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(15ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
[HEADING=1]System errors:[/HEADING]
Error: (07/06/2023 03:31:48 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {09488615-b6d1-4e7d-beb0-98da4ac09c15}, had event 74

Error: (07/04/2023 09:19:12 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-BQN0JE4L)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (07/04/2023 09:17:31 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {09488615-b6d1-4e7d-beb0-98da4ac09c15}, had event 74

Error: (07/04/2023 02:16:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/04/2023 02:16:20 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-BQN0JE4L)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (07/03/2023 10:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/03/2023 09:51:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/03/2023 09:51:40 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2023-07-04 14:17:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-03 22:10:46
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\protected_elam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: HUAWEI 1.18 11/02/2022
Motherboard: HUAWEI BOD-WXX9-PCB
Processor: 11th Gen Intel(R) Core™ i5-1135G7 @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 16183.3 MB
Available physical RAM: 9744.48 MB
Total Virtual: 17207.3 MB
Available Virtual: 10730.15 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:461.23 GB) (Free:252 GB) (Model: WDC PC SN730 SDBPNTY-512G-1027) NTFS

\?\Volume{9a0dabee-9acc-4d60-be69-c3079cfd1a82}\ (WINPE) (Fixed) (Total:0.5 GB) (Free:0.13 GB) FAT32
\?\Volume{494f1438-4524-4393-8a1c-323bdd1f24ec}\ (Onekey) (Fixed) (Total:14 GB) (Free:1.77 GB) NTFS
\?\Volume{b395fef3-abfd-4d8e-a4a8-4a1a0f71ea08}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.35 GB) NTFS
\?\Volume{0a1fd3ba-eb4e-4d8d-83e7-d6538410e931}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.14 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================
                  [/HEADING]

                    Comment

                    • Malnutrition
                      PCHF Moderator
                      • Jul 2016
                      • 7045
                      #6
                      these logs take while to go over, while I check them please run these two tools. I will check everything when I return from work tomorrow. I had a really late day today and I’m a bit tired.

                      Adware Cleaner

                      [ul]
                      [li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select, Run as Administrator[/li][li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]

                      Download Malwarebytes v.4 . Install and run.
                      [ul]
                      [li]Once the MBAM dashboard opens, click on Settings (gear icon).[/li][li]Click on Security tab and make sure that all four Scan options are enabled.[/li][li]Close Settings and click on the Scan button on the dashboard.[/li][li]Once the scan is completed make sure you have it quarantine any detections it finds.[/li][li]If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.[/li][li]If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/li][li]If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.[/li][/ul]

                        Comment

                        • taimrarchy
                          PCHF Member
                          • Jul 2023
                          • 38
                          #7
                          Adware Cleaner logs:

                          Scan:

                          Code:
                          # -------------------------------
[HEADING=1]Malwarebytes AdwCleaner 8.4.0.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 08-30-2022[/HEADING]
[HEADING=1]Database: 2022-10-10.1 (Cloud)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Scan[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 07-06-2023[/HEADING]
[HEADING=1]Duration: 00:00:05[/HEADING]
[HEADING=1]OS: Windows 11 (Build 22621.1928)[/HEADING]
[HEADING=1]Scanned: 32085[/HEADING]
[HEADING=1]Detected: 12[/HEADING]
***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\ProgramData\Tencent
PUP.Optional.Legacy C:\Users\tzahi\AppData\Local\Tencent
PUP.Optional.Legacy C:\Users\tzahi\AppData\Roaming\Tencent
PUP.Optional.Legacy C:\Users\tzahi\Documents\TotalAV
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\Software\Classes\totalav

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Clean:
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Malwarebytes AdwCleaner 8.4.0.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 08-30-2022[/HEADING]
[HEADING=1]Database: 2022-10-10.1 (Cloud)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 07-06-2023[/HEADING]
[HEADING=1]Duration: 00:00:01[/HEADING]
[HEADING=1]OS: Windows 11 (Build 22621.1928)[/HEADING]
[HEADING=1]Cleaned: 12[/HEADING]
[HEADING=1]Failed: 0[/HEADING]
***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\SecuritySuite
Deleted C:\ProgramData\Tencent
Deleted C:\Users\tzahi\AppData\Local\Tencent
Deleted C:\Users\tzahi\AppData\Roaming\Tencent
Deleted C:\Users\tzahi\Documents\TotalAV
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.
[HR][/HR]
[+] Delete Tracing Keys
[+] Reset Winsock
[HR][/HR]
AdwCleaner[S00].txt - [2353 octets] - [06/07/2023 11:44:26]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

                            Comment

                            • taimrarchy
                              PCHF Member
                              • Jul 2023
                              • 38
                              #8
                              MalwareBytes Scan log:

                              Malwarebytes
                              www.malwarebytes.com

                              -Log Details-
                              Scan Date: 7/6/23
                              Scan Time: 11:52 AM
                              Log File: 7f0937a0-1bda-11ee-89ed-9c2976227bbb.json

                              -Software Information-
                              Version: 4.5.32.271
                              Components Version: 1.0.2051
                              Update Package Version: 1.0.71989
                              License: Trial

                              -System Information-
                              OS: Windows 11 (Build 22621.1928)
                              CPU: x64
                              File System: NTFS
                              User: LAPTOP-BQN0JE4L\tmmrcy

                              -Scan Summary-
                              Scan Type: Threat Scan
                              Scan Initiated By: Manual
                              Result: Completed
                              Objects Scanned: 323474
                              Threats Detected: 17
                              Threats Quarantined: 0
                              Time Elapsed: 3 min, 31 sec

                              -Scan Options-
                              Memory: Enabled
                              Startup: Enabled
                              Filesystem: Enabled
                              Archives: Enabled
                              Rootkits: Enabled
                              Heuristics: Enabled
                              PUP: Detect
                              PUM: Detect

                              -Scan Details-
                              Process: 0
                              (No malicious items detected)

                              Module: 0
                              (No malicious items detected)

                              Registry Key: 4
                              Trojan.VMProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Windows Service Task, No Action By User, 10618, 1100445, , , , , ,
                              Trojan.VMProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{74BD4F6 A-54CF-4A9E-A8A5-B3328ED7AA71}, No Action By User, 10618, 1100445, , , , , ,
                              Trojan.VMProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON{74BD4F6 A-54CF-4A9E-A8A5-B3328ED7AA71}, No Action By User, 10618, 1100445, , , , , ,
                              PUP.Optional.BundleInstaller, HKU\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNI NSTALL\uTorrent, No Action By User, 101, 1159036, , , , , ,

                              Registry Value: 0
                              (No malicious items detected)

                              Registry Data: 2
                              PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, 5213, 293295, 1.0.71989, , ame, , ,
                              PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, 5213, 293296, 1.0.71989, , ame, , ,

                              Data Stream: 0
                              (No malicious items detected)

                              Folder: 0
                              (No malicious items detected)

                              File: 11
                              Generic.Malware.AI.DDS, C:\WINDOWS\WINDOWS.EXE, No Action By User, 1000002, 0, 1.0.71989, CA8B054D746C8A240ECD208D, dds, 02372142, 191889F89632EB2C5AC974C87E00944F, 842FD831650AFCD15752365897DEA0D09BBF9691E041DF59B6 D6B7F7CE959719
                              PUP.Optional.BundleInstaller, C:\USERS\TZAHI\APPDATA\LOCAL\TEMP\UTORRENT\UTORREN T.EXE, No Action By User, 101, 1121241, 1.0.71989, , ame, , AFB8DA816160569CD3B775CCA5F51C04, EA0AEE60237ADCB585B9346D2C5CDFE786DEFB9451114550E4 93C74A5AC659A3
                              Trojan.VMProtect, C:\WINDOWS\SYSTEM32\TASKS\Windows Service Task, No Action By User, 10618, 1100445, , , , , 01D789B37F7BEF1CCA8B29F46541EDBA, F1A28EE8388F654ED840143BE227948344663B1B0340E08C41 207C4F24DF9886
                              Trojan.VMProtect, C:\USERS\TZAHI\APPDATA\LOCAL\UPDATES\WINDOWSSERVIC E.EXE, No Action By User, 10618, 1100445, 1.0.71989, , ame, , 1D7D93FA84BA7C5A5C8B1D62ACBB048D, 6D346056C766ED477967601425A4D162D15D429977910083C8 A8BDD0D0C1C005
                              PUP.Optional.BundleInstaller, C:\USERS\TZAHI\APPDATA\ROAMING\UTORRENT\UPDATES\3. 5.5_46200.EXE, No Action By User, 101, 1107212, 1.0.71989, , ame, , 7C4F15EA0F16F5BFD2E868D70ADED600, D91E240254EBB233F7F23FA1AFE91C12089EED919E9FF85E4C B7A8AEB04B5A51
                              PUP.Optional.BundleInstaller, C:\USERS\TZAHI\APPDATA\ROAMING\UTORRENT\UPDATES\3. 6.0_46672.EXE, No Action By User, 101, 1121241, 1.0.71989, , ame, , 437ED8763AE1A4D9FA62F3643927CCC6, 94D24CAD6B8E158DF73247376A420291E2D954CE387E4A6665 670A4E8E586EE3
                              PUP.Optional.BundleInstaller, C:\USERS\TZAHI\APPDATA\ROAMING\UTORRENT\UPDATES\UT ORRENT.EXE, No Action By User, 101, 1159036, 1.0.71989, , ame, , 1009E138A3EDEEF04EC3A0C3BDDFDF20, 962CA30406E010630CC520C1B63233C8D67CDAB34C4E389DD1 6CF4957B938D91
                              PUP.Optional.BundleInstaller, C:\USERS\TZAHI\APPDATA\ROAMING\UTORRENT\UPDATES\3. 5.5_46348.EXE, No Action By User, 101, 1086270, 1.0.71989, , ame, , 600F20ABCC1FA9F5BDA0965D07B6855D, 7D89A16FC0D3AFA3CD78CC51E7AE6A81343CB14DE6FDCA9325 142DECA5133515
                              PUP.Optional.BundleInstaller, C:\USERS\TZAHI\APPDATA\ROAMING\Microsoft\Windows\S tart Menu\Programs\µTorrent.lnk, No Action By User, 101, 1159036, , , , , 481CB4D4E91A6F5B34114B387C395F55, E7F4D52E7577F22F4855152A16D6924024E7AAAACD4D6A65D5 819C0184F904A8
                              PUP.Optional.BundleInstaller, C:\USERS\TZAHI\APPDATA\ROAMING\UTORRENT\UTORRENT.E XE, No Action By User, 101, 1159036, 1.0.71989, , ame, , 1009E138A3EDEEF04EC3A0C3BDDFDF20, 962CA30406E010630CC520C1B63233C8D67CDAB34C4E389DD1 6CF4957B938D91
                              PUP.Optional.BundleInstaller, C:\USERS\TZAHI\APPDATA\ROAMING\UTORRENT\UPDATES\3. 6.0_46828.EXE, No Action By User, 101, 1159036, 1.0.71989, , ame, , DFD23FC093EA4848DE94E22F5E1D8B97, CB0A5796E30F42DE3736DABF5E3B2C5244A3D12A5323B9B240 F1CF67E7C31B1A

                              Physical Sector: 0
                              (No malicious items detected)

                              WMI: 0
                              (No malicious items detected)

                              (end)

                                Comment

                                • Malnutrition
                                  PCHF Moderator
                                  • Jul 2016
                                  • 7045
                                  #9
                                  Please re-run malwarebytes and this time make sure to quarantine all items. Post the new logs. These items need to be removed before we proceed.

                                    Comment

                                    • taimrarchy
                                      PCHF Member
                                      • Jul 2023
                                      • 38
                                      #10
                                      Malwarebytes
                                      www.malwarebytes.com

                                      Code:
                                      -Log Details-
Scan Date: 7/7/23
Scan Time: 3:56 PM
Log File: a45324da-1cc5-11ee-b917-9c2976227bbb.json

-Software Information-
Version: 4.5.32.271
Components Version: 1.0.2051
Update Package Version: 1.0.72045
License: Trial

-System Information-
OS: Windows 11 (Build 22621.1928)
CPU: x64
File System: NTFS
User: LAPTOP-BQN0JE4L\tmmrcy

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 323621
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 2 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 2
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, 5211, 293295, 1.0.72045, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, 5211, 293296, 1.0.72045, , ame, , ,

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

                                        Comment

                                        • Malnutrition
                                          PCHF Moderator
                                          • Jul 2016
                                          • 7045
                                          #11
                                          I suggest a full scan with Kaspersky.
                                          Disable Defender …
                                          Download and run a full scan with the Kaspersky Virus Removal tool.
                                          Accept the terms.
                                          Click Change Parameters.
                                          Select the System drive.
                                          All volumes.
                                          Click OK, start Scan.
                                          Report any detections here.

                                          [IMG alt=“Capture.PNG”]https://pchelpforum.net/attachments/capture-png.9392/[/IMG]

                                            Comment

                                            • Malnutrition
                                              PCHF Moderator
                                              • Jul 2016
                                              • 7045
                                              #12
                                              Once you have done this, please re run FRST and post both new logs and I will make a fix list to clean anything remaining .

                                                Comment

                                                • Malnutrition
                                                  PCHF Moderator
                                                  • Jul 2016
                                                  • 7045
                                                  #13
                                                  Also, this week has been hectic. So I’ll be able to sit down and make a script for you Sunday morning that will clean things up. Really busy at work, and I will have free time to fix you up now. ???

                                                    Comment

                                                    • taimrarchy
                                                      PCHF Member
                                                      • Jul 2023
                                                      • 38
                                                      #14
                                                      Sorry for the late reply I have been travelling this week because it’s summer so I didn’t get time to check the forum. It’ll still take me sometime to do what you’ve asked of me because the Wi-Fi is pretty bad here, so your patience is appreciated. I’ll update you as soon as I get the scan done. Thanks again!

                                                        Comment

                                                        • Malnutrition
                                                          PCHF Moderator
                                                          • Jul 2016
                                                          • 7045
                                                          #15
                                                          No problem, thanks for the update. ???

                                                            Comment

                                                            Previous 1 2 3 4 5 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree