Malware removal / windows security is not launching

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Malnutrition
    PCHF Moderator
    • Jul 2016
    • 7041

    #16
    @taimrarchy

    Copy the content of the code box below.
    [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
    Right Click FRST and run as Administrator.
    Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
    Attach it to your next message.
    Code:
    start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
    Task: {6DEF4AB9-144A-495D-82D7-9170E5329F5D} - System32\Tasks\Window Update => C:\Users\tzahi\AppData\Local\Updates\Run.vbs [1015 2022-05-09] () [File not signed] <==== ATTENTION
    Task: {74BD4F6A-54CF-4A9E-A8A5-B3328ED7AA71} - System32\Tasks\Windows Service Task => C:\Users\tzahi\AppData\Local\Updates\WindowsService.exe [5581312 2022-05-11] () [File not signed] <==== ATTENTION
    R3 ALSysIO; C:\Users\tzahi\AppData\Local\Temp\ALSysIO64.sys [47240 2023-07-04] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
    C:\Users\tzahi\AppData\Local\Temp\ALSysIO64.sys
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\Run: [] => [X]
    S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
    S4 WdBoot; \SystemRoot\system32\drivers\wd\WdBoot.sys [X]
    S4 WdFilter; \SystemRoot\system32\drivers\wd\WdFilter.sys [X]
    S4 WdNisDrv; system32\drivers\wd\WdNisDrv.sys [X]
    S3 WmFilter; \SystemRoot\system32\drivers\WmFilter.sys [X]
    HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
    Task: {42FE7CEB-8F85-4C25-95A6-4BD0F736AAC7} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [200704 2023-05-12] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
    Task: {6DEF4AB9-144A-495D-82D7-9170E5329F5D} - System32\Tasks\Window Update => C:\Users\tzahi\AppData\Local\Updates\Run.vbs [1015 2022-05-09] () [File not signed] <==== ATTENTION
    Task: {74BD4F6A-54CF-4A9E-A8A5-B3328ED7AA71} - System32\Tasks\Windows Service Task => C:\Users\tzahi\AppData\Local\Updates\WindowsService.exe [5581312 2022-05-11] () [File not signed] <==== ATTENTION
    Task: {A976026E-4D8C-469E-AEFF-3F088580BC8B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
    Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
    Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
    Task: {E3A30FA9-D4F7-476E-85D1-09C722F93023} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
    Task: {F6A39165-6DE6-464C-8918-7E05503ED911} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
    Task: {BD2A0C06-9B8F-41A6-A561-6C469C93768F} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002472 2023-03-28] (Intel Corporation -> Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{0e1db6e2-967c-4181-ad20-1a7c8debc340}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{f8d21a67-f548-45c5-a7aa-e808c1aba960}: [DhcpNameServer] 40.42.1.13
    S3 UniFairy_x64; C:\WINDOWS\system32\drivers\UniFairy_x64.sys [8209904 2022-07-05] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
    S3 unirsdt; C:\WINDOWS\system32\drivers\unirsdt.sys [6166504 2022-09-22] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
    C:\WINDOWS\system32\drivers\UniFairy_x64.sys
    C:\WINDOWS\system32\drivers\unirsdt.sys
    U4 MsSecFlt; no ImagePath
    U4 Sense; no ImagePath
    U4 SgrmAgent; no ImagePath
    U4 SgrmBroker; no ImagePath
    2021-09-05 05:08 - 2021-09-05 05:08 - 000000128 ____H () C:\Users\tzahi\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
    C:\Users\tzahi\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
    AlternateDataStreams: C:\Recovery:err [1590]
    AlternateDataStreams: C:\ProgramData\droidcam-client-options-v2:8329C6407A [10]
    AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [10]
    AlternateDataStreams: C:\ProgramData\droidcam.log:ADD74D6E12 [10]
    AlternateDataStreams: C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6:2EA0371A72 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net.lnk:E2208A86CD [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DroidCam Client.lnk:96D1DD3380 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF.lnk:4851378599 [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Cam 8.lnk:6991C8B2BC [10]
    AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP DeskJet 2130 series.lnk:25ED2E7AB7 [10]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2734]
    SearchScopes: HKU\S-1-5-21-516455074-3529725477-31475253-1001 -> DefaultScope {D070BD48-05DB-4F29-BB4E-FCEA17667687} URL =
    SearchScopes: HKU\S-1-5-21-516455074-3529725477-31475253-1001 -> {D070BD48-05DB-4F29-BB4E-FCEA17667687} URL =
    FirewallRules: [UDP Query User{EA28C9BF-57C5-43E3-A2F1-CCBA70771B67}G:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) G:\games\scrap mechanic\release\scrapmechanic.exe => No File
    FirewallRules: [TCP Query User{EB19FCAB-5755-47FD-B469-2AC6B697F463}G:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) G:\games\scrap mechanic\release\scrapmechanic.exe => No File
    FirewallRules: [UDP Query User{B5F0B45F-121A-4751-8BCA-446A8D83452A}G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe] => (Allow) G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe => No File
    FirewallRules: [TCP Query User{AD6655D5-D0F0-4383-9CFF-B4CF0DA2FF31}G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe] => (Allow) G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe => No File
    FirewallRules: [UDP Query User{F628B4F6-1D8D-45A0-9E94-7CF81819442B}G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
    FirewallRules: [TCP Query User{A0BCCD4D-9A5B-4B0B-A7F2-A0786144B0BF}G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
    FirewallRules: [UDP Query User{C6452449-CB73-4359-A274-18F6844A794E}G:\games\epic games\fallguys\fallguys_client_game.exe] => (Block) G:\games\epic games\fallguys\fallguys_client_game.exe => No File
    FirewallRules: [TCP Query User{4D4716CE-B023-4059-8BB5-69109DE13CD6}G:\games\epic games\fallguys\fallguys_client_game.exe] => (Block) G:\games\epic games\fallguys\fallguys_client_game.exe => No File
    FirewallRules: [UDP Query User{0079DD27-BE20-40EF-96B7-B041B8C38B42}C:8\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:8\games\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [TCP Query User{8290BD0F-9C0D-4C57-B4E6-6BD9F1BF4979}C:8\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:8\games\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [UDP Query User{EC880E9B-6339-4142-A9DF-195CF4B7F548}C:4\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:4\games\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [TCP Query User{7455CCF7-4821-46E1-9AC4-99DAAC1ED0C9}C:4\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:4\games\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [UDP Query User{86A1D011-AF02-4E84-905B-041E00021A8E}G:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [TCP Query User{FD82AA22-29D1-463E-BEA6-B6BCFFE9B6F6}G:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [UDP Query User{91A86FBF-F7E3-4D90-8B48-AB7AE27860E5}C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe => No File
    FirewallRules: [TCP Query User{D7262939-48C9-4911-9D26-FC73EBD360B3}C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe => No File
    FirewallRules: [{01148211-9260-478B-BFBE-BEBF656A6723}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
    FirewallRules: [{C6947DE2-5C0B-473A-8EEC-87C982DD0923}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
    FirewallRules: [{DDCD9EDB-FA3F-4A35-A805-FFDE8C260241}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
    FirewallRules: [{C6A1318C-2AA9-4295-B067-F1E127337781}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
    FirewallRules: [{B85120DE-6858-4F4F-9A5C-04534AC5DB19}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
    FirewallRules: [{51474B11-90B4-42F4-BA7B-2F0EF0E2EBA6}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
    FirewallRules: [UDP Query User{6E76F11A-31FD-47D9-808C-DC26B315FB10}G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File
    FirewallRules: [TCP Query User{D74A2248-60C0-4216-BC08-9EC19356DCC4}G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File
    FirewallRules: [{DF69DABD-6F13-4E02-B946-3434A01E33D3}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
    FirewallRules: [{7B70BD56-3B0F-434B-ABF3-FC98622B5050}] => (Allow) G:\\Nox\bin\Nox.exe => No File
    FirewallRules: [{9EB7B4F0-A658-4C3C-8826-10F4D6FDCEE0}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
    FirewallRules: [{0AC01DF3-1247-44E6-9ACB-C344CC07ABCE}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
    FirewallRules: [{B17DD100-466D-4D6A-9761-32E58F86D229}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\launcher.exe => No File
    FirewallRules: [{21132FD2-9F3A-446C-A5C4-26A2E43892C5}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\launcher.exe => No File
    FirewallRules: [{2218EC88-AB59-40E2-8429-C7901D99CB2C}] => (Allow) C:6\Games\Apex\EasyAntiCheat_launcher.exe => No File
    FirewallRules: [{D80405D4-2D08-47F3-93C3-E289D250F4DF}] => (Allow) C:6\Games\Apex\EasyAntiCheat_launcher.exe => No File
    FirewallRules: [UDP Query User{B67C447F-BB5D-45A2-81D9-F74B8A9638DE}C:0\games\alienisolation\ai.exe] => (Allow) C:0\games\alienisolation\ai.exe => No File
    FirewallRules: [TCP Query User{0F2EE437-3297-4AD6-9036-C68B225E1ED2}C:0\games\alienisolation\ai.exe] => (Allow) C:0\games\alienisolation\ai.exe => No File
    FirewallRules: [UDP Query User{6B9146FE-1C34-4923-AEF8-2C7854C53F6A}C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
    FirewallRules: [TCP Query User{40B18058-B3EA-410C-AABC-67F7B0CE5A76}C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
    FirewallRules: [{AF31A34F-3AE4-4177-852C-FB25F9EA6512}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe => No File
    FirewallRules: [{670A6739-0E4B-4FA0-B399-AFA9BF3DCCEB}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe => No File
    FirewallRules: [{F7D4E450-DA93-4EE0-8A49-71E56D22956B}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
    FirewallRules: [{48D7F757-F925-4334-9406-86D65CEEDF92}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
    FirewallRules: [UDP Query User{C9823F84-1984-4090-907F-DC3702EE5C3C}G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
    FirewallRules: [TCP Query User{9B1C125E-F31B-4EB1-A660-4A42AD0031B8}G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
    FirewallRules: [UDP Query User{8D778748-74C2-4A53-8246-F355CDB36559}D:\games\thealtocollection\the alto collection.exe] => (Allow) D:\games\thealtocollection\the alto collection.exe => No File
    FirewallRules: [TCP Query User{BE086E0D-5C43-4C1F-9345-8CFBB02837E0}D:\games\thealtocollection\the alto collection.exe] => (Allow) D:\games\thealtocollection\the alto collection.exe => No File
    FirewallRules: [UDP Query User{93616156-6050-4782-9135-382098F0125B}C:\users\tzahi\downloads\_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe] => (Allow) C:\users\tzahi\downloads\_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe => No File
    FirewallRules: [TCP Query User{F2376F81-F25A-4240-9DA7-074BED35B83A}C:\users\tzahi\downloads\_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe] => (Allow) C:\users\tzahi\downloads\_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe => No File
    FirewallRules: [UDP Query User{9ADC7A0D-6B8A-4780-AD91-F58B0AF10FE3}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
    FirewallRules: [TCP Query User{4DD82B7C-7456-4F85-AC55-594AC94FF4F9}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
    FirewallRules: [{5240E39F-9644-4A12-BD38-D757DE5CDE3B}] => (Allow) C:\Program Files\Huawei\PCManager\HWVCR.exe => No File
    FirewallRules: [UDP Query User{C5CC5E83-9AE7-430E-8A69-893AAB721002}G:\games\alienisolation\ai.exe] => (Allow) G:\games\alienisolation\ai.exe => No File
    FirewallRules: [TCP Query User{13C379D5-EDCE-4E1F-AAA7-7056FB3B1656}G:\games\alienisolation\ai.exe] => (Allow) G:\games\alienisolation\ai.exe => No File
    FirewallRules: [{BFDC8DDA-B806-4CFA-936F-74361414B688}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
    FirewallRules: [{D349103B-4285-496E-9CB5-0D02ACF2C655}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
    FirewallRules: [{3E641BF7-7B82-4104-AE0B-9DB957AD3993}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
    FirewallRules: [{D4E98496-5FB9-439E-84B8-CA29C65E524D}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
    FirewallRules: [UDP Query User{032F130F-CE2D-4F0B-9689-EA25664C3B61}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
    FirewallRules: [TCP Query User{2E72795F-2FCB-4F29-9BC2-918C792784CE}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
    FirewallRules: [UDP Query User{96736BC3-6EAF-4D40-9749-EDDA9C099D12}C:4\haloinfinite.exe] => (Allow) C:4\haloinfinite.exe => No File
    FirewallRules: [TCP Query User{799FC99B-3EE1-4608-8404-58E4F28D94C1}C:4\haloinfinite.exe] => (Allow) C:4\haloinfinite.exe => No File
    FirewallRules: [UDP Query User{A22BB818-D073-47B3-A13D-9EE73A3A4545}G:\games\need for speed heat\needforspeedheat.exe] => (Allow) G:\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [TCP Query User{F2201F51-2D5A-477A-950E-92DDF6F77CBC}G:\games\need for speed heat\needforspeedheat.exe] => (Allow) G:\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [UDP Query User{9147ECAD-4EA4-4DEB-BF1D-AFA2E046C448}D:\games\halo - combat evolved\halo.exe] => (Allow) D:\games\halo - combat evolved\halo.exe => No File
    FirewallRules: [TCP Query User{19BA2A16-59CB-4748-B66A-B30F21E6F212}D:\games\halo - combat evolved\halo.exe] => (Allow) D:\games\halo - combat evolved\halo.exe => No File
    FirewallRules: [UDP Query User{F36DEEA1-23BF-4B09-B3D4-B174E93CDB1F}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
    FirewallRules: [TCP Query User{896A95CD-3759-4D51-9AF0-D659AA3F8C5B}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
    FirewallRules: [UDP Query User{33AD8D6C-6243-43FD-80BF-F6F245D9FC85}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
    FirewallRules: [TCP Query User{2A7286D4-1DDC-4BDC-8C8D-44F453D2D5AD}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
    FirewallRules: [UDP Query User{6979730F-9FD2-4E15-851D-42273A7836B5}E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
    FirewallRules: [TCP Query User{7FAF4581-5E01-4380-A2AC-6EAAFEA7D2DA}E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
    FirewallRules: [UDP Query User{7D0A512A-8B78-4D8E-8FA4-6866B09C41AA}D:6\games\need for speed heat\needforspeedheat.exe] => (Allow) D:6\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [TCP Query User{A7AEAB1E-82BA-48A9-93F3-A6422090A5CB}D:6\games\need for speed heat\needforspeedheat.exe] => (Allow) D:6\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [UDP Query User{0ACBD6DF-7CCF-4C90-B544-0490AFF45C28}C:8\games\need for speed heat\needforspeedheat.exe] => (Allow) C:8\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [TCP Query User{E076492C-43A7-4F0D-B98F-56C18F280BFC}C:8\games\need for speed heat\needforspeedheat.exe] => (Allow) C:8\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [UDP Query User{34220ABC-610D-48E8-9E83-5077596F3D71}C:0\games\need for speed heat\needforspeedheat.exe] => (Allow) C:0\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [TCP Query User{6C337EA5-260D-44CF-A356-0C9EE5A03E9D}C:0\games\need for speed heat\needforspeedheat.exe] => (Allow) C:0\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [UDP Query User{7474242E-5991-44A3-8A26-8BBFDCD44427}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
    FirewallRules: [TCP Query User{AB423B4E-4F6A-4D37-9175-822D9220F913}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
    FirewallRules: [UDP Query User{20C3997E-BCFB-448B-8B6A-3C2A949E262F}E:\games\need for speed heat\needforspeedheat.exe] => (Allow) E:\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [TCP Query User{633368D0-825A-4931-A016-8C0063235851}E:\games\need for speed heat\needforspeedheat.exe] => (Allow) E:\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [UDP Query User{A3AADF0F-C0D6-4D16-8D97-6D50753F8CDE}E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe] => (Allow) E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [TCP Query User{6F079768-278D-4793-89E7-FFAEA7A20C57}E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe] => (Allow) E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [UDP Query User{492D7C10-DE5B-4F47-A6A7-C509ACC13DAB}E:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) E:\games\scrap mechanic\release\scrapmechanic.exe => No File
    FirewallRules: [TCP Query User{A3E321D0-A618-4D5A-8CBA-D7AEDB6D02A8}E:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) E:\games\scrap mechanic\release\scrapmechanic.exe => No File
    FirewallRules: [{483E1497-5E75-4E0C-9C99-49677EACA549}] => (Allow) C:\Users\tzahi\AppData\Local\Temp\7zS1821\HP.EasyStart.exe => No File
    FirewallRules: [UDP Query User{2BE7F379-EA57-4382-AA63-BDDF28BCC7A7}D:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\games\scrap mechanic\release\scrapmechanic.exe => No File
    FirewallRules: [TCP Query User{6BE017BB-76DD-4F71-BE14-7D89CA9874CE}D:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\games\scrap mechanic\release\scrapmechanic.exe => No File
    FirewallRules: [UDP Query User{B5E25C3C-619E-4DF7-8CE9-13D3BC92A016}D:\games\call of duty - world at war\codwawmp.exe] => (Allow) D:\games\call of duty - world at war\codwawmp.exe => No File
    FirewallRules: [TCP Query User{3688B6D7-87FE-4ACC-AEA5-A2F1D916A656}D:\games\call of duty - world at war\codwawmp.exe] => (Allow) D:\games\call of duty - world at war\codwawmp.exe => No File
    FirewallRules: [UDP Query User{B4F8C979-E8D9-4621-99DC-39CB33225CF9}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
    FirewallRules: [TCP Query User{46BC3532-350C-4B08-879B-6CA2D25348B8}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
    FirewallRules: [UDP Query User{981D4048-3A8E-466A-8A6E-33CE7E14930B}D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe => No File
    FirewallRules: [TCP Query User{CEB568B2-B264-4B20-A3AC-1883A3B110CD}D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe => No File
    FirewallRules: [TCP Query User{EBADD02C-BBC9-4F0F-9F8F-66DE30B15C99}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe => No File
    FirewallRules: [UDP Query User{0216A500-D61C-46EB-8B32-DE85C9E383D1}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe => No File
    FirewallRules: [TCP Query User{8FA96D3B-E7E6-45FF-9065-A1D32C49FB38}E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
    FirewallRules: [UDP Query User{48AE4541-051A-47BB-8800-EA48B79BD852}E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
    FirewallRules: [{4E91C996-AC44-4DBD-B236-80F2EEB400A1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
    FirewallRules: [{2F9AC40A-89F9-42DF-8DAC-1E95C36F659E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
    FirewallRules: [{E181A739-F50D-47C4-B096-B24A0FE73C69}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
    FirewallRules: [{D49FB4CB-2370-485A-B4F9-0F0DBEA5B0ED}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
    FirewallRules: [{191F5EB6-5D65-45FD-A5C3-497B3FE7E194}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{D98FDDD9-F538-49E3-8C37-15C161B58243}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [TCP Query User{2A31E666-7087-4A06-95CA-C91D900259B9}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [UDP Query User{4213F32C-23B4-45CC-B534-0DF1FE3B2E5D}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [TCP Query User{164886CA-B042-419F-9A19-8B2FD218A56B}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
    FirewallRules: [UDP Query User{55CCA0CE-89F8-46B3-A341-76D1F41F9389}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
    FirewallRules: [TCP Query User{A945DC9E-537C-4D94-BE0F-5C583BF08EC2}D:\games\need for speed heat\needforspeedheat.exe] => (Allow) D:\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [UDP Query User{296D16E9-D655-4045-8277-49C46A79C436}D:\games\need for speed heat\needforspeedheat.exe] => (Allow) D:\games\need for speed heat\needforspeedheat.exe => No File
    FirewallRules: [TCP Query User{052E67D2-1DEF-4EF8-A9C6-0474F5E19FB8}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [UDP Query User{A272DE0D-1538-40C5-8009-DFECDAE829F0}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => No File
    FirewallRules: [TCP Query User{08784593-E73B-4C4B-BE0B-7BCE48CF8476}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
    FirewallRules: [UDP Query User{AF409DEC-2DB2-4B0C-B6C9-750C36ADA323}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
    FirewallRules: [TCP Query User{E5FBC816-AC93-40F4-B865-10090B2324FE}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
    FirewallRules: [UDP Query User{14DBF5DF-3D0A-4F40-A274-B342EA877FF0}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
    FirewallRules: [TCP Query User{688E2E3D-AAFB-40FA-9D31-39E89F90AC8F}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
    FirewallRules: [UDP Query User{95A5A608-C279-42A9-ADE4-D68320D5B4CD}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
    FirewallRules: [TCP Query User{67879EC0-7F45-43E2-A1BE-6E172D789D8E}E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
    FirewallRules: [UDP Query User{911A7058-14F7-469B-B8F3-AAF9868BD92B}E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
    FirewallRules: [TCP Query User{F338CC62-138A-4312-916E-1A7175017E8C}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
    FirewallRules: [UDP Query User{3902C0A1-9C7B-4A41-AC27-62391E508EC2}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
    FirewallRules: [TCP Query User{82549B22-3496-4A57-9AD6-883C97470EFD}G:\games\call of duty - world at war\codwaw.exe] => (Allow) G:\games\call of duty - world at war\codwaw.exe => No File
    FirewallRules: [UDP Query User{575F1E90-FC88-48C5-A116-C87C21E942DD}G:\games\call of duty - world at war\codwaw.exe] => (Allow) G:\games\call of duty - world at war\codwaw.exe => No File
    FirewallRules: [{868539F8-B2F4-44DB-AA82-C1B99DCC3AE9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
    FirewallRules: [{F2000940-5EE3-4319-B89D-93FB90F55851}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
    FirewallRules: [TCP Query User{FCF10B71-8708-4A5A-B4C2-1C88081325DD}G:\games\epic games\gtav\gta5.exe] => (Allow) G:\games\epic games\gtav\gta5.exe => No File
    FirewallRules: [UDP Query User{DFBA9E29-CF2C-4602-9AFB-5F05A40658DB}G:\games\epic games\gtav\gta5.exe] => (Allow) G:\games\epic games\gtav\gta5.exe => No File
    FirewallRules: [{A366E840-6FA3-46F7-8BA4-BC0DE8F5EA51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{B936A21D-4D1B-4007-9CE3-2A57C9687689}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{18E9511D-46B7-4AF6-B5A7-246DC43E1FD0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{7C927E17-F6A0-4FF0-8A51-60413B2D3297}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{33F23815-FBA9-4F0E-AD13-86CEA1F3A12B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{0F54CC9A-62FA-4252-A806-03BE91226BD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{55452FB0-B240-44E1-ABE9-353B866A3337}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{80039718-1023-4E22-9EE4-4AC364E70D2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{644642DF-CAEF-47FF-9E40-0470941187AA}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{3BB5B344-A168-41FE-BC38-696315D9485D}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{0B369198-1A59-4B7F-B0BC-46C9EFAD6998}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{93358649-8692-4B9B-BFD5-CF3A5462AF41}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{3221B027-1D2C-4539-A3EB-7B37128F8051}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{96CA939F-6DAD-40A1-B381-68E0F1356FF3}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{7C526CC0-51BE-429B-B68D-774591ADD0C9}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{DD682023-17D4-4D26-8649-59378350961A}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
    FirewallRules: [{6D73BF28-7E09-469D-AC55-6B6BA3B07165}] => (Allow) G:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe => No File
    FirewallRules: [{08B6734A-AD50-4CC9-A5AC-11BABE336224}] => (Allow) G:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe => No File
    FirewallRules: [TCP Query User{3518FD20-0E74-4BCB-B848-9C4457DC352C}C:0\games\epic games\gtav\gta5.exe] => (Allow) C:0\games\epic games\gtav\gta5.exe => No File
    FirewallRules: [UDP Query User{901B7417-78B6-44AB-BC9E-84080A7A6BD9}C:0\games\epic games\gtav\gta5.exe] => (Allow) C:0\games\epic games\gtav\gta5.exe => No File
    FirewallRules: [TCP Query User{6E18A220-0088-40AB-BC50-A213E8CF5608}C:4\games\epic games\gtav\gta5.exe] => (Allow) C:4\games\epic games\gtav\gta5.exe => No File
    FirewallRules: [UDP Query User{CAEBC1F0-DE91-401C-9B66-1805EEE89BD0}C:4\games\epic games\gtav\gta5.exe] => (Allow) C:4\games\epic games\gtav\gta5.exe => No File
    C:\WINDOWS\system32\drivers\etc\hosts
    C:\WINDOWS\system32\drivers\etc\hosts.ics
    Hosts:
    CMD: del /f /s /q %windir%\prefetch\*.*
    CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
    CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
    cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
    cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
    CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
    CMD: ipconfig /flushdns
    C:\Windows\Temp\*.*
    C:\WINDOWS\system32\*.tmp
    C:\WINDOWS\syswow64\*.tmp
    emptytemp:
    Reboot:
    End::
    [/COLOR]

    Comment

    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7041

      #17
      @taimrarchy

      I noticed you logged in without making a reply to this thread, how about an update for us please.

      Comment

      • Bruce
        PCHF Moderator
        • Oct 2017
        • 10697

        #18
        @taimrarchy - do you still need help?
        if no response, this thread will be closed in 48 hours.

        Comment

        • taimrarchy
          PCHF Member
          • Jul 2023
          • 38

          #19
          Sorry for the late reply I am doing the Kaspersky scan as I write this down I’ll do what you’ve asked for right now. Again, sorry for not replying.

          Comment

          • taimrarchy
            PCHF Member
            • Jul 2023
            • 38

            #20
            [ATTACH type=“full”]12407[/ATTACH]

            Comment

            • taimrarchy
              PCHF Member
              • Jul 2023
              • 38

              #21
              FRST:

              Code:
              Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2023
              Ran by tmmrcy (administrator) on LAPTOP-BQN0JE4L (HUAWEI BOD-WXX9) (27-07-2023 19:17:28)
              Running from C:\Users\tzahi\Desktop\PC Help Forum Tings\FRST64.exe
              Loaded Profiles: tmmrcy
              Platform: Microsoft Windows 11 Home Version 22H2 22621.1928 (X64) Language: English (United States)
              Default browser: Edge
              Boot Mode: Normal
              
              ==================== Processes (Whitelisted) =================
              
              (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
              
              (C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
              (C:\Program Files\Huawei\HMS Core\HMSCoreService.exe ->) (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HMS Core\HMSCoreContainer.exe
              (C:\Program Files\Huawei\PCManager\MateBookService.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\HwMdcCenter.exe
              (C:\Program Files\Huawei\PCManager\MateBookService.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe
              (C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\DFSSearchService.exe
              (C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MessageCenterUI.exe
              (C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\PerfWndMonHelper.exe
              (C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\PerfWndMonHelper_x86.exe
              (C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe <6>
              (C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe ->) (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscenter.exe
              (DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxEMN.exe
              (explorer.exe ->) (ALCPU → ALCPU) C:\Program Files\Core Temp\Core Temp.exe
              (HWVEAudioService.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\WINDOWS\System32\HWVEAudioSession.exe
              (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
              (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
              (Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
              (RPC\OSD\osdservice.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\Huawei OSD\OSD_Daemon.exe
              (services.exe ->) (A-Volute SAS → Nahimic) C:\WINDOWS\System32\NahimicService.exe
              (services.exe ->) (Electronic Arts, Inc. → Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
              (services.exe ->) (FOXIT SOFTWARE INC. → Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe
              (services.exe ->) (HP Inc. → HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
              (services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\BasicService\BasicService.exe
              (services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe
              (services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MateBookService.exe
              (services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\WINDOWS\System32\HWVEAudioService.exe
              (services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\WINDOWS\System32\RPC\OSD\osdservice.exe
              (services.exe ->) (Huawei Technologies Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\Hiview\HiviewService.exe
              (services.exe ->) (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HMS Core\HMSCoreService.exe
              (services.exe ->) (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\wucs\WUCSProxyService.exe
              (services.exe ->) (Intel Corporation → ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
              (services.exe ->) (Intel Corporation → ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
              (services.exe ->) (Intel Corporation → Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
              (services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe
              (services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe
              (services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
              (services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3b3ce26993cf233b\IntelCpHDCPSvc.exe
              (services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
              (services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\piecomponent.inf_amd64_0570478011758f12\Intel_PIE_Service.exe
              (services.exe ->) (Intel Corporation → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
              (services.exe ->) (Intel Corporation → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
              (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
              (services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
              (services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
              (services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncHelper.exe
              (services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
              (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher → Fortemedia) C:\WINDOWS\System32\FMService64.exe
              (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher → Goodix) C:\WINDOWS\System32\drivers\SessionService.exe
              (services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4b6fe1c4e6f1d68a\RtkAudUService64.exe <3>
              (sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 → Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
              (svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 → ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.17.0_x64__w2gh52qy24etm\Nahimic3.exe
              (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 → ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2327.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
              (svchost.exe ->) (A-Volute SAS → Nahimic) C:\WINDOWS\System32\NahimicSvc64.exe
              (svchost.exe ->) (A-Volute SAS → Nahimic) C:\WINDOWS\SysWOW64\NahimicSvc32.exe
              (svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 → Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\IGCC.exe
              (svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
              (svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
              (svchost.exe ->) (Microsoft Windows → ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
              (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
              (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe <3>
              (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\LocationNotificationWindows.exe
              (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
              (svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
              (svchost.exe ->) (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe
              
              ==================== Registry (Whitelisted) ===================
              
              (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
              
              HKLM...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4b6fe1c4e6f1d68a\RtkAudUService64.exe [1256520 2021-04-13] (Realtek Semiconductor Corp. → Realtek Semiconductor)
              HKLM...\Run: => 
              HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [739448 2023-03-17] (Oracle America, Inc. → Oracle Corporation)
              HKLM-x32...\Run: [Intel® Arc™ Control] => C:\Program Files\Intel\Intel Arc Control\ArcControl.exe [1529384 2023-06-08] (Intel Corporation → Intel Corporation)
              HKLM-x32...\Run: => 
              HKLM...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q “C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe”
              HKLM...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q “C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe”
              HKLM...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\Installer\setup.exe [3663776 2023-07-27] (Microsoft Corporation → Microsoft Corporation)
              HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
              HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
              HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
              HKLM\Software\Policies...\system: [EnableSmartScreen] 0
              HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607520 2023-07-27] (Microsoft Corporation → Microsoft Corporation)
              HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Run: [MicrosoftEdgeAutoLaunch_2CDA1A8278879F750DEE63BCC2A16BEC] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [4088272 2023-07-21] (Microsoft Corporation → Microsoft Corporation)
              HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Run: => 
              HKLM...\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard → HP Inc.)
              HKLM\Software...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] →
              
              ==================== Scheduled Tasks (Whitelisted) =================
              
              (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
              
              Task: {89C88217-6FE5-472C-A4A5-BA18A1CA5495} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002472 2023-03-28] (Intel Corporation → Intel Corporation)
              Task: {BD2A0C06-9B8F-41A6-A561-6C469C93768F} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002472 2023-03-28] (Intel Corporation → Intel Corporation)
              Task: {F6A39165-6DE6-464C-8918-7E05503ED911} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
              Task: {784AD28D-5B5C-46F3-8AA9-8435056AF512} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-17] (Microsoft Corporation → Microsoft Corporation)
              Task: {974899D4-CE9E-4050-BFDA-3932E40832A1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-17] (Microsoft Corporation → Microsoft Corporation)
              Task: {F3A64BBD-5A2E-424B-9F3C-3C331F2FFBC3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-07-17] (Microsoft Corporation → Microsoft Corporation)
              Task: {0FA93288-9CC7-449F-A57C-2BC2C433C4AC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-07-17] (Microsoft Corporation → Microsoft Corporation)
              Task: {BACC9B00-4A7C-49EC-BC2E-B3F40DFB999D} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [164752 2023-07-06] (Microsoft Corporation → Microsoft Corporation)
              Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
              Task: {A976026E-4D8C-469E-AEFF-3F088580BC8B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
              Task: {E3A30FA9-D4F7-476E-85D1-09C722F93023} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
              Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
              Task: {3C2411E2-875F-4A96-803B-AD1FC43AB975} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [829544 2021-07-02] (A-Volute SAS → Nahimic)
              Task: {A848FA44-1C8C-479F-A946-7E1AC9C29A71} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1088616 2021-07-02] (A-Volute SAS → Nahimic)
              Task: {636B134F-D6A5-4D69-A9B7-48F3DE123F83} - System32\Tasks\NahimicTask32 => C:\WINDOWS\system32..\SysWOW64\NahimicSvc32.exe [829544 ] (A-Volute SAS → Nahimic)
              Task: {1D726454-0314-486C-8BA3-4515AB09EC63} - System32\Tasks\NahimicTask64 => C:\WINDOWS\system32.\NahimicSvc64.exe [1088616 ] (A-Volute SAS → Nahimic)
              Task: {EB1E1C1D-1736-48EA-B249-BF4A5FC2CECA} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4125576 2023-07-27] (Microsoft Corporation → Microsoft Corporation)
              Task: {D16417EF-0C5E-40D7-821D-FA90EEA2B722} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-516455074-3529725477-31475253-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4125576 2023-07-27] (Microsoft Corporation → Microsoft Corporation)
              Task: {42FE7CEB-8F85-4C25-95A6-4BD0F736AAC7} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [200704 2023-05-12] (Microsoft Windows → Microsoft Corporation) → //B //NoLogo “C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs”
              Task: {6DEF4AB9-144A-495D-82D7-9170E5329F5D} - System32\Tasks\Window Update => C:\Users\tzahi\AppData\Local\Updates\Run.vbs [1015 2022-05-09] () [File not signed] <==== ATTENTION
              Task: {1EBDEC72-F7EB-4367-A91D-1407EB41AB1F} - System32\Tasks\WpsExternal_tzahi_20221119083148 => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe [1057928 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd) → /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
              Task: {8B915058-845F-43C0-A27E-CF36D34D133D} - System32\Tasks\WpsUpdateTask_tmmrcy => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpsupdate.exe [172168 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
              Task: {E48D667A-D43B-41D1-AE87-35C0BBF0EB86} - System32\Tasks\WpsUpdateTask_tzahi => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpsupdate.exe [172168 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
              
              (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
              
              ==================== Internet (Whitelisted) ====================
              
              (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
              
              Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
              Tcpip..\Interfaces{0e1db6e2-967c-4181-ad20-1a7c8debc340}: [DhcpNameServer] 192.168.1.1
              Tcpip..\Interfaces{f56d216f-17ce-4734-aca7-25767677a9dd}: [DhcpNameServer] 192.168.42.129
              Tcpip..\Interfaces{f8d21a67-f548-45c5-a7aa-e808c1aba960}: [DhcpNameServer] 40.42.1.13
              [HEADING=1]Edge:[/HEADING]
              Edge DefaultProfile: Profile 1
              Edge Profile: C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-07-27]
              Edge Notifications: Profile 1 → hxxps://pchelpforum.net; hxxps://teams.microsoft.com
              Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-07-27]
              Edge Extension: (Halo – Arrival) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ddgdgdmkcagpbibgcilbidjfokdngfld [2022-09-07]
              Edge Extension: (Edge relevant text changes) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-27]
              Edge HKU\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Microsoft\Edge\Extensions...\Edge\Extension: [njjljiblognghfjfpcdpdbpbfcmhgafg]
              [HEADING=1]FireFox:[/HEADING]
              FF HKLM...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
              FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2020-04-22] [Legacy]
              FF HKLM...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
              FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2020-04-22]
              FF HKLM-x32...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
              FF HKLM-x32...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
              FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
              FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
              FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
              FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
              FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
              FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
              FF Plugin-x32: @java.com/DTPlugin,version=11.371.2 → C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
              FF Plugin-x32: @java.com/JavaPlugin,version=11.371.2 → C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
              FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
              [HEADING=1]Chrome:[/HEADING]
              CHR HKLM...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-04-22]
              CHR HKU\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [gjgfobnenmnljakmhboildkafdkicala]
              CHR HKLM-x32...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-04-22]
              
              ==================== Services (Whitelisted) ===================
              
              (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
              
              S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-07-06] (BattlEye Innovations e.K. → )
              R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11851240 2023-07-17] (Microsoft Corporation → Microsoft Corporation)
              R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43272 2023-07-03] (Intel Corporation → Intel)
              R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [212744 2023-07-03] (Intel Corporation → Intel)
              S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2022-07-06] (EasyAntiCheat Oy → Epic Games, Inc)
              S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-15] (Epic Games Inc. → Epic Games, Inc.)
              R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncHelper.exe [3447736 2023-07-27] (Microsoft Corporation → Microsoft Corporation)
              R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [381312 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher → Fortemedia)
              R2 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe [1995184 2020-04-29] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
              R2 HiviewService; C:\Program Files\Huawei\Hiview\HiviewService.exe [5127064 2022-12-05] (Huawei Technologies Co., Ltd. → Huawei Device Co., Ltd.)
              S3 HmdfsOfficeSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [786312 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
              S3 HmdfsPcSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [786312 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
              S3 HmdfsPhoneSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [786312 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
              R2 HMSCoreService; C:\Program Files\Huawei\HMS Core\HMSCoreService.exe [176712 2022-06-29] (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.)
              R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-07-18] (HP Inc. → HP Inc.)
              R2 HwPCCoreService; C:\Program Files\Huawei\BasicService\BasicService.exe [629640 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
              R2 HWVEAudioService; C:\WINDOWS\system32\HWVEAudioService.exe [104592 2021-03-27] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
              R2 HW_OSDServer; C:\Windows\system32\RPC\OSD\osdservice.exe [252168 2020-12-23] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
              R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1432104 2023-06-08] (Intel Corporation → Intel Corporation)
              R2 LCD_Service; C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe [44424 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
              R2 MBAMainService; C:\Program Files\Huawei\PCManager\MateBookService.exe [589192 2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
              S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9266864 2023-07-06] (Malwarebytes Inc. → Malwarebytes)
              R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1675384 2021-07-02] (A-Volute SAS → Nahimic)
              S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.142.0709.0001\OneDriveUpdaterService.exe [3783544 2023-07-27] (Microsoft Corporation → Microsoft Corporation)
              S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2572096 2023-03-13] (Electronic Arts, Inc. → Electronic Arts)
              R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3491144 2023-03-13] (Electronic Arts, Inc. → Electronic Arts)
              S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1244144 2023-06-29] (Rockstar Games, Inc. → Rockstar Games)
              S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182296 2021-06-23] (Samsung Electronics Co., Ltd. → Samsung Electronics Co., Ltd.)
              S3 ucldr_Crowz_ST; C:\Program Files\Common Files\UNCHEATER\ucldr_Crowz_ST.exe [5613296 2022-04-10] (Wellbia.com Co., Ltd. → Wellbia.com Co., Ltd.)
              R2 WUCSProxy; C:\Program Files\HuaWei\wucs\WUCSProxyService.exe [7016008 2022-06-29] (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.)
              S4 uhssvc; “C:\Program Files\Microsoft Update Health Tools\uhssvc.exe” 
              S4 WdNisSvc; “%ProgramData%\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe” 
              S4 WinDefend; “C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe”
              
              ===================== Drivers (Whitelisted) ===================
              
              (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
              
              S4 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [561152 2023-06-28] (Microsoft Windows → Microsoft Corporation)
              R3 ALSysIO; C:\Users\tzahi\AppData\Local\Temp\ALSysIO64.sys [47240 2023-07-27] (ALCPU (Arthur Liberman) → Arthur Liberman) <==== ATTENTION
              S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
              R1 dokan2; C:\Program Files\Huawei\PCManager\dokan2.sys [117176 2021-10-19] (Huawei Device Co., Ltd. → Dokan Project)
              R1 dokan2a; C:\Program Files\Huawei\PCManager\dokan2a.sys [403472 2022-05-03] (Huawei Device Co., Ltd. → Dokan Project)
              R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-11] (Microsoft Windows Hardware Compatibility Publisher → Dev47Apps)
              R3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher → Windows (R) Win 7 DDK provider)
              R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-10] (Intel Corporation → Intel Corporation)
              R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-10] (Intel Corporation → Intel Corporation)
              R3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-10] (Intel Corporation → Intel Corporation)
              R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-10] (Intel Corporation → Intel Corporation)
              R0 IBtRstd; C:\WINDOWS\System32\drivers\ibtrstd.sys [61376 2020-07-15] (Intel(R) Wireless Connectivity Solutions → Intel Corporation)
              S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-07-06] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
              S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
              R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-06-16] (A-Volute → Windows (R) Win 7 DDK provider)
              S3 UniFairy_x64; C:\WINDOWS\system32\drivers\UniFairy_x64.sys [8209904 2022-07-05] (Tencent Technology(Shenzhen) Company Limited → TENCENT)
              S3 unirsdt; C:\WINDOWS\system32\drivers\unirsdt.sys [6166504 2022-09-22] (Tencent Technology(Shenzhen) Company Limited → TENCENT)
              S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239664 2021-07-28] (Oracle Corporation → Oracle Corporation)
              R3 virtbus; C:\WINDOWS\System32\drivers\virtbus.sys [42968 2022-10-23] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
              R3 WDTDrv; C:\WINDOWS\System32\Drivers\WDTDrv.sys [46912 2020-07-15] (Microsoft Windows Hardware Compatibility Publisher → )
              R2 WUCS; C:\WINDOWS\system32\drivers\WUCSDriver.sys [993728 2022-06-29] (Microsoft Windows Hardware Compatibility Publisher → Huawei Device Co., Ltd.)
              S3 xhunter1; C:\WINDOWS\xhunter1.sys [1431256 2022-04-10] (Wellbia.com Co., Ltd. → Wellbia.com Co., Ltd.)
              U4 MsSecFlt; no ImagePath
              U4 Sense; no ImagePath
              U4 SgrmAgent; no ImagePath
              U4 SgrmBroker; no ImagePath
              S4 WdBoot; \SystemRoot\system32\drivers\wd\WdBoot.sys 
              S4 WdFilter; \SystemRoot\system32\drivers\wd\WdFilter.sys 
              S4 WdNisDrv; system32\drivers\wd\WdNisDrv.sys 
              S3 WmFilter; \SystemRoot\system32\drivers\WmFilter.sys
              
              ==================== NetSvcs (Whitelisted) ===================
              
              (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
              
              ==================== One month (created) (Whitelisted) =========
              
              (If an entry is included in the fixlist, the file/folder will be moved.)
              
              2023-07-21 20:35 - 2023-07-21 20:35 - 000000000 ____D C:\WINDOWS\Minidump
              2023-07-21 18:41 - 2023-07-21 18:41 - 000001427 _____ C:\WINDOWS\system32\default_error_stack-000026-000000.txt
              2023-07-18 17:00 - 2022-03-22 10:30 - 000000000 ____D C:\Users\tzahi\Downloads\lc500
              2023-07-18 16:56 - 2016-11-12 17:06 - 000000000 ____D C:\Users\tzahi\Downloads\lex570
              2023-07-18 16:55 - 2023-04-26 17:10 - 000000000 ____D C:\Users\tzahi\Downloads\sc300a
              2023-07-18 16:46 - 2022-02-03 16:44 - 000000000 ____D C:\Users\tzahi\Downloads\lx600
              2023-07-18 16:46 - 2018-06-07 23:38 - 000000000 ____D C:\Users\tzahi\Downloads\na1
              2023-07-18 16:45 - 2016-01-17 02:38 - 000000000 ____D C:\Users\tzahi\Downloads\shonen
              2023-07-18 16:23 - 2017-02-18 20:10 - 000000000 ____D C:\Users\tzahi\Downloads\rcf
              2023-07-17 18:18 - 2023-07-17 18:18 - 000000000 ____D C:\Program Files\chrome_BITS_5924_1230364416
              2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\WINDOWS\SysWOW64\AGEIA
              2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\Users\tzahi\Documents\Square Enix
              2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
              2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
              2023-07-13 21:35 - 2023-07-27 17:11 - 000000000 ____D C:\KVRT2020_Data
              2023-07-06 14:15 - 2023-07-27 19:15 - 000000000 ____D C:\Users\tzahi\Desktop\PC Help Forum Tings
              2023-07-06 13:52 - 2023-07-06 13:52 - 000000000 ____D C:\Users\tzahi\AppData\Local\mbam
              2023-07-06 13:51 - 2023-07-07 17:56 - 000000000 ____D C:\Users\tzahi\AppData\Local\Malwarebytes
              2023-07-06 13:51 - 2023-07-06 13:51 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
              2023-07-06 13:50 - 2023-07-06 13:50 - 000000000 ____D C:\ProgramData\Malwarebytes
              2023-07-06 13:50 - 2023-07-06 13:50 - 000000000 ____D C:\Program Files\Malwarebytes
              2023-07-06 13:44 - 2023-07-06 13:44 - 000000000 ____D C:\AdwCleaner
              2023-07-06 05:33 - 2023-07-27 19:17 - 000000000 ____D C:\FRST
              2023-07-04 10:43 - 2023-07-21 20:35 - 000000000 ___HD C:\Intel
              2023-07-04 10:43 - 2023-04-01 09:17 - 000001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telegram.lnk
              2023-07-04 10:43 - 2021-09-05 07:39 - 000001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photoshop.lnk
              2023-07-04 10:43 - 2021-09-05 07:30 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS Pro 16.lnk
              2023-07-04 10:43 - 2021-09-05 07:07 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Teams for School.lnk
              2023-07-04 10:33 - 2023-07-04 10:49 - 000000000 ___HD C:$SysReset
              2023-07-04 10:33 - 2023-07-03 23:51 - 000000000 ____D C:$Windows.~BT
              2023-07-04 00:10 - 2023-07-04 00:10 - 000000000 ____D C:\Users\tzahi\AppData\Local\GUI
              2023-07-03 23:52 - 2023-07-27 16:53 - 000000000 ____D C:\Users\tzahi\AppData\Local\D3DSCache
              2023-07-03 23:51 - 2023-07-27 19:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
              2023-07-03 23:51 - 2023-07-21 20:35 - 002503478 ____N C:\WINDOWS\Minidump\072123-7609-01.dmp
              2023-07-03 23:27 - 2023-07-03 23:27 - 000000000 ____D C:\Users\tzahi\AppData\Local\ElevatedDiagnostics
              2023-07-03 21:24 - 2023-07-03 21:24 - 000001427 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
              2023-07-03 20:58 - 2023-07-27 19:15 - 000000000 ____D C:\Users\tzahi\AppData\Local\Updates
              2023-07-03 20:58 - 2023-07-03 21:22 - 000003252 _____ C:\WINDOWS\system32\Tasks\Window Update
              2023-07-03 20:58 - 2023-07-03 20:58 - 000014544 _____ (OpenLibSys.org) C:\WINDOWS\system32\WinRing0x64.sys
              2023-07-03 20:58 - 2023-07-03 20:58 - 000000000 ____D C:\Program Files (x86)\OceanofGames.ccom
              2023-06-29 14:58 - 2023-06-29 14:58 - 000000360 _____ C:\Users\tzahi\Desktop\Grand Theft Auto V.url
              2023-06-28 13:44 - 2023-07-03 21:24 - 000000000 ____D C:\Users\tmmrcy
              2023-06-28 12:47 - 2023-06-28 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
              2023-06-28 12:44 - 2023-06-20 20:58 - 000515528 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
              2023-06-28 12:44 - 2023-06-20 20:58 - 000455664 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
              2023-06-28 12:44 - 2023-06-20 20:57 - 000937504 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
              2023-06-28 12:44 - 2023-06-20 20:56 - 000700360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
              2023-06-28 12:44 - 2023-06-20 20:55 - 000586232 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
              2023-06-28 12:44 - 2023-06-20 20:55 - 000447760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
              2023-06-28 12:44 - 2023-06-20 20:54 - 000488056 _____ C:\WINDOWS\SysWOW64\IntelControlLib32.dll
              2023-06-28 12:44 - 2023-06-20 20:51 - 002184128 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
              2023-06-28 12:44 - 2023-06-20 20:51 - 002184128 _____ C:\WINDOWS\system32\vulkaninfo.exe
              2023-06-28 12:44 - 2023-06-20 20:51 - 001618368 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
              2023-06-28 12:44 - 2023-06-20 20:51 - 001618368 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
              2023-06-28 12:44 - 2023-06-20 20:51 - 001481672 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
              2023-06-28 12:44 - 2023-06-20 20:51 - 001481672 _____ C:\WINDOWS\system32\vulkan-1.dll
              2023-06-28 12:44 - 2023-06-20 20:51 - 001214400 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
              2023-06-28 12:44 - 2023-06-20 20:51 - 001214400 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
              2023-06-28 12:44 - 2023-06-20 20:51 - 000497648 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
              2023-06-28 12:44 - 2023-06-20 20:51 - 000437752 _____ C:\WINDOWS\system32\ze_loader.dll
              2023-06-28 12:44 - 2023-06-20 20:51 - 000288192 _____ C:\WINDOWS\system32\ze_validation_layer.dll
              2023-06-28 12:44 - 2023-06-20 20:50 - 027958720 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
              2023-06-28 12:44 - 2023-06-20 20:50 - 020682736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
              2023-06-28 12:44 - 2023-06-20 20:49 - 000274288 _____ C:\WINDOWS\system32\ControlLib.dll
              2023-06-28 12:44 - 2023-06-20 20:49 - 000223608 _____ C:\WINDOWS\SysWOW64\ControlLib32.dll
              
              ==================== One month (modified) ==================
              
              (If an entry is included in the fixlist, the file/folder will be moved.)
              
              2023-07-27 19:16 - 2021-04-14 23:10 - 000000000 ____D C:\ProgramData\Goodix
              2023-07-27 19:15 - 2022-05-07 10:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
              2023-07-27 19:13 - 2022-05-07 10:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
              2023-07-27 17:12 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\SystemTemp
              2023-07-27 17:05 - 2022-05-07 10:24 - 000000000 ___HD C:\Program Files\WindowsApps
              2023-07-27 17:05 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\AppReadiness
              2023-07-27 16:36 - 2020-11-19 12:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
              2023-07-27 16:01 - 2022-05-07 10:22 - 000000000 ____D C:\WINDOWS\INF
              2023-07-27 15:58 - 2022-09-22 10:53 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-516455074-3529725477-31475253-1001
              2023-07-27 15:58 - 2022-09-22 10:53 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
              2023-07-27 15:58 - 2022-05-14 14:04 - 000000000 ____D C:\Program Files\Microsoft OneDrive
              2023-07-27 15:58 - 2021-09-04 00:17 - 000000000 ___RD C:\Users\tzahi\OneDrive
              2023-07-27 15:58 - 2021-09-04 00:14 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
              2023-07-27 15:51 - 2021-09-13 23:38 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\PCManager
              2023-07-27 15:50 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
              2023-07-27 15:48 - 2022-09-06 23:45 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\HMSCore
              2023-07-21 20:50 - 2022-09-22 10:50 - 000000000 ____D C:\Users\tzahi
              2023-07-21 20:49 - 2022-09-22 10:53 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
              2023-07-21 20:49 - 2022-09-22 10:53 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
              2023-07-21 20:39 - 2022-09-22 10:53 - 000850372 _____ C:\WINDOWS\system32\PerfStringBackup.INI
              2023-07-21 20:35 - 2022-09-22 10:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
              2023-07-21 20:35 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\ServiceState
              2023-07-21 20:35 - 2021-03-09 07:39 - 000012288 ___SH C:\DumpStack.log.tmp
              2023-07-21 18:41 - 2022-05-07 10:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
              2023-07-18 17:32 - 2021-10-21 16:44 - 000000000 ____D C:\Users\tzahi\AppData\Local\CrashDumps
              2023-07-18 05:11 - 2021-09-05 08:13 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
              2023-07-18 00:56 - 2022-09-22 10:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
              2023-07-17 22:45 - 2022-05-12 10:08 - 000000000 ____D C:\Program Files\Microsoft Office
              2023-07-17 18:22 - 2022-05-07 10:17 - 000000000 ____D C:\WINDOWS\CbsTemp
              2023-07-13 17:03 - 2021-09-04 06:44 - 000000000 ____D C:\WINDOWS\system32\MRT
              2023-07-13 17:01 - 2021-09-04 06:44 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
              2023-07-12 21:53 - 2022-09-22 10:53 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
              2023-07-12 21:53 - 2022-09-22 10:53 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
              2023-07-06 14:03 - 2022-04-27 03:53 - 000000525 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
              2023-07-06 13:57 - 2021-09-05 07:09 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\uTorrent
              2023-07-06 13:51 - 2022-05-07 10:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
              2023-07-06 13:44 - 2021-09-07 08:19 - 000000000 ____D C:\Users\tzahi\AppData\Local\BitTorrentHelper
              2023-07-06 05:55 - 2021-09-05 00:42 - 000000000 ____D C:\Program Files (x86)\Steam
              2023-07-06 05:32 - 2023-05-12 12:31 - 000001517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
              2023-07-06 05:32 - 2021-03-09 07:43 - 000000000 ____D C:\ProgramData\Package Cache
              2023-07-04 16:29 - 2021-11-25 13:07 - 000000000 ___RD C:\Users\tzahi\Documents\EXCEL Files
              2023-07-04 16:15 - 2021-09-04 14:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
              2023-07-04 10:51 - 2023-03-01 23:48 - 000000000 ____D C:\WINDOWS\Panther
              2023-07-04 10:50 - 2023-06-13 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher
              2023-07-04 10:50 - 2023-02-22 00:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
              2023-07-04 10:50 - 2022-09-22 10:51 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Crypto
              2023-07-04 10:50 - 2022-09-22 10:50 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Windows
              2023-07-04 10:50 - 2022-05-12 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
              2023-07-04 10:50 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
              2023-07-04 10:50 - 2022-03-03 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HUAWEI
              2023-07-04 10:50 - 2021-09-05 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
              2023-07-04 10:50 - 2020-11-19 12:33 - 000000000 __RHD C:\Users\Public\AccountPictures
              2023-07-03 23:51 - 2022-09-22 10:52 - 000015243 _____ C:\WINDOWS\diagwrn.xml
              2023-07-03 23:51 - 2022-09-22 10:52 - 000015243 _____ C:\WINDOWS\diagerr.xml
              2023-07-03 23:23 - 2022-05-07 10:24 - 000000000 ____D C:\Program Files\Windows Defender
              2023-07-03 23:23 - 2022-05-07 10:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
              2023-07-03 23:22 - 2022-09-22 10:49 - 000618256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
              2023-07-03 22:08 - 2021-09-05 07:01 - 000000000 ____D C:\Program Files\TeamViewer
              2023-07-03 21:38 - 2022-05-07 10:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
              2023-07-03 21:30 - 2021-09-04 00:16 - 000000000 ____D C:\Users\tzahi\AppData\Local\Packages
              2023-06-30 16:39 - 2022-10-11 02:20 - 000000000 ____D C:\Users\tzahi\Desktop\Important Documents
              2023-06-30 16:39 - 2022-05-12 04:59 - 000000000 ____D C:\Users\tzahi\Documents\Recovery Codes
              2023-06-30 16:39 - 2021-09-05 07:41 - 000000000 ____D C:\Users\tzahi\Documents\PDF FIles
              2023-06-29 15:33 - 2021-09-04 05:20 - 000000000 ____D C:\Users\tzahi\Documents\Rockstar Games
              2023-06-29 15:32 - 2023-02-23 00:46 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
              2023-06-29 15:32 - 2021-09-04 05:15 - 000000000 ____D C:\ProgramData\Rockstar Games
              2023-06-29 15:32 - 2021-09-04 05:13 - 000000000 ____D C:\Program Files\Rockstar Games
              2023-06-29 15:32 - 2021-09-04 05:13 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
              2023-06-29 11:55 - 2022-11-19 13:05 - 000000000 ____D C:\Users\tzahi\Desktop\English 181-191
              2023-06-28 13:43 - 2023-05-12 13:43 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
              2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\UUS
              2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\SystemResources
              2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
              2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\oobe
              2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
              2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
              2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
              2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\ShellComponents
              2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\bcastdvr
              2023-06-28 13:00 - 2022-09-22 10:51 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
              2023-06-28 12:44 - 2021-03-09 07:43 - 000000000 ____D C:\Program Files\Intel
              2023-06-28 10:59 - 2021-03-09 07:43 - 000000000 ____D C:\Program Files (x86)\Intel
              
              ==================== Files in the root of some directories ========
              
              2021-09-05 07:08 - 2021-09-05 07:08 - 000000128 ____H () C:\Users\tzahi\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
              2021-09-12 12:38 - 2021-12-06 22:52 - 082428480 _____ (Sony) C:\Users\tzahi\AppData\Local\pcc.exe
              2021-12-29 23:33 - 2022-01-14 12:15 - 000007597 _____ () C:\Users\tzahi\AppData\Local\Resmon.ResmonCfg
              
              ==================== FLock ==============================
              
              2023-06-14 18:31 C:\WINDOWS\system32\smartscreen.exe
              
              ==================== SigCheck ============================
              
              (There is no automatic fix for files that do not pass verification.)
              
              ==================== End of FRST.txt ========================

              Comment

              • taimrarchy
                PCHF Member
                • Jul 2023
                • 38

                #22
                Addition:
                [HEADING=1]
                Code:
                Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2023
                Ran by tmmrcy (27-07-2023 19:17:59)
                Running from C:\Users\tzahi\Desktop\PC Help Forum Tings
                Microsoft Windows 11 Home Version 22H2 22621.1928 (X64) (2022-09-22 05:53:16)
                Boot Mode: Normal[/HEADING]
                ==================== Accounts: =============================
                
                (If an entry is included in the fixlist, it will be removed.)
                
                Administrator (S-1-5-21-516455074-3529725477-31475253-500 - Administrator - Disabled)
                DefaultAccount (S-1-5-21-516455074-3529725477-31475253-503 - Limited - Disabled)
                Guest (S-1-5-21-516455074-3529725477-31475253-501 - Limited - Disabled)
                tmmrcy (S-1-5-21-516455074-3529725477-31475253-1001 - Administrator - Enabled) => C:\Users\tzahi
                WDAGUtilityAccount (S-1-5-21-516455074-3529725477-31475253-504 - Limited - Disabled)
                
                ==================== Security Center ========================
                
                (If an entry is included in the fixlist, it will be removed.)
                
                AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                
                ==================== Installed Programs ======================
                
                (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
                
                Anaconda3 2022.10 (Python 3.9.13 64-bit) (HKLM...\Anaconda3 2022.10 (Python 3.9.13 64-bit)) (Version: 2022.10 - Anaconda, Inc.)
                Anaconda3 2022.10 (Python 3.9.13 64-bit) (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Anaconda3 2022.10 (Python 3.9.13 64-bit)) (Version: 2022.10 - Anaconda, Inc.)
                Batman Episode 5 (HKLM-x32...\Batman Episode 5_is1) (Version: - )
                Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
                Core Temp 1.17.1 (HKLM...{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
                Dev-C++ (HKLM-x32...\Dev-C++) (Version: 5.11 - Bloodshed Software)
                Discord (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Discord) (Version: 1.0.9003 - Discord Inc.)
                Documentation Manager (HKLM...{619AF8CA-69CA-4463-88F7-86E2E387FB66}) (Version: 22.230.0.8 - Intel Corporation) Hidden
                DroidCam Client (HKLM-x32...\DroidCam) (Version: 6.4.3 - DEV47APPS)
                Dynamic Application Loader Host Interface Service (HKLM...{1216C70E-6887-41B6-8EDB-FD91B5A8708F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
                Epic Games Launcher (HKLM-x32...{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
                Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
                Epic Online Services (HKLM-x32...{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
                FiveM (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\CitizenFX_FiveM) (Version: - Cfx.re)
                Foxit PhantomPDF (HKLM-x32...{0a0d1ae2-8a54-11ea-8e74-54bf64a63c26}) (Version: 10.0.0.35798 - Foxit Software Inc.)
                Free Cam 8 (HKLM-x32...{31FACC6B-2EB0-4092-B715-FE8B8916A967}) (Version: 8.7.27159 - iSpring Solutions Inc.)
                Halo 2 Project Cartographer (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Halo 2 Project Cartographer) (Version: 01.7.00.00 - H2PC)
                HMS Core (HKLM...\HMS Core) (Version: 6.6.0.300 - Huawei Technologies Co., Ltd.)
                HP DeskJet 2130 series Basic Device Software (HKLM...{A81ACE32-12C9-43C8-BFD6-BEA725ACB9F4}) (Version: 40.11.1124.17107 - HP Inc.)
                HP Dropbox Plugin (HKLM-x32...{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
                HP Google Drive Plugin (HKLM-x32...{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
                Huawei PC Manager(Multi-screen Collaboration and Official Driver) (HKLM...\PC Manager) (Version: 13.0.2.370 - Huawei Device Co., Ltd.)
                HW OSD (HKLM...\HwOsd) (Version: 11.0.5.3 - Huawei Device Co., Ltd.)
                Intel Driver && Support Assistant (HKLM-x32...{0F7F6F7B-684E-435A-9FCE-C8A1F71EDA14}) (Version: 23.3.25.6 - Intel) Hidden
                Intel(R) Chipset Device Software (HKLM...{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden
                Intel(R) Chipset Device Software (HKLM-x32...{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel(R) Corporation)
                Intel(R) Computing Improvement Program (HKLM...{438CD419-50DF-4A15-B9AD-986D47085E54}) (Version: 2.4.09146 - Intel Corporation)
                Intel(R) Dynamic Tuning (HKLM-x32...{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10400.15556 - Intel Corporation)
                Intel(R) Dynamic Tuning Technology (HKLM-x32...{bb67b2ec-1792-405b-8351-21bcc9f00f45}) (Version: 8.7.10400.15556 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{0703311b-31d5-4c17-9668-c48dee4b7749}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{209fc91f-5b9a-4901-ac8f-cb1759c75a18}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{34663e82-6c5e-4b48-b1b1-fee1881dc39b}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{55fc13d0-814b-49bb-b13b-27836022cfb9}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{8850e5d7-7f46-4a65-8f61-90533664733c}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{907b050d-5a10-4585-a175-7003de7204b2}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{c4456f6f-fe06-4281-b612-7431efe37891}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{d1d0fa4c-90ba-4580-9bc0-161e91344b1c}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Graphics Driver Software (HKLM-x32...{e8608a5e-87fa-4830-99b6-f679b87d3cb6}) (Version: 3.11.1.0 - Intel) Hidden
                Intel(R) Icls (HKLM...{DA3AEB76-773F-417C-B053-7A9A28F413B2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
                Intel(R) LMS (HKLM...{2C22227F-09AF-4498-AEFD-6DC10FCD664F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
                Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2033.15.0.1783 - Intel Corporation)
                Intel(R) Management Engine Components (HKLM...{B3956502-1A32-4061-8A99-015E9EA66132}) (Version: 1.0.0.0 - Intel Corporation) Hidden
                Intel(R) Management Engine Components (HKLM...{C046A888-9C09-411B-B3C8-73F77E861243}) (Version: 1.0.0.0 - Intel Corporation) Hidden
                Intel(R) Management Engine Driver (HKLM...{A670C124-DF72-42A3-8C1A-061FF3A09E29}) (Version: 1.0.0.0 - Intel Corporation) Hidden
                Intel(R) Serial IO (HKLM...{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2031.2 - Intel Corporation)
                Intel(R) Serial IO (HKLM...{BA425414-4D86-4FB0-8EEE-FA7F34E79C00}) (Version: 30.100.2031.2 - Intel Corporation) Hidden
                Intel(R) Wireless Bluetooth(R) (HKLM-x32...{00000230-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.230.0.2 - Intel Corporation)
                Intel® Arc™ Control (HKLM...{13865A06-C2AB-4814-BAE6-69FCB841C8DA}) (Version: 1.69.5033.3 - Intel Corporation) Hidden
                Intel® Arc™ Control (HKLM-x32...{5893f084-4b18-43be-a951-629c07848117}) (Version: 1.69.5033.3 - Intel Corporation)
                Intel® Driver & Support Assistant (HKLM-x32...{0ddcdf18-17cd-44ad-af4e-ba6821421c30}) (Version: 23.3.25.6 - Intel)
                Intel® Software Installer (HKLM-x32...{09b61d86-bc76-4353-a7d8-ebc9e2822195}) (Version: 22.230.0.8 - Intel Corporation) Hidden
                Java 8 Update 371 (HKLM-x32...{71124AE4-039E-4CA4-87B4-2F32180371F0}) (Version: 8.0.3710.11 - Oracle Corporation)
                Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
                Malwarebytes version 4.5.32.271 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.32.271 - Malwarebytes)
                Microsoft .NET Core Host - 3.1.32 (x64) (HKLM...{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
                Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM...{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
                Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM...{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
                Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32...{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
                Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 115.0.1901.183 - Microsoft Corporation)
                Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 115.0.1901.183 - Microsoft Corporation)
                Microsoft GameInput (HKLM-x32...{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
                Microsoft Halo (HKLM-x32...\Halo) (Version: - Microsoft)
                Microsoft Office Professional Plus 2021 - en-us (HKLM...\ProPlus2021Retail - en-us) (Version: 16.0.16529.20182 - Microsoft Corporation)
                Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 23.142.0709.0001 - Microsoft Corporation)
                Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
                Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
                Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
                Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
                Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
                Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
                Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
                Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
                Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
                Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
                Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
                Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32...{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
                Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM...{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM...{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32...{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32...{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32...{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
                Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32...{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
                Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM...{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM...{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32...{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
                Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32...{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
                MSXML 4.0 SP2 Parser and SDK (HKLM-x32...{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
                NVIDIA PhysX (HKLM-x32...{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
                Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
                Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
                OpenIV (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\OpenIV) (Version: 4.1.1502 - .black/OpenIV Team)
                Origin (HKLM-x32...\Origin) (Version: 10.5.122.52971 - Electronic Arts, Inc.)
                Rockstar Games Launcher (HKLM-x32...\Rockstar Games Launcher) (Version: 1.0.74.1546_B - Rockstar Games)
                Rockstar Games Social Club (HKLM-x32...\Rockstar Games Social Club) (Version: 2.1.8.4 - Rockstar Games)
                Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
                TLauncher (HKLM-x32...\TLauncher) (Version: 2.885 - TLauncher Inc.)
                Ubisoft Connect (HKLM-x32...\Uplay) (Version: 125.0.10582 - Ubisoft)
                WinRAR 6.02 (64-bit) (HKLM...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
                WPS Office (11.2.0.11388) (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Kingsoft Office) (Version: 11.2.0.11388 - Kingsoft Corp.)
                Zoom (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)
                [HEADING=1]Packages:[/HEADING]
                AppUp.IntelGraphicsExperience → C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-06] (INTEL CORP) [Startup Task]
                Forza Horizon 4 → C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.477.714.2_x64__8wekyb3d8bbwe [2023-04-06] (Microsoft Studios)
                Forza Horizon 4 Formula Drift Car Pack → C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2023-02-23] (Microsoft Studios)
                HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-18] (HP Inc.)
                Messenger → C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1910.4.130.0_x64__8xx8rvfyw5nnt [2023-07-27] (Meta) [Startup Task]
                Microsoft Family → C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
                Microsoft.AV1VideoExtension → C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-17] (Microsoft Corporation)
                Microsoft.MPEG2VideoExtension → C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-09-22] (Microsoft Corporation)
                Minecraft Launcher → C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.2.16.0_x64__8wekyb3d8bbwe [2023-06-09] (Microsoft Studios)
                Nahimic → C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.17.0_x64__w2gh52qy24etm [2023-07-03] (A-Volute)
                Netflix → C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-10-26] (Netflix, Inc.)
                Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-15] (Microsoft Corporation)
                Realtek Audio Control → C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.247.0_x64__dt26b99r8h8gj [2023-07-03] (Realtek Semiconductor Corp)
                Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0 [2023-07-27] (Spotify AB) [Startup Task]
                WhatsApp → C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2327.6.0_x64__cv1g1gvanyjgm [2023-07-13] (WhatsApp Inc.) [Startup Task]
                WiFi Analyzer → C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2023-07-03] (Matt Hafner)
                
                ==================== Custom CLSID (Whitelisted): ==============
                
                (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
                
                CustomCLSID: HKU\S-1-5-21-516455074-3529725477-31475253-1001_Classes\CLSID{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 → C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
                CustomCLSID: HKU\S-1-5-21-516455074-3529725477-31475253-1001_Classes\CLSID{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 → C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
                ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ContextMenuHandlers1: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ContextMenuHandlers1: [Foxit_ConvertToPDF] → {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
                ContextMenuHandlers1: [HwShareMenu] → {9557F42F-BD61-4E26-9752-33A8A20FC9F9} => C:\Program Files\Huawei\PCManager\ShareMenu.dll [2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                ContextMenuHandlers1: [MagicISO] → {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
                ContextMenuHandlers1: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
                ContextMenuHandlers1-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
                ContextMenuHandlers2: [DFSDriveMenu] → {9557F42F-BD61-4E26-9752-33A8A20FC9F9} => C:\Program Files\Huawei\PCManager\ShareMenu.dll [2022-10-24] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-06] (Malwarebytes Inc. → Malwarebytes)
                ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ContextMenuHandlers4: [MagicISO] → {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
                ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation → Microsoft Corporation)
                ContextMenuHandlers6: [Foxit_ConvertToPDF] → {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
                ContextMenuHandlers6: [MagicISO] → {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
                ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-06] (Malwarebytes Inc. → Malwarebytes)
                ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
                ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
                ContextMenuHandlers1_S-1-5-21-516455074-3529725477-31475253-1001: [ kwpsshellext] → {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll [2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
                ContextMenuHandlers4_S-1-5-21-516455074-3529725477-31475253-1001: [ kwpsshellext] → {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll [2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
                
                ==================== Codecs (Whitelisted) ====================
                
                ==================== Shortcuts & WMI ========================
                
                (The entries could be listed to be restored or removed.)
                
                ShortcutWithArgument: C:\Users\tzahi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk → C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) → --profile-directory=“Profile 1”
                
                ==================== Loaded Modules (Whitelisted) =============
                
                2022-03-22 17:59 - 2021-10-30 07:08 - 001080832 _____ () [File not signed] C:\Program Files\HuaWei\wucs\sqlcipher.dll
                2023-04-25 13:32 - 2023-04-25 13:32 - 001600512 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
                2023-04-25 13:32 - 2023-04-25 13:32 - 002165760 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
                2021-11-12 14:53 - 2021-11-12 14:53 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
                2021-11-12 14:53 - 2021-11-12 14:53 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
                2021-11-12 14:53 - 2021-11-12 14:53 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
                2023-03-15 00:10 - 2021-11-12 14:53 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
                2023-03-15 00:10 - 2021-11-12 14:53 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
                2023-03-15 00:10 - 2021-11-12 14:53 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
                2023-03-15 00:10 - 2021-11-12 14:53 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
                2023-03-15 00:10 - 2021-11-12 14:53 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
                2023-03-15 00:10 - 2021-11-12 14:53 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
                
                ==================== Alternate Data Streams (Whitelisted) ========
                
                (If an entry is included in the fixlist, only the ADS will be removed.)
                
                AlternateDataStreams: C:\Recovery:err [1590]
                AlternateDataStreams: C:\ProgramData\droidcam-client-options-v2:8329C6407A [10]
                AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [10]
                AlternateDataStreams: C:\ProgramData\droidcam.log:ADD74D6E12 [10]
                AlternateDataStreams: C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6:2EA0371A72 [10]
                AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net.lnk:E2208A86CD [10]
                AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DroidCam Client.lnk:96D1DD3380 [10]
                AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [10]
                AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF.lnk:4851378599 [10]
                AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Cam 8.lnk:6991C8B2BC [10]
                AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP DeskJet 2130 series.lnk:25ED2E7AB7 [10]
                AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2734]
                
                ==================== Safe Mode (Whitelisted) ==================
                
                (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
                
                HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service”
                HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service”
                
                ==================== Association (Whitelisted) =================
                
                ==================== Internet Explorer (Whitelisted) ==========
                
                SearchScopes: HKU\S-1-5-21-516455074-3529725477-31475253-1001 → DefaultScope {D070BD48-05DB-4F29-BB4E-FCEA17667687} URL =
                SearchScopes: HKU\S-1-5-21-516455074-3529725477-31475253-1001 → {D070BD48-05DB-4F29-BB4E-FCEA17667687} URL =
                BHO: Foxit PhantomPDF Create PDF ToolBar Helper → {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
                BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
                BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
                BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper → {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
                BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
                Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
                Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
                Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
                Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
                Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
                Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
                Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
                Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
                Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
                Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation → Microsoft Corporation)
                
                (If an entry is included in the fixlist, it will be removed from the registry.)
                
                IE trusted site: HKU\S-1-5-21-516455074-3529725477-31475253-1001...\sharepoint.com → hxxps://doguakdeniz-files.sharepoint.com
                
                ==================== Hosts content: =========================
                
                (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
                
                2019-12-07 14:14 - 2023-07-04 00:15 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
                
                2022-04-27 03:53 - 2023-07-06 14:03 - 000000525 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
                192.168.137.114 HUAWEI_MatePad_11-ce7ac16.mshome.net # 2023 7 4 13 9 3 13 606
                192.168.137.1 LAPTOP-BQN0JE4L.mshome.net # 2028 7 2 4 9 3 13 606
                
                ==================== Other Areas ===========================
                
                (Currently there is no automatic fix for this section.)
                
                HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\OpenSSH;C:\Program Files\dotnet
                HKU\S-1-5-21-516455074-3529725477-31475253-1001\Control Panel\Desktop\Wallpaper → C:\Users\tzahi\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\abstract-background-5544x2480-10823.jpg
                DNS Servers: 192.168.1.1
                HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
                HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
                HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
                Windows Firewall is enabled.
                
                ==================== MSCONFIG/TASK MANAGER disabled items ==
                
                (If an entry is included in the fixlist, it will be removed.)
                
                HKU\S-1-5-21-516455074-3529725477-31475253-1001...\StartupApproved\Run: => “EpicGamesLauncher”
                HKU\S-1-5-21-516455074-3529725477-31475253-1001...\StartupApproved\Run: => “Discord”
                HKU\S-1-5-21-516455074-3529725477-31475253-1001...\StartupApproved\Run: => “XperiaCompanionAgent”
                
                ==================== FirewallRules (Whitelisted) ================
                
                (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
                
                FirewallRules: [UDP Query User{EA28C9BF-57C5-43E3-A2F1-CCBA70771B67}G:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) G:\games\scrap mechanic\release\scrapmechanic.exe => No File
                FirewallRules: [TCP Query User{EB19FCAB-5755-47FD-B469-2AC6B697F463}G:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) G:\games\scrap mechanic\release\scrapmechanic.exe => No File
                FirewallRules: [UDP Query User{B5F0B45F-121A-4751-8BCA-446A8D83452A}G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe] => (Allow) G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe => No File
                FirewallRules: [TCP Query User{AD6655D5-D0F0-4383-9CFF-B4CF0DA2FF31}G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe] => (Allow) G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe => No File
                FirewallRules: [UDP Query User{F628B4F6-1D8D-45A0-9E94-7CF81819442B}G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
                FirewallRules: [TCP Query User{A0BCCD4D-9A5B-4B0B-A7F2-A0786144B0BF}G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
                FirewallRules: [UDP Query User{C6452449-CB73-4359-A274-18F6844A794E}G:\games\epic games\fallguys\fallguys_client_game.exe] => (Block) G:\games\epic games\fallguys\fallguys_client_game.exe => No File
                FirewallRules: [TCP Query User{4D4716CE-B023-4059-8BB5-69109DE13CD6}G:\games\epic games\fallguys\fallguys_client_game.exe] => (Block) G:\games\epic games\fallguys\fallguys_client_game.exe => No File
                FirewallRules: [UDP Query User{0079DD27-BE20-40EF-96B7-B041B8C38B42}C:8\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:8\games\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [TCP Query User{8290BD0F-9C0D-4C57-B4E6-6BD9F1BF4979}C:8\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:8\games\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [UDP Query User{EC880E9B-6339-4142-A9DF-195CF4B7F548}C:4\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:4\games\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [TCP Query User{7455CCF7-4821-46E1-9AC4-99DAAC1ED0C9}C:4\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:4\games\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [UDP Query User{86A1D011-AF02-4E84-905B-041E00021A8E}G:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [TCP Query User{FD82AA22-29D1-463E-BEA6-B6BCFFE9B6F6}G:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [UDP Query User{91A86FBF-F7E3-4D90-8B48-AB7AE27860E5}C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe => No File
                FirewallRules: [TCP Query User{D7262939-48C9-4911-9D26-FC73EBD360B3}C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe => No File
                FirewallRules: [{01148211-9260-478B-BFBE-BEBF656A6723}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
                FirewallRules: [{C6947DE2-5C0B-473A-8EEC-87C982DD0923}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
                FirewallRules: [{DDCD9EDB-FA3F-4A35-A805-FFDE8C260241}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
                FirewallRules: [{C6A1318C-2AA9-4295-B067-F1E127337781}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
                FirewallRules: [{B85120DE-6858-4F4F-9A5C-04534AC5DB19}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
                FirewallRules: [{51474B11-90B4-42F4-BA7B-2F0EF0E2EBA6}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
                FirewallRules: [UDP Query User{6E76F11A-31FD-47D9-808C-DC26B315FB10}G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File
                FirewallRules: [TCP Query User{D74A2248-60C0-4216-BC08-9EC19356DCC4}G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File
                FirewallRules: [{DF69DABD-6F13-4E02-B946-3434A01E33D3}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
                FirewallRules: [{7B70BD56-3B0F-434B-ABF3-FC98622B5050}] => (Allow) G:\Nox\bin\Nox.exe => No File
                FirewallRules: [{9EB7B4F0-A658-4C3C-8826-10F4D6FDCEE0}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
                FirewallRules: [{0AC01DF3-1247-44E6-9ACB-C344CC07ABCE}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
                FirewallRules: [{B17DD100-466D-4D6A-9761-32E58F86D229}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\launcher.exe => No File
                FirewallRules: [{21132FD2-9F3A-446C-A5C4-26A2E43892C5}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\launcher.exe => No File
                FirewallRules: [UDP Query User{CDAC9157-EF8A-44EF-9199-6A6DCF877134}C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe
                FirewallRules: [TCP Query User{ACC88C82-6E4A-4F4F-A795-73DB027299AB}C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe
                FirewallRules: [{2218EC88-AB59-40E2-8429-C7901D99CB2C}] => (Allow) C:6\Games\Apex\EasyAntiCheat_launcher.exe => No File
                FirewallRules: [{D80405D4-2D08-47F3-93C3-E289D250F4DF}] => (Allow) C:6\Games\Apex\EasyAntiCheat_launcher.exe => No File
                FirewallRules: [UDP Query User{B67C447F-BB5D-45A2-81D9-F74B8A9638DE}C:0\games\alienisolation\ai.exe] => (Allow) C:0\games\alienisolation\ai.exe => No File
                FirewallRules: [TCP Query User{0F2EE437-3297-4AD6-9036-C68B225E1ED2}C:0\games\alienisolation\ai.exe] => (Allow) C:0\games\alienisolation\ai.exe => No File
                FirewallRules: [UDP Query User{6B9146FE-1C34-4923-AEF8-2C7854C53F6A}C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
                FirewallRules: [TCP Query User{40B18058-B3EA-410C-AABC-67F7B0CE5A76}C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
                FirewallRules: [{AF31A34F-3AE4-4177-852C-FB25F9EA6512}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe => No File
                FirewallRules: [{670A6739-0E4B-4FA0-B399-AFA9BF3DCCEB}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe => No File
                FirewallRules: [{F7D4E450-DA93-4EE0-8A49-71E56D22956B}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
                FirewallRules: [{48D7F757-F925-4334-9406-86D65CEEDF92}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
                FirewallRules: [UDP Query User{C9823F84-1984-4090-907F-DC3702EE5C3C}G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
                FirewallRules: [TCP Query User{9B1C125E-F31B-4EB1-A660-4A42AD0031B8}G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
                FirewallRules: [UDP Query User{8D778748-74C2-4A53-8246-F355CDB36559}D:\games\thealtocollection\the alto collection.exe] => (Allow) D:\games\thealtocollection\the alto collection.exe => No File
                FirewallRules: [TCP Query User{BE086E0D-5C43-4C1F-9345-8CFBB02837E0}D:\games\thealtocollection\the alto collection.exe] => (Allow) D:\games\thealtocollection\the alto collection.exe => No File
                FirewallRules: [UDP Query User{93616156-6050-4782-9135-382098F0125B}C:\users\tzahi\downloads_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe] => (Allow) C:\users\tzahi\downloads_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe => No File
                FirewallRules: [TCP Query User{F2376F81-F25A-4240-9DA7-074BED35B83A}C:\users\tzahi\downloads_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe] => (Allow) C:\users\tzahi\downloads_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe => No File
                FirewallRules: [UDP Query User{13D6E50B-8C50-4C01-BD48-F76ED594F5C1}C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe] => (Allow) C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe => No File
                FirewallRules: [TCP Query User{353ACCB8-F62C-488B-A610-12860458E4DE}C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe] => (Allow) C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe => No File
                FirewallRules: [UDP Query User{9ADC7A0D-6B8A-4780-AD91-F58B0AF10FE3}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
                FirewallRules: [TCP Query User{4DD82B7C-7456-4F85-AC55-594AC94FF4F9}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
                FirewallRules: [{5240E39F-9644-4A12-BD38-D757DE5CDE3B}] => (Allow) C:\Program Files\Huawei\PCManager\HWVCR.exe => No File
                FirewallRules: [UDP Query User{C5CC5E83-9AE7-430E-8A69-893AAB721002}G:\games\alienisolation\ai.exe] => (Allow) G:\games\alienisolation\ai.exe => No File
                FirewallRules: [TCP Query User{13C379D5-EDCE-4E1F-AAA7-7056FB3B1656}G:\games\alienisolation\ai.exe] => (Allow) G:\games\alienisolation\ai.exe => No File
                FirewallRules: [UDP Query User{B31C2896-6F9F-4BB8-915F-6463DE3E92CA}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
                FirewallRules: [TCP Query User{57A72B6A-3BC4-4BC4-B935-F764EE63E2C1}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
                FirewallRules: [{BFDC8DDA-B806-4CFA-936F-74361414B688}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
                FirewallRules: [{D349103B-4285-496E-9CB5-0D02ACF2C655}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
                FirewallRules: [{3E641BF7-7B82-4104-AE0B-9DB957AD3993}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
                FirewallRules: [{D4E98496-5FB9-439E-84B8-CA29C65E524D}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
                FirewallRules: [UDP Query User{032F130F-CE2D-4F0B-9689-EA25664C3B61}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
                FirewallRules: [TCP Query User{2E72795F-2FCB-4F29-9BC2-918C792784CE}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
                FirewallRules: [UDP Query User{96736BC3-6EAF-4D40-9749-EDDA9C099D12}C:4\haloinfinite.exe] => (Allow) C:4\haloinfinite.exe => No File
                FirewallRules: [TCP Query User{799FC99B-3EE1-4608-8404-58E4F28D94C1}C:4\haloinfinite.exe] => (Allow) C:4\haloinfinite.exe => No File
                FirewallRules: [UDP Query User{A22BB818-D073-47B3-A13D-9EE73A3A4545}G:\games\need for speed heat\needforspeedheat.exe] => (Allow) G:\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [TCP Query User{F2201F51-2D5A-477A-950E-92DDF6F77CBC}G:\games\need for speed heat\needforspeedheat.exe] => (Allow) G:\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [UDP Query User{9147ECAD-4EA4-4DEB-BF1D-AFA2E046C448}D:\games\halo - combat evolved\halo.exe] => (Allow) D:\games\halo - combat evolved\halo.exe => No File
                FirewallRules: [TCP Query User{19BA2A16-59CB-4748-B66A-B30F21E6F212}D:\games\halo - combat evolved\halo.exe] => (Allow) D:\games\halo - combat evolved\halo.exe => No File
                FirewallRules: [UDP Query User{F36DEEA1-23BF-4B09-B3D4-B174E93CDB1F}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
                FirewallRules: [TCP Query User{896A95CD-3759-4D51-9AF0-D659AA3F8C5B}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
                FirewallRules: [UDP Query User{33AD8D6C-6243-43FD-80BF-F6F245D9FC85}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
                FirewallRules: [TCP Query User{2A7286D4-1DDC-4BDC-8C8D-44F453D2D5AD}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
                FirewallRules: [UDP Query User{6979730F-9FD2-4E15-851D-42273A7836B5}E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
                FirewallRules: [TCP Query User{7FAF4581-5E01-4380-A2AC-6EAAFEA7D2DA}E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
                FirewallRules: [UDP Query User{7D0A512A-8B78-4D8E-8FA4-6866B09C41AA}D:6\games\need for speed heat\needforspeedheat.exe] => (Allow) D:6\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [TCP Query User{A7AEAB1E-82BA-48A9-93F3-A6422090A5CB}D:6\games\need for speed heat\needforspeedheat.exe] => (Allow) D:6\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [UDP Query User{0ACBD6DF-7CCF-4C90-B544-0490AFF45C28}C:8\games\need for speed heat\needforspeedheat.exe] => (Allow) C:8\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [TCP Query User{E076492C-43A7-4F0D-B98F-56C18F280BFC}C:8\games\need for speed heat\needforspeedheat.exe] => (Allow) C:8\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [UDP Query User{34220ABC-610D-48E8-9E83-5077596F3D71}C:0\games\need for speed heat\needforspeedheat.exe] => (Allow) C:0\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [TCP Query User{6C337EA5-260D-44CF-A356-0C9EE5A03E9D}C:0\games\need for speed heat\needforspeedheat.exe] => (Allow) C:0\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [UDP Query User{7474242E-5991-44A3-8A26-8BBFDCD44427}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
                FirewallRules: [TCP Query User{AB423B4E-4F6A-4D37-9175-822D9220F913}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
                FirewallRules: [UDP Query User{20C3997E-BCFB-448B-8B6A-3C2A949E262F}E:\games\need for speed heat\needforspeedheat.exe] => (Allow) E:\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [TCP Query User{633368D0-825A-4931-A016-8C0063235851}E:\games\need for speed heat\needforspeedheat.exe] => (Allow) E:\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [UDP Query User{A3AADF0F-C0D6-4D16-8D97-6D50753F8CDE}E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe] => (Allow) E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [TCP Query User{6F079768-278D-4793-89E7-FFAEA7A20C57}E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe] => (Allow) E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [UDP Query User{492D7C10-DE5B-4F47-A6A7-C509ACC13DAB}E:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) E:\games\scrap mechanic\release\scrapmechanic.exe => No File
                FirewallRules: [TCP Query User{A3E321D0-A618-4D5A-8CBA-D7AEDB6D02A8}E:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) E:\games\scrap mechanic\release\scrapmechanic.exe => No File
                FirewallRules: [{483E1497-5E75-4E0C-9C99-49677EACA549}] => (Allow) C:\Users\tzahi\AppData\Local\Temp\7zS1821\HP.EasyStart.exe => No File
                FirewallRules: [{624BF7BD-7287-46A3-8BA5-DDE03D760207}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard → HP Inc.)
                FirewallRules: [{745143F7-3627-4358-B774-65469BB22287}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (Hewlett Packard → HP Inc.)
                FirewallRules: [UDP Query User{2BE7F379-EA57-4382-AA63-BDDF28BCC7A7}D:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\games\scrap mechanic\release\scrapmechanic.exe => No File
                FirewallRules: [TCP Query User{6BE017BB-76DD-4F71-BE14-7D89CA9874CE}D:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\games\scrap mechanic\release\scrapmechanic.exe => No File
                FirewallRules: [UDP Query User{7C4ED888-1FF2-4BC2-AFC5-FADBE245A80F}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
                FirewallRules: [TCP Query User{27ECEF1F-3BA5-408E-9365-942DD0019CB7}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
                FirewallRules: [UDP Query User{B5E25C3C-619E-4DF7-8CE9-13D3BC92A016}D:\games\call of duty - world at war\codwawmp.exe] => (Allow) D:\games\call of duty - world at war\codwawmp.exe => No File
                FirewallRules: [TCP Query User{3688B6D7-87FE-4ACC-AEA5-A2F1D916A656}D:\games\call of duty - world at war\codwawmp.exe] => (Allow) D:\games\call of duty - world at war\codwawmp.exe => No File
                FirewallRules: [UDP Query User{B4F8C979-E8D9-4621-99DC-39CB33225CF9}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
                FirewallRules: [TCP Query User{46BC3532-350C-4B08-879B-6CA2D25348B8}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
                FirewallRules: [UDP Query User{981D4048-3A8E-466A-8A6E-33CE7E14930B}D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe => No File
                FirewallRules: [TCP Query User{CEB568B2-B264-4B20-A3AC-1883A3B110CD}D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe => No File
                FirewallRules: [UDP Query User{CF9F81C2-2267-47CB-A8D2-7C26F4D9F630}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
                FirewallRules: [TCP Query User{4063D162-4AE4-40DF-AFFF-DEAB784CA913}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
                FirewallRules: [TCP Query User{EBADD02C-BBC9-4F0F-9F8F-66DE30B15C99}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe => No File
                FirewallRules: [UDP Query User{0216A500-D61C-46EB-8B32-DE85C9E383D1}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe => No File
                FirewallRules: [TCP Query User{8FA96D3B-E7E6-45FF-9065-A1D32C49FB38}E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
                FirewallRules: [UDP Query User{48AE4541-051A-47BB-8800-EA48B79BD852}E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
                FirewallRules: [{B562A4CE-27C2-4D1D-B7E4-3A36C96E0F92}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
                FirewallRules: [{304EE8D8-3F5A-49A5-BECF-3575DB29617E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
                FirewallRules: [{BAFF4445-C787-451D-ABE8-BDC6E4FAC935}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
                FirewallRules: [{A24A1572-C7C5-4B01-B3AC-B0E51B6CE4E8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
                FirewallRules: [{4E91C996-AC44-4DBD-B236-80F2EEB400A1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
                FirewallRules: [{2F9AC40A-89F9-42DF-8DAC-1E95C36F659E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
                FirewallRules: [{E181A739-F50D-47C4-B096-B24A0FE73C69}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
                FirewallRules: [{D49FB4CB-2370-485A-B4F9-0F0DBEA5B0ED}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
                FirewallRules: [{DF49A91C-5D4E-469B-B7CE-643823718E89}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe => No File
                FirewallRules: [{FF74FF6D-CE35-49AF-BCC6-3FE721870BFC}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe => No File
                FirewallRules: [{06E27EE6-529B-47B7-B780-C7C90E0ED745}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
                FirewallRules: [{191F5EB6-5D65-45FD-A5C3-497B3FE7E194}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\airhost.exe => No File
                FirewallRules: [{D98FDDD9-F538-49E3-8C37-15C161B58243}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\airhost.exe => No File
                FirewallRules: [TCP Query User{2A31E666-7087-4A06-95CA-C91D900259B9}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [UDP Query User{4213F32C-23B4-45CC-B534-0DF1FE3B2E5D}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [TCP Query User{164886CA-B042-419F-9A19-8B2FD218A56B}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
                FirewallRules: [UDP Query User{55CCA0CE-89F8-46B3-A341-76D1F41F9389}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
                FirewallRules: [TCP Query User{A945DC9E-537C-4D94-BE0F-5C583BF08EC2}D:\games\need for speed heat\needforspeedheat.exe] => (Allow) D:\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [UDP Query User{296D16E9-D655-4045-8277-49C46A79C436}D:\games\need for speed heat\needforspeedheat.exe] => (Allow) D:\games\need for speed heat\needforspeedheat.exe => No File
                FirewallRules: [TCP Query User{052E67D2-1DEF-4EF8-A9C6-0474F5E19FB8}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [UDP Query User{A272DE0D-1538-40C5-8009-DFECDAE829F0}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => No File
                FirewallRules: [TCP Query User{08784593-E73B-4C4B-BE0B-7BCE48CF8476}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
                FirewallRules: [UDP Query User{AF409DEC-2DB2-4B0C-B6C9-750C36ADA323}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
                FirewallRules: [TCP Query User{E5FBC816-AC93-40F4-B865-10090B2324FE}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
                FirewallRules: [UDP Query User{14DBF5DF-3D0A-4F40-A274-B342EA877FF0}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
                FirewallRules: [TCP Query User{688E2E3D-AAFB-40FA-9D31-39E89F90AC8F}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
                FirewallRules: [UDP Query User{95A5A608-C279-42A9-ADE4-D68320D5B4CD}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
                FirewallRules: [TCP Query User{F5917260-8A37-4CF4-80D9-066BEF8509A2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [UDP Query User{B2C71823-5E92-4AA9-BC02-D15A42562402}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [TCP Query User{404A6B72-A68D-4603-8F4C-46CF062CDD13}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [UDP Query User{474F5B6E-7604-49E4-89B7-5EC033D01880}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [TCP Query User{4A0FDF09-C814-4D16-8B2B-311A6B34D8BE}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [UDP Query User{088B53CC-385E-4375-8986-0D21D16223F9}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [TCP Query User{1739FFA1-65B5-4DA9-AAE0-AE9BDAAF28A2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [UDP Query User{2EA08748-D7F4-4FF0-8843-A97F80082E6E}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [TCP Query User{67879EC0-7F45-43E2-A1BE-6E172D789D8E}E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
                FirewallRules: [UDP Query User{911A7058-14F7-469B-B8F3-AAF9868BD92B}E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
                FirewallRules: [TCP Query User{F338CC62-138A-4312-916E-1A7175017E8C}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
                FirewallRules: [UDP Query User{3902C0A1-9C7B-4A41-AC27-62391E508EC2}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
                FirewallRules: [TCP Query User{0F56E17D-578F-4D7D-A730-0F0B080E1139}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
                FirewallRules: [UDP Query User{02FE9A59-75D1-4B09-810C-BAE04F5E68BD}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
                FirewallRules: [TCP Query User{82549B22-3496-4A57-9AD6-883C97470EFD}G:\games\call of duty - world at war\codwaw.exe] => (Allow) G:\games\call of duty - world at war\codwaw.exe => No File
                FirewallRules: [UDP Query User{575F1E90-FC88-48C5-A116-C87C21E942DD}G:\games\call of duty - world at war\codwaw.exe] => (Allow) G:\games\call of duty - world at war\codwaw.exe => No File
                FirewallRules: [{868539F8-B2F4-44DB-AA82-C1B99DCC3AE9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
                FirewallRules: [{F2000940-5EE3-4319-B89D-93FB90F55851}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
                FirewallRules: [TCP Query User{FCF10B71-8708-4A5A-B4C2-1C88081325DD}G:\games\epic games\gtav\gta5.exe] => (Allow) G:\games\epic games\gtav\gta5.exe => No File
                FirewallRules: [UDP Query User{DFBA9E29-CF2C-4602-9AFB-5F05A40658DB}G:\games\epic games\gtav\gta5.exe] => (Allow) G:\games\epic games\gtav\gta5.exe => No File
                FirewallRules: [{47A73207-3BA6-4617-9183-C3E577806E1B}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{695AA84C-C6F1-44FE-8A8B-7618020CBD29}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{C41F783A-62C6-47A9-8B25-EA25514E98F3}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{CC70A4A5-D07B-4BF0-993C-EB4F4D8E00CC}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{EA7AEB47-F243-4E32-A7F7-283E5B034C33}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{EB743446-677D-4E57-9163-574EEE2191E6}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{77FC2787-94C0-401A-8017-4937626ABB15}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{077ECFA9-D03C-48B1-A262-0305C940FE98}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{7CA8893A-BD42-4A46-BB93-B77E47B0D3B2}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{246D140C-9362-471F-9378-FFDBA944F763}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{75B3F4BD-8A15-4F76-B3A8-A87D82722CF0}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{73F30F65-AE19-4C2B-AE1C-DE4AF1996A00}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{907EDA94-129E-4E08-94F2-B3D0FD5A5DEA}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{7F5EAC2E-9BFB-4AEE-AE7A-231CFB2197B7}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{ED348C74-04D7-4833-8A83-B1461AD0B438}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{B6F7D6F6-8E19-443B-815C-18AF3CAE6958}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{BE1C6A13-DA3A-46BD-A88A-874C083EE926}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{FA1E39E1-6A96-4BB8-AC9C-EE2E4B67EF9E}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{DBDFA9E9-8495-40B3-A85E-B08396CC5B84}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{A27B01A1-3CB8-49D1-9561-8DF592C30BC3}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{7D9704AE-8F10-499D-A17C-494D69BE8B1A}] => (Allow) C:\Program Files\Huawei\PCManager\WeLook.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{A366E840-6FA3-46F7-8BA4-BC0DE8F5EA51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{B936A21D-4D1B-4007-9CE3-2A57C9687689}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{18E9511D-46B7-4AF6-B5A7-246DC43E1FD0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{7C927E17-F6A0-4FF0-8A51-60413B2D3297}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{33F23815-FBA9-4F0E-AD13-86CEA1F3A12B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{0F54CC9A-62FA-4252-A806-03BE91226BD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{55452FB0-B240-44E1-ABE9-353B866A3337}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{80039718-1023-4E22-9EE4-4AC364E70D2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{644642DF-CAEF-47FF-9E40-0470941187AA}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{3BB5B344-A168-41FE-BC38-696315D9485D}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{0B369198-1A59-4B7F-B0BC-46C9EFAD6998}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{93358649-8692-4B9B-BFD5-CF3A5462AF41}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{3221B027-1D2C-4539-A3EB-7B37128F8051}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{96CA939F-6DAD-40A1-B381-68E0F1356FF3}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{7C526CC0-51BE-429B-B68D-774591ADD0C9}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{DD682023-17D4-4D26-8649-59378350961A}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
                FirewallRules: [{6D73BF28-7E09-469D-AC55-6B6BA3B07165}] => (Allow) G:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe => No File
                FirewallRules: [{08B6734A-AD50-4CC9-A5AC-11BABE336224}] => (Allow) G:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe => No File
                FirewallRules: [TCP Query User{3518FD20-0E74-4BCB-B848-9C4457DC352C}C:0\games\epic games\gtav\gta5.exe] => (Allow) C:0\games\epic games\gtav\gta5.exe => No File
                FirewallRules: [UDP Query User{901B7417-78B6-44AB-BC9E-84080A7A6BD9}C:0\games\epic games\gtav\gta5.exe] => (Allow) C:0\games\epic games\gtav\gta5.exe => No File
                FirewallRules: [TCP Query User{6E18A220-0088-40AB-BC50-A213E8CF5608}C:4\games\epic games\gtav\gta5.exe] => (Allow) C:4\games\epic games\gtav\gta5.exe => No File
                FirewallRules: [UDP Query User{CAEBC1F0-DE91-401C-9B66-1805EEE89BD0}C:4\games\epic games\gtav\gta5.exe] => (Allow) C:4\games\epic games\gtav\gta5.exe => No File
                FirewallRules: [TCP Query User{95F4086A-76EA-400E-86AA-86889102979E}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [UDP Query User{754DE51B-2ECA-4221-B4A2-C12D1625CCC2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
                FirewallRules: [TCP Query User{E8CFD126-90D3-40C1-B8D7-E06FFD558F15}C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe (Discord Inc. → Discord Inc.)
                FirewallRules: [UDP Query User{61E94D63-A178-41EF-9D53-2012B3394D0D}C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe (Discord Inc. → Discord Inc.)
                FirewallRules: [{2EA198D2-F5CF-4D21-A571-02146DBDD8D3}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
                FirewallRules: [{E76499F9-0013-4AD2-92F4-24818FD67E3D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
                FirewallRules: [{45187A72-1DCD-44B4-8BB9-4242BD246879}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
                FirewallRules: [{5D43B417-5712-4C53-9794-FBCEEB050768}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation → )
                FirewallRules: [{7FE08657-F96A-4A49-B769-4DD6948BC24D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation → )
                FirewallRules: [{2DAA5A39-D37F-43EC-BE02-D79E3B8022A3}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation → )
                FirewallRules: [{F9B8995A-E3A9-4E03-9241-99B8D9976B43}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation → )
                FirewallRules: [{BCCB7EE4-7A09-4BBA-9A1E-AFE04873401A}] => (Allow) C:\Users\tzahi\AppData\Local\Temp\utorrent\utorrent.exe => No File
                FirewallRules: [{4B1354C8-E7D9-4F54-A867-0B13C15A7E28}] => (Allow) C:\Users\tzahi\AppData\Local\Temp\utorrent\utorrent.exe => No File
                FirewallRules: [{3F5EC13A-0B96-4296-A464-E31497309942}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe => No File
                FirewallRules: [{D2DFC4EA-6248-45D4-B03B-B2EC1409BBD7}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe => No File
                FirewallRules: [{278016B9-43AA-4390-8983-313FF73E2172}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
                FirewallRules: [{46C04076-8BB7-4A78-932B-8BFDA90D3301}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
                FirewallRules: [{E80FDD3F-1ACE-438D-9AED-9AE369953EC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
                FirewallRules: [{D537EC0D-64E5-4776-B192-A46D464D029C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
                FirewallRules: [TCP Query User{4DD6DC7E-93FB-4F27-872E-C6A6486B57E7}G:\games\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe] => (Allow) G:\games\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe => No File
                FirewallRules: [UDP Query User{2F8AB3E9-CCE1-4574-AABF-7AD8443025D9}G:\games\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe] => (Allow) G:\games\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe => No File
                FirewallRules: [{E6783EBE-1E2F-4084-A177-9A11FB312229}] => (Allow) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
                FirewallRules: [{950CCA77-40F3-47BF-A937-04B1F204503B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{F2A58129-F755-4310-9FE3-BF78F9383CBB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{3C8CAAD9-FCA1-45FD-B00D-F1BBBCF93A2D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{F500499C-6AA0-488C-BB34-D001E6413A0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{0A0D2096-8A31-41D7-93CE-DB405A745F43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{D131EACF-AE3E-4826-AA68-3D9A8E924F2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{6CFA9FFC-3344-41AB-ACA8-15C7F9B9CE13}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{862D8FF7-7FFC-408E-AD9B-E5897628EEE1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{43CA19FF-5559-431F-8BFE-986636CCBEE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{FA7F6C92-54C6-4194-A474-41FCE97626AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
                FirewallRules: [{39BA118D-01D2-45FC-ACA4-F278508898E4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
                
                ==================== Restore Points =========================
                
                ATTENTION: System Restore is disabled (Total:461.23 GB) (Free:167.75 GB) (36%)
                
                ==================== Faulty Device Manager Devices ============
                
                Name: Virtual Display Device
                Description: Virtual Display Device
                Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
                Manufacturer: Huawei
                Service: WUDFRd
                Problem: : This device is disabled. (Code 22)
                Resolution: In Device Manager, click “Action”, and then click “Enable Device”. This starts the Enable Device wizard. Follow the instructions.
                
                ==================== Event log errors: ========================
                [HEADING=1]Application errors:[/HEADING]
                Error: (07/21/2023 06:41:07 PM) (Source: VSS) (EventID: 8193) (User: )
                Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
                .
                
                Error: (07/21/2023 06:41:07 PM) (Source: VSS) (EventID: 13) (User: )
                Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
                ]
                
                Error: (07/21/2023 06:41:07 PM) (Source: VSS) (EventID: 8193) (User: )
                Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
                .
                
                Error: (07/21/2023 06:41:07 PM) (Source: VSS) (EventID: 13) (User: )
                Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
                ]
                
                Error: (07/18/2023 05:32:55 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-BQN0JE4L)
                Description: Faulting application name: GTA5.exe, version: 1.0.2944.0, time stamp: 0x6481e52b
                Faulting module name: clr.dll, version: 4.8.9167.0, time stamp: 0x648f6bcc
                Exception code: 0xc000041d
                Fault offset: 0x00000000005f8960
                Faulting process id: 0x0x4f50
                Faulting application start time: 0x0x1d9b97185bb28ce
                Faulting application path: G:\Games\Epic Games\GTAV\GTA5.exe
                Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
                Report Id: 890aed60-37a4-414a-bcd0-c23a51da1370
                Faulting package full name:
                Faulting package-relative application ID:
                
                Error: (07/18/2023 12:13:12 AM) (Source: Universal Print) (EventID: 1) (User: )
                Description: Failed to get auth header with 0xcaa70004mcpmanagementservice.dll
                
                Error: (07/18/2023 12:13:12 AM) (Source: Universal Print) (EventID: 1) (User: )
                Description: Error requesting OAuth token. hr: 0xcaa70004, WebTokenRequestStatus: 5, Error: The server or proxy was not found.mcpmanagementservice.dll
                
                Error: (07/18/2023 12:13:10 AM) (Source: Universal Print) (EventID: 1) (User: )
                Description: Failed to get auth header with 0xcaa70004mcpmanagementservice.dll
                [HEADING=1]System errors:[/HEADING]
                Error: (07/27/2023 04:55:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
                Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NKSQGP7F2NH-5319275A.WhatsAppDesktop.
                
                Error: (07/27/2023 04:48:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
                Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9N36PPMP8S23-A-Volute.Nahimic.
                
                Error: (07/27/2023 04:43:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
                Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
                
                Error: (07/27/2023 03:51:56 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-BQN0JE4L)
                Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.
                
                Error: (07/27/2023 03:48:50 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
                Description: Miniport Remote NDIS Compatible Device, {f56d216f-17ce-4734-aca7-25767677a9dd}, had event 74
                
                Error: (07/27/2023 03:48:45 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
                Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {09488615-b6d1-4e7d-beb0-98da4ac09c15}, had event 74
                
                Error: (07/21/2023 08:35:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
                Description: The luafv service failed to start due to the following error:
                This driver has been blocked from loading
                
                Error: (07/21/2023 08:35:24 PM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
                Description: 0x000000be (0xffffac8fbbce7000, 0x8a00000446f95121, 0xfffff8053bba2810, 0x000000000000000a)C:\WINDOWS\Minidump\072123-7609-01.dmp2530c8c0-868a-48f8-8ecc-61b80dff4ad4
                [HEADING=1]CodeIntegrity:[/HEADING]
                Date: 2023-07-27 15:53:51
                Description:
                Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.
                
                Date: 2023-07-17 18:18:28
                Description:
                Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.
                
                Date: 2023-07-16 22:02:45
                Description:
                Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.79\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.
                
                Date: 2023-07-12 21:15:59
                Description:
                Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.
                
                Date: 2023-07-04 00:10:46
                Description:
                Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\protected_elam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
                
                ==================== Memory info ===========================
                
                BIOS: HUAWEI 1.18 11/02/2022
                Motherboard: HUAWEI BOD-WXX9-PCB
                Processor: 11th Gen Intel(R) Core™ i5-1135G7 @ 2.40GHz
                Percentage of memory in use: 43%
                Total physical RAM: 16183.3 MB
                Available physical RAM: 9068.51 MB
                Total Virtual: 17207.3 MB
                Available Virtual: 9820.76 MB
                
                ==================== Drives ================================
                
                Drive c: (Windows) (Fixed) (Total:461.23 GB) (Free:167.75 GB) (Model: WDC PC SN730 SDBPNTY-512G-1027) NTFS
                
                \?\Volume{9a0dabee-9acc-4d60-be69-c3079cfd1a82}\ (WINPE) (Fixed) (Total:0.5 GB) (Free:0.13 GB) FAT32
                \?\Volume{494f1438-4524-4393-8a1c-323bdd1f24ec}\ (Onekey) (Fixed) (Total:14 GB) (Free:1.77 GB) NTFS
                \?\Volume{b395fef3-abfd-4d8e-a4a8-4a1a0f71ea08}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.35 GB) NTFS
                \?\Volume{0a1fd3ba-eb4e-4d8d-83e7-d6538410e931}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.14 GB) FAT32
                
                ==================== MBR & Partition Table ====================
                
                ==================== End of Addition.txt =======================
                [/HEADING]

                Comment

                • taimrarchy
                  PCHF Member
                  • Jul 2023
                  • 38

                  #23
                  I’m attaching the file because it’s taking too long to upload the text onto the site

                  Comment

                  • taimrarchy
                    PCHF Member
                    • Jul 2023
                    • 38

                    #24
                    Again… I’m sorry I haven’t replied in a while. It’s just wi-fi is pretty bad so i haven’t even used my laptop, just been checking the site on my tablet hope the logs I’ve uploaded help. ???

                    Comment

                    • Malnutrition
                      PCHF Moderator
                      • Jul 2016
                      • 7041

                      #25
                      I will have to make a reply here tomorrow. I had a 14 hour work day today.

                      Comment

                      • taimrarchy
                        PCHF Member
                        • Jul 2023
                        • 38

                        #26
                        No problem, you can take your time. It’s my fault I didn’t do it when you were free

                        Comment

                        • Malnutrition
                          PCHF Moderator
                          • Jul 2016
                          • 7041

                          #27
                          ZHP cleaner Scan.

                          Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
                          Once you have started the program, you will need to click the scanner button.
                          The program will close all open browsers!
                          Once the scan is completed, the you will want to click the Repair button.
                          At the end of the process you may be asked to reboot your machine.
                          After you reboot a report will open on your desktop.
                          Attach the report here in your next reply.

                          ZHP Diag Scanner.

                          Download ZHP Suite to your desktop.
                          Right Click Run as admin.
                          Hit the scanner button.
                          Once it is complete a file name ZHPdiag.txt will be on your desktop.
                          Attach it.

                          Comment

                          • Malnutrition
                            PCHF Moderator
                            • Jul 2016
                            • 7041

                            #28
                            @taimrarchy hello!

                            Comment

                            • taimrarchy
                              PCHF Member
                              • Jul 2023
                              • 38

                              #29
                              Hello??? I’ll download the ZHP stuff right now will report back when it’s done

                              Comment

                              • Malnutrition
                                PCHF Moderator
                                • Jul 2016
                                • 7041

                                #30
                                OK, The tools will clean some junk and give me a deeper look into your system to make sure I clean up proper.

                                Are you still having any issues? If so what are they?

                                Comment

                                Working...