Malware removal / windows security is not launching

**taimrarchy** · 08-07-2023, 05:29 PM

I’m not near my laptop right now will do when I get back. No issues other than windows security but I haven’t deleted malwarebytes. Will report back when done. No cmd window opens at startup now???. Thank you so much for your help, I am getting my bachelor’s in computer engineering and I hope I’m as good as you someday???

**Malnutrition** · 08-07-2023, 06:15 PM

Let me know how things go after uninstalling malwarebytes, right now it is default antivirus and when installed it will automatically disable defender. According to the logs your security is in tact just not running.

So long as everything is ok we will clean the tools we used and I’ll make a couple suggestions to keep you safe .

Just please follow thru either way.

**taimrarchy** · 08-08-2023, 11:16 AM

Unfortunately, windows security is still not starting up even after uninstalling malwarebytes.[ATTACH type=“full”]12444[/ATTACH]

**Malnutrition** · 08-08-2023, 04:28 PM

Download and unzip farbar service scanner to your desktop, right click and run as admin…check all boxes and hit scan.
Post the log created.

Also please post fresh FRST and Addition logs.

**taimrarchy** · 08-11-2023, 07:39 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2023

Code:

Ran by tmmrcy (administrator) on LAPTOP-BQN0JE4L (HUAWEI BOD-WXX9) (11-08-2023 12:37:48)
Running from C:\Users\tzahi\Desktop\PC Help Forum Tings\FRST64.exe
Loaded Profiles: tmmrcy
Platform: Microsoft Windows 11 Home Version 22H2 22621.1928 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Huawei\HMS Core\HMSCoreService.exe ->) (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HMS Core\HMSCoreContainer.exe
(C:\Program Files\Huawei\PCManager\HwMdcCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\DFSSearchService.exe
(C:\Program Files\Huawei\PCManager\HwMdcCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\HwMdcUI.exe
(C:\Program Files\Huawei\PCManager\MateBookService.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\HwMdcCenter.exe
(C:\Program Files\Huawei\PCManager\MateBookService.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe
(C:\Program Files\Huawei\PCManager\MateBookService.exe ->) (Huawei Technologies Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\Hiview\HiviewService.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MessageCenterUI.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\PerfWndMonHelper.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\PerfWndMonHelper_x86.exe
(C:\Program Files\Intel\Intel Arc Control\ArcControl.exe ->) (Intel Corporation → Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlAssist.exe <4>
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe <6>
(C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe ->) (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscenter.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_8ff0c770073083e6\igfxCUIServiceN.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_8ff0c770073083e6\igfxEMN.exe
(explorer.exe ->) (Intel Corporation → Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControl.exe
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(explorer.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(HWVEAudioService.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\WINDOWS\System32\HWVEAudioSession.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (A-Volute SAS → Nahimic) C:\WINDOWS\System32\NahimicService.exe
(services.exe ->) (Electronic Arts, Inc. → Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (FOXIT SOFTWARE INC. → Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\BasicService\BasicService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\HiConnectivityService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\HwDistributedMainService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MateBookService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\WINDOWS\System32\HWVEAudioService.exe
(services.exe ->) (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.) C:\WINDOWS\System32\RPC\OSD\osdservice.exe
(services.exe ->) (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HMS Core\HMSCoreService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\wucs\WUCSProxyService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_8ff0c770073083e6\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_8f2d0015d04700ee\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_209893c165df0d65\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\piecomponent.inf_amd64_0570478011758f12\Intel_PIE_Service.exe
(services.exe ->) (Intel Corporation → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation → Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group → Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher → Fortemedia) C:\WINDOWS\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher → Goodix) C:\WINDOWS\System32\drivers\SessionService.exe
(services.exe ->) (Realtek Semiconductor Corp. → Realtek Semiconductor) C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4b6fe1c4e6f1d68a\RtkAudUService64.exe <3>
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 → Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 → ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.20.0_x64__w2gh52qy24etm\Nahimic3.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 → ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2330.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (A-Volute SAS → Nahimic) C:\WINDOWS\System32\NahimicSvc64.exe
(svchost.exe ->) (A-Volute SAS → Nahimic) C:\WINDOWS\SysWOW64\NahimicSvc32.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 → Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows → ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\SppExtComObj.Exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\UUS\amd64\MoUsoCoreWorker.exe <2>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.1989_none_e916434243038c9d\TiWorker.exe
(svchost.exe ->) (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4b6fe1c4e6f1d68a\RtkAudUService64.exe [1256520 2021-04-13] (Realtek Semiconductor Corp. → Realtek Semiconductor)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [739448 2023-03-17] (Oracle America, Inc. → Oracle Corporation)
HKLM-x32...\Run: [Intel® Arc™ Control] => C:\Program Files\Intel\Intel Arc Control\ArcControl.exe [1510440 2023-07-12] (Intel Corporation → Intel Corporation)
HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607544 2023-08-05] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Run: [MicrosoftEdgeAutoLaunch_2CDA1A8278879F750DEE63BCC2A16BEC] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start /prefetch:5 [4088256 2023-07-27] (Microsoft Corporation → Microsoft Corporation)
HKLM...\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard → HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] → C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] → C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {EDC366EF-45FE-4A02-ABAB-5C2921129071} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4850904 2023-05-24] (Intel Corporation → Intel Corporation)
Task: {BE674982-A7EE-4549-8C50-F7D672040895} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4850904 2023-05-24] (Intel Corporation → Intel Corporation)
Task: {3CFE92F4-188D-44B6-814E-E59309BBBB13} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {5E564C6F-7249-43A2-9566-56A2D4188C70} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-05] (Microsoft Corporation → Microsoft Corporation)
Task: {F0C835BF-F81A-4E75-9A1C-1F1A74AFF9AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-08-05] (Microsoft Corporation → Microsoft Corporation)
Task: {C2BD78C4-38F2-4854-B410-760679D63845} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Task: {A5E68FA5-C108-4723-8E09-72D466251292} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158656 2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Task: {D4164F70-4ABF-4E69-95E6-7FD9FA24A53C} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Task: {3C2411E2-875F-4A96-803B-AD1FC43AB975} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [829544 2021-07-02] (A-Volute SAS → Nahimic)
Task: {A848FA44-1C8C-479F-A946-7E1AC9C29A71} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1088616 2021-07-02] (A-Volute SAS → Nahimic)
Task: {9BDCE42A-1BDD-4CAB-8C2C-BA1C7479B8FB} - System32\Tasks\NahimicTask32 => C:\WINDOWS\system32..\SysWOW64\NahimicSvc32.exe [829544 ] (A-Volute SAS → Nahimic)
Task: {B817C2B2-543B-40FE-A48B-4DED399EC14A} - System32\Tasks\NahimicTask64 => C:\WINDOWS\system32.\NahimicSvc64.exe [1088616 ] (A-Volute SAS → Nahimic)
Task: {EB1E1C1D-1736-48EA-B249-BF4A5FC2CECA} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4125600 2023-08-05] (Microsoft Corporation → Microsoft Corporation)
Task: {D16417EF-0C5E-40D7-821D-FA90EEA2B722} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-516455074-3529725477-31475253-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4125600 2023-08-05] (Microsoft Corporation → Microsoft Corporation)
Task: {1EBDEC72-F7EB-4367-A91D-1407EB41AB1F} - System32\Tasks\WpsExternal_tzahi_20221119083148 => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe [1057928 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd) → /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {8B915058-845F-43C0-A27E-CF36D34D133D} - System32\Tasks\WpsUpdateTask_tmmrcy => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpsupdate.exe [172168 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {E48D667A-D43B-41D1-AE87-35C0BBF0EB86} - System32\Tasks\WpsUpdateTask_tzahi => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpsupdate.exe [172168 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip..\Interfaces{0e1db6e2-967c-4181-ad20-1a7c8debc340}: [DhcpNameServer] 192.168.1.1
[HEADING=1]Edge:[/HEADING]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-08-11]
Edge Notifications: Profile 1 → hxxps://pchelpforum.net; hxxps://teams.microsoft.com
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-07-27]
Edge Extension: (Halo – Arrival) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ddgdgdmkcagpbibgcilbidjfokdngfld [2022-09-07]
Edge Extension: (Edge relevant text changes) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-08]
Edge HKU\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Microsoft\Edge\Extensions...\Edge\Extension: [njjljiblognghfjfpcdpdbpbfcmhgafg]
[HEADING=1]FireFox:[/HEADING]
FF HKLM...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2020-04-22] [Legacy]
FF HKLM...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2020-04-22]
FF HKLM-x32...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.371.2 → C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.371.2 → C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR HKLM...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-04-22]
CHR HKU\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [gjgfobnenmnljakmhboildkafdkicala]
CHR HKLM-x32...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-04-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-07-06] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-08-05] (Microsoft Corporation → Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43272 2023-07-03] (Intel Corporation → Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [212744 2023-07-03] (Intel Corporation → Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2022-07-06] (EasyAntiCheat Oy → Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-15] (Epic Games Inc. → Epic Games, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncHelper.exe [3447712 2023-08-05] (Microsoft Corporation → Microsoft Corporation)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [381312 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher → Fortemedia)
R2 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe [1995184 2020-04-29] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
R2 HiConnectivityService; C:\Program Files\Huawei\PCManager\HiConnectivityService.exe [1701240 2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
S3 HmdfsOfficeSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [787832 2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
S3 HmdfsPcSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [787832 2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
S3 HmdfsPhoneSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [787832 2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 HMSCoreService; C:\Program Files\Huawei\HMS Core\HMSCoreService.exe [176712 2022-06-29] (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-07-18] (HP Inc. → HP Inc.)
R2 HwDistributedMainService; C:\Program Files\Huawei\PCManager\HwDistributedMainService.exe [1600376 2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 HwPCCoreService; C:\Program Files\Huawei\BasicService\BasicService.exe [630136 2023-06-02] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 HWVEAudioService; C:\WINDOWS\system32\HWVEAudioService.exe [104592 2021-03-27] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 HW_OSDServer; C:\Windows\system32\RPC\OSD\osdservice.exe [252168 2020-12-23] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1440808 2023-07-12] (Intel Corporation → Intel Corporation)
R2 LCD_Service; C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe [44408 2023-05-26] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 MBAMainService; C:\Program Files\Huawei\PCManager\MateBookService.exe [598392 2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1675384 2021-07-02] (A-Volute SAS → Nahimic)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.147.0716.0001\OneDriveUpdaterService.exe [3783600 2023-08-05] (Microsoft Corporation → Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2572096 2023-03-13] (Electronic Arts, Inc. → Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3491144 2023-03-13] (Electronic Arts, Inc. → Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1244144 2023-06-29] (Rockstar Games, Inc. → Rockstar Games)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182296 2021-06-23] (Samsung Electronics Co., Ltd. → Samsung Electronics Co., Ltd.)
S3 ucldr_Crowz_ST; C:\Program Files\Common Files\UNCHEATER\ucldr_Crowz_ST.exe [5613296 2022-04-10] (Wellbia.com Co., Ltd. → Wellbia.com Co., Ltd.)
R2 WUCSProxy; C:\Program Files\HuaWei\wucs\WUCSProxyService.exe [7148616 2023-05-18] (Huawei Technologies Co., Ltd. → Huawei Technologies Co., Ltd.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
R1 dokan2; C:\Program Files\Huawei\PCManager\dokan2.sys [117176 2021-10-19] (Huawei Device Co., Ltd. → Dokan Project)
R1 dokan2a; C:\Program Files\Huawei\PCManager\dokan2a.sys [403472 2022-05-03] (Huawei Device Co., Ltd. → Dokan Project)
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-11] (Microsoft Windows Hardware Compatibility Publisher → Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher → Windows (R) Win 7 DDK provider)
R2 HwOs2ECx64; C:\Program Files\Huawei\PCManager\HwOs2EC10x64.sys [50808 2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-10] (Intel Corporation → Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-10] (Intel Corporation → Intel Corporation)
R3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-10] (Intel Corporation → Intel Corporation)
R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-10] (Intel Corporation → Intel Corporation)
R0 IBtRstd; C:\WINDOWS\System32\drivers\ibtrstd.sys [61376 2020-07-15] (Intel(R) Wireless Connectivity Solutions → Intel Corporation)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-06-16] (A-Volute → Windows (R) Win 7 DDK provider)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239664 2021-07-28] (Oracle Corporation → Oracle Corporation)
R3 virtbus; C:\WINDOWS\System32\drivers\virtbus.sys [42928 2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows → Microsoft Corporation)
R3 WDTDrv; C:\WINDOWS\System32\Drivers\WDTDrv.sys [46912 2020-07-15] (Microsoft Windows Hardware Compatibility Publisher → )
R2 WUCS; C:\WINDOWS\system32\drivers\WUCSDriver.sys [969664 2023-05-18] (Microsoft Windows Hardware Compatibility Publisher → Huawei Technologies Co., Ltd.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1431256 2022-04-10] (Wellbia.com Co., Ltd. → Wellbia.com Co., Ltd.)
S3 semav6msr64; ??\C:\WINDOWS\system32\drivers\semav6msr64.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-08 17:40 - 2023-08-08 17:40 - 000000261 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2023-08-08 17:29 - 2023-08-08 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2023-08-08 17:26 - 2023-08-01 00:17 - 000520616 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2023-08-08 17:26 - 2023-08-01 00:17 - 000460752 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2023-08-08 17:26 - 2023-08-01 00:15 - 000942592 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2023-08-08 17:26 - 2023-08-01 00:15 - 000705496 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2023-08-08 17:26 - 2023-08-01 00:13 - 000591368 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2023-08-08 17:26 - 2023-08-01 00:13 - 000499408 _____ C:\WINDOWS\SysWOW64\IntelControlLib32.dll
2023-08-08 17:26 - 2023-08-01 00:13 - 000452896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2023-08-08 17:26 - 2023-08-01 00:09 - 027963864 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2023-08-08 17:26 - 2023-08-01 00:09 - 002189232 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-08-08 17:26 - 2023-08-01 00:09 - 002189232 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-08-08 17:26 - 2023-08-01 00:09 - 001623464 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-08-08 17:26 - 2023-08-01 00:09 - 001623464 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-08-08 17:26 - 2023-08-01 00:09 - 001486760 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-08-08 17:26 - 2023-08-01 00:09 - 001486760 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-08-08 17:26 - 2023-08-01 00:09 - 001219496 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-08-08 17:26 - 2023-08-01 00:09 - 001219496 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-08-08 17:26 - 2023-08-01 00:09 - 000502696 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2023-08-08 17:26 - 2023-08-01 00:09 - 000442792 _____ C:\WINDOWS\system32\ze_loader.dll
2023-08-08 17:26 - 2023-08-01 00:09 - 000293288 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2023-08-08 17:26 - 2023-08-01 00:08 - 020687784 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2023-08-08 17:26 - 2023-08-01 00:07 - 000280992 _____ C:\WINDOWS\system32\ControlLib.dll
2023-08-08 17:26 - 2023-08-01 00:07 - 000230280 _____ C:\WINDOWS\SysWOW64\ControlLib32.dll
2023-08-08 16:16 - 2023-08-08 16:16 - 000003834 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2023-08-07 16:55 - 2023-08-07 16:55 - 000003528 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2023-08-07 16:38 - 2023-08-07 16:38 - 000028672 _____ C:\exportBCDfile
2023-08-07 16:35 - 2023-08-07 16:35 - 000000000 ____D C:\Huawei Share
2023-08-05 13:10 - 2023-08-05 13:59 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\ZHP
2023-08-05 13:10 - 2023-08-05 13:52 - 000000000 ____D C:\Users\tzahi\AppData\Local\ZHP
2023-07-21 20:35 - 2023-07-21 20:35 - 000000000 ____D C:\WINDOWS\Minidump
2023-07-21 18:41 - 2023-07-21 18:41 - 000001427 _____ C:\WINDOWS\system32\default_error_stack-000026-000000.txt
2023-07-17 18:18 - 2023-07-17 18:18 - 000000000 ____D C:\Program Files\chrome_BITS_5924_1230364416
2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\Users\tzahi\Documents\Square Enix
2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2023-07-13 21:35 - 2023-07-27 19:46 - 000000000 ____D C:\KVRT2020_Data

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-11 12:37 - 2023-07-06 05:33 - 000000000 ____D C:\FRST
2023-08-11 12:37 - 2022-05-07 10:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-08-11 12:36 - 2023-07-03 23:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-11 12:36 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-11 12:36 - 2022-05-07 10:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-11 12:36 - 2021-09-13 23:38 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\PCManager
2023-08-08 17:51 - 2023-07-03 23:52 - 000000000 ____D C:\Users\tzahi\AppData\Local\D3DSCache
2023-08-08 17:47 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-08 17:41 - 2022-05-07 10:22 - 000000000 ____D C:\WINDOWS\INF
2023-08-08 17:36 - 2021-09-04 23:00 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\MMC
2023-08-08 17:34 - 2023-07-06 14:15 - 000000000 ____D C:\Users\tzahi\Desktop\PC Help Forum Tings
2023-08-08 17:34 - 2022-09-22 10:53 - 000848500 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-08 17:33 - 2021-04-14 23:10 - 000000000 ____D C:\ProgramData\Goodix
2023-08-08 17:30 - 2023-07-04 10:43 - 000000000 ___HD C:\Intel
2023-08-08 17:30 - 2022-09-22 10:53 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2023-08-08 17:30 - 2022-09-22 10:53 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2023-08-08 17:30 - 2022-09-22 10:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-08 17:30 - 2022-05-07 10:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-08 17:30 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-08-08 17:30 - 2022-05-07 10:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2023-08-08 17:30 - 2021-10-21 16:44 - 000000000 ____D C:\Users\tzahi\AppData\Local\CrashDumps
2023-08-08 17:30 - 2021-09-04 00:17 - 000000000 ___RD C:\Users\tzahi\OneDrive
2023-08-08 17:30 - 2021-03-09 07:39 - 000012288 ___SH C:\DumpStack.log.tmp
2023-08-08 17:29 - 2021-03-09 07:43 - 000000000 ____D C:\ProgramData\Package Cache
2023-08-08 17:25 - 2021-03-09 07:43 - 000000000 ____D C:\Program Files\Intel
2023-08-08 16:28 - 2021-03-09 07:43 - 000000000 ____D C:\Program Files (x86)\Intel
2023-08-08 16:18 - 2023-07-03 23:27 - 000000000 ____D C:\Users\tzahi\AppData\Local\ElevatedDiagnostics
2023-08-08 16:11 - 2022-05-12 10:08 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-08 16:10 - 2022-05-07 10:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-08-07 16:55 - 2022-09-22 10:53 - 000003762 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2023-08-07 16:43 - 2022-05-07 10:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-08-07 16:43 - 2022-05-07 10:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-08-07 16:43 - 2021-04-14 23:03 - 000000000 ____D C:\ProgramData\A-Volute
2023-08-07 16:42 - 2021-09-04 00:16 - 000000000 ____D C:\Users\tzahi\AppData\Local\Packages
2023-08-05 13:41 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\catroot2.bak
2023-08-05 13:38 - 2022-09-22 10:53 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-516455074-3529725477-31475253-1001
2023-08-05 13:38 - 2022-05-14 14:04 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-08-05 13:38 - 2021-09-04 00:14 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-05 13:37 - 2021-09-04 00:16 - 000000000 ____D C:\Users\tzahi\PCManger
2023-08-05 13:36 - 2022-03-03 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HUAWEI
2023-08-05 13:36 - 2021-04-14 22:55 - 000000000 ____D C:\ProgramData\Comms
2023-08-05 13:36 - 2021-04-14 22:55 - 000000000 ____D C:\Program Files\Huawei
2023-07-29 21:27 - 2023-04-01 09:17 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Telegram Desktop
2023-07-29 19:39 - 2020-11-19 12:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-27 19:15 - 2022-05-07 10:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-07-27 15:58 - 2022-09-22 10:53 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-07-27 15:50 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-07-27 15:48 - 2022-09-06 23:45 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\HMSCore
2023-07-21 20:50 - 2022-09-22 10:50 - 000000000 ____D C:\Users\tzahi
2023-07-21 20:35 - 2023-07-03 23:51 - 002503478 ____N C:\WINDOWS\Minidump\072123-7609-01.dmp
2023-07-18 05:11 - 2021-09-05 08:13 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-07-18 00:56 - 2022-09-22 10:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-07-13 17:03 - 2021-09-04 06:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-13 17:01 - 2021-09-04 06:44 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-12 21:53 - 2022-09-22 10:53 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-12 21:53 - 2022-09-22 10:53 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2021-09-12 12:38 - 2021-12-06 22:52 - 082428480 _____ (Sony) C:\Users\tzahi\AppData\Local\pcc.exe
2021-12-29 23:33 - 2022-01-14 12:15 - 000007597 _____ () C:\Users\tzahi\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

**taimrarchy** · 08-11-2023, 07:40 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2023
[HEADING=1]

Code:

Ran by tmmrcy (11-08-2023 12:38:19)
Running from C:\Users\tzahi\Desktop\PC Help Forum Tings
Microsoft Windows 11 Home Version 22H2 22621.1928 (X64) (2022-09-22 05:53:16)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-516455074-3529725477-31475253-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-516455074-3529725477-31475253-503 - Limited - Disabled)
Guest (S-1-5-21-516455074-3529725477-31475253-501 - Limited - Disabled)
tmmrcy (S-1-5-21-516455074-3529725477-31475253-1001 - Administrator - Enabled) => C:\Users\tzahi
WDAGUtilityAccount (S-1-5-21-516455074-3529725477-31475253-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Anaconda3 2022.10 (Python 3.9.13 64-bit) (HKLM...\Anaconda3 2022.10 (Python 3.9.13 64-bit)) (Version: 2022.10 - Anaconda, Inc.)
Anaconda3 2022.10 (Python 3.9.13 64-bit) (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Anaconda3 2022.10 (Python 3.9.13 64-bit)) (Version: 2022.10 - Anaconda, Inc.)
Batman Episode 5 (HKLM-x32...\Batman Episode 5_is1) (Version: - )
Battle.net (HKLM-x32...\Battle.net) (Version: - Blizzard Entertainment)
Core Temp 1.17.1 (HKLM...{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Dev-C++ (HKLM-x32...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Documentation Manager (HKLM...{5C67CECE-B908-4BCF-B585-8C170B817C1D}) (Version: 22.240.0.6 - Intel Corporation) Hidden
DroidCam Client (HKLM-x32...\DroidCam) (Version: 6.4.3 - DEV47APPS)
Dynamic Application Loader Host Interface Service (HKLM...{1216C70E-6887-41B6-8EDB-FD91B5A8708F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Epic Games Launcher (HKLM-x32...{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32...{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FiveM (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\CitizenFX_FiveM) (Version: - Cfx.re)
Foxit PhantomPDF (HKLM-x32...{0a0d1ae2-8a54-11ea-8e74-54bf64a63c26}) (Version: 10.0.0.35798 - Foxit Software Inc.)
Free Cam 8 (HKLM-x32...{31FACC6B-2EB0-4092-B715-FE8B8916A967}) (Version: 8.7.27159 - iSpring Solutions Inc.)
Halo 2 Project Cartographer (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Halo 2 Project Cartographer) (Version: 01.7.00.00 - H2PC)
HMS Core (HKLM...\HMS Core) (Version: 6.6.0.300 - Huawei Technologies Co., Ltd.)
HP DeskJet 2130 series Basic Device Software (HKLM...{A81ACE32-12C9-43C8-BFD6-BEA725ACB9F4}) (Version: 40.11.1124.17107 - HP Inc.)
HP Dropbox Plugin (HKLM-x32...{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32...{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
Huawei PC Manager(Multi-screen Collaboration and Official Driver) (HKLM...\PC Manager) (Version: 13.0.6.330 - Huawei Device Co., Ltd.)
HW OSD (HKLM...\HwOsd) (Version: 11.0.5.3 - Huawei Device Co., Ltd.)
Intel Driver && Support Assistant (HKLM-x32...{0F7F6F7B-684E-435A-9FCE-C8A1F71EDA14}) (Version: 23.3.25.6 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM...{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32...{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel(R) Corporation)
Intel(R) Computing Improvement Program (HKLM...{0D8810A6-1D38-4885-9690-948CD0B7CA6F}) (Version: 2.4.10577 - Intel Corporation)
Intel(R) Dynamic Tuning (HKLM-x32...{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10400.15556 - Intel Corporation)
Intel(R) Dynamic Tuning Technology (HKLM-x32...{bb67b2ec-1792-405b-8351-21bcc9f00f45}) (Version: 8.7.10400.15556 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{0703311b-31d5-4c17-9668-c48dee4b7749}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{209fc91f-5b9a-4901-ac8f-cb1759c75a18}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{34663e82-6c5e-4b48-b1b1-fee1881dc39b}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{55fc13d0-814b-49bb-b13b-27836022cfb9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{8850e5d7-7f46-4a65-8f61-90533664733c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{907b050d-5a10-4585-a175-7003de7204b2}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{c4456f6f-fe06-4281-b612-7431efe37891}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{d1d0fa4c-90ba-4580-9bc0-161e91344b1c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32...{e8608a5e-87fa-4830-99b6-f679b87d3cb6}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Icls (HKLM...{DA3AEB76-773F-417C-B053-7A9A28F413B2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) LMS (HKLM...{2C22227F-09AF-4498-AEFD-6DC10FCD664F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM...{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2033.15.0.1783 - Intel Corporation)
Intel(R) Management Engine Components (HKLM...{B3956502-1A32-4061-8A99-015E9EA66132}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM...{C046A888-9C09-411B-B3C8-73F77E861243}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM...{A670C124-DF72-42A3-8C1A-061FF3A09E29}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM...{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2031.2 - Intel Corporation)
Intel(R) Serial IO (HKLM...{BA425414-4D86-4FB0-8EEE-FA7F34E79C00}) (Version: 30.100.2031.2 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32...{00000240-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.240.0.2 - Intel Corporation)
Intel® Arc™ Control (HKLM...{0DDD3B6B-B8C5-452F-9CB8-33D8EDBAE19D}) (Version: 1.70.5084.2 - Intel Corporation) Hidden
Intel® Arc™ Control (HKLM-x32...{b83a3542-1b09-49d2-8025-00d4a0223a7c}) (Version: 1.70.5084.2 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32...{0ddcdf18-17cd-44ad-af4e-ba6821421c30}) (Version: 23.3.25.6 - Intel)
Intel® Software Installer (HKLM-x32...{318c42c7-b0bf-4429-b733-753440cb751f}) (Version: 22.240.0.6 - Intel Corporation) Hidden
Java 8 Update 371 (HKLM-x32...{71124AE4-039E-4CA4-87B4-2F32180371F0}) (Version: 8.0.3710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM...{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM...{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM...{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32...{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32...{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Halo (HKLM-x32...\Halo) (Version: - Microsoft)
Microsoft Office Professional Plus 2021 - en-us (HKLM...\ProPlus2021Retail - en-us) (Version: 16.0.16626.20134 - Microsoft Corporation)
Microsoft OneDrive (HKLM...\OneDriveSetup.exe) (Version: 23.142.0709.0001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32...{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM...{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM...{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32...{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32...{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32...{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32...{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM...{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM...{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32...{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32...{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32...{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32...{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\OpenIV) (Version: 4.1.1502 - .black/OpenIV Team)
Origin (HKLM-x32...\Origin) (Version: 10.5.122.52971 - Electronic Arts, Inc.)
Rockstar Games Launcher (HKLM-x32...\Rockstar Games Launcher) (Version: 1.0.74.1546_B - Rockstar Games)
Rockstar Games Social Club (HKLM-x32...\Rockstar Games Social Club) (Version: 2.1.8.4 - Rockstar Games)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32...\TLauncher) (Version: 2.885 - TLauncher Inc.)
Ubisoft Connect (HKLM-x32...\Uplay) (Version: 125.0.10582 - Ubisoft)
WinRAR 6.02 (64-bit) (HKLM...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WPS Office (11.2.0.11388) (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\Kingsoft Office) (Version: 11.2.0.11388 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-516455074-3529725477-31475253-1001...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
AppUp.IntelGraphicsExperience → C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-06] (INTEL CORP) [Startup Task]
Forza Horizon 4 → C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.477.714.2_x64__8wekyb3d8bbwe [2023-04-06] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack → C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2023-02-23] (Microsoft Studios)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-18] (HP Inc.)
Messenger → C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1920.8.125.0_x64__8xx8rvfyw5nnt [2023-08-08] (Meta) [Startup Task]
Microsoft Family → C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
Microsoft.AV1VideoExtension → C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-17] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension → C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-09-22] (Microsoft Corporation)
Minecraft Launcher → C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.2.16.0_x64__8wekyb3d8bbwe [2023-06-09] (Microsoft Studios)
Nahimic → C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.20.0_x64__w2gh52qy24etm [2023-07-27] (A-Volute)
Netflix → C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-10-26] (Netflix, Inc.)
Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-15] (Microsoft Corporation)
Realtek Audio Control → C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.247.0_x64__dt26b99r8h8gj [2023-08-05] (Realtek Semiconductor Corp)
Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0 [2023-08-08] (Spotify AB) [Startup Task]
WhatsApp → C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2330.7.0_x64__cv1g1gvanyjgm [2023-08-08] (WhatsApp Inc.) [Startup Task]
WiFi Analyzer → C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2023-08-05] (Matt Hafner)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-516455074-3529725477-31475253-1001_Classes\CLSID{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 → C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-516455074-3529725477-31475253-1001_Classes\CLSID{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 → C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
ShellIconOverlayIdentifiers: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] → {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] → {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] → {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] → {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] → {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] → {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] → {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF] → {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
ContextMenuHandlers1: [HwShareMenu] → {9557F42F-BD61-4E26-9752-33A8A20FC9F9} => C:\Program Files\Huawei\PCManager\ShareMenu.dll [2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
ContextMenuHandlers1: [MagicISO] → {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers2: [DFSDriveMenu] → {9557F42F-BD61-4E26-9752-33A8A20FC9F9} => C:\Program Files\Huawei\PCManager\ShareMenu.dll [2023-06-06] (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
ContextMenuHandlers4: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [MagicISO] → {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] → {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.147.0716.0001\FileSyncShell64.dll [2023-08-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF] → {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
ContextMenuHandlers6: [MagicISO] → {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-516455074-3529725477-31475253-1001: [ kwpsshellext] → {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll [2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-516455074-3529725477-31475253-1001: [ kwpsshellext] → {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll [2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. → Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tzahi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk → C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) → --profile-directory=“Profile 1”

==================== Loaded Modules (Whitelisted) =============

2021-11-12 14:53 - 2021-11-12 14:53 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-11-12 14:53 - 2021-11-12 14:53 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-11-12 14:53 - 2021-11-12 14:53 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Foxit PhantomPDF Create PDF ToolBar Helper → {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper → {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll [2023-03-17] (Oracle America, Inc. → Oracle Corporation)
Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2020-04-22] (FOXIT SOFTWARE INC. → )
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-08-07] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-516455074-3529725477-31475253-1001...\sharepoint.com → hxxps://doguakdeniz-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 14:14 - 2023-08-07 16:38 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\OpenSSH;C:\Program Files\dotnet
HKU\S-1-5-21-516455074-3529725477-31475253-1001\Control Panel\Desktop\Wallpaper → C:\Users\tzahi\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\abstract-background-5544x2480-10823.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-516455074-3529725477-31475253-1001...\StartupApproved\Run: => “EpicGamesLauncher”
HKU\S-1-5-21-516455074-3529725477-31475253-1001...\StartupApproved\Run: => “Discord”
HKU\S-1-5-21-516455074-3529725477-31475253-1001...\StartupApproved\Run: => “XperiaCompanionAgent”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CDAC9157-EF8A-44EF-9199-6A6DCF877134}C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{ACC88C82-6E4A-4F4F-A795-73DB027299AB}C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.minecraft\runtime\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{B31C2896-6F9F-4BB8-915F-6463DE3E92CA}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [TCP Query User{57A72B6A-3BC4-4BC4-B935-F764EE63E2C1}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [{624BF7BD-7287-46A3-8BA5-DDE03D760207}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard → HP Inc.)
FirewallRules: [{745143F7-3627-4358-B774-65469BB22287}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (Hewlett Packard → HP Inc.)
FirewallRules: [UDP Query User{7C4ED888-1FF2-4BC2-AFC5-FADBE245A80F}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{27ECEF1F-3BA5-408E-9365-942DD0019CB7}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{CF9F81C2-2267-47CB-A8D2-7C26F4D9F630}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{4063D162-4AE4-40DF-AFFF-DEAB784CA913}C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{B562A4CE-27C2-4D1D-B7E4-3A36C96E0F92}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{304EE8D8-3F5A-49A5-BECF-3575DB29617E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{BAFF4445-C787-451D-ABE8-BDC6E4FAC935}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{A24A1572-C7C5-4B01-B3AC-B0E51B6CE4E8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{06E27EE6-529B-47B7-B780-C7C90E0ED745}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{F5917260-8A37-4CF4-80D9-066BEF8509A2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{B2C71823-5E92-4AA9-BC02-D15A42562402}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{404A6B72-A68D-4603-8F4C-46CF062CDD13}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{474F5B6E-7604-49E4-89B7-5EC033D01880}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{4A0FDF09-C814-4D16-8B2B-311A6B34D8BE}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{088B53CC-385E-4375-8986-0D21D16223F9}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{1739FFA1-65B5-4DA9-AAE0-AE9BDAAF28A2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{2EA08748-D7F4-4FF0-8843-A97F80082E6E}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{0F56E17D-578F-4D7D-A730-0F0B080E1139}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [UDP Query User{02FE9A59-75D1-4B09-810C-BAE04F5E68BD}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [TCP Query User{95F4086A-76EA-400E-86AA-86889102979E}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [UDP Query User{754DE51B-2ECA-4221-B4A2-C12D1625CCC2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) → Cfx.re)
FirewallRules: [TCP Query User{E8CFD126-90D3-40C1-B8D7-E06FFD558F15}C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe (Discord Inc. → Discord Inc.)
FirewallRules: [UDP Query User{61E94D63-A178-41EF-9D53-2012B3394D0D}C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe (Discord Inc. → Discord Inc.)
FirewallRules: [{2EA198D2-F5CF-4D21-A571-02146DBDD8D3}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{E76499F9-0013-4AD2-92F4-24818FD67E3D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{45187A72-1DCD-44B4-8BB9-4242BD246879}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{C262DC3C-65E0-4B36-901A-5942FA4FA0D7}] => (Allow) G:\Games\Epic Games\GTAV\GTA5.exe => No File
FirewallRules: [{02D59EF7-1BD2-42D7-BB84-9781F273AB6B}] => (Allow) G:\Games\Epic Games\GTAV\GTA5.exe => No File
FirewallRules: [{A0941F8A-608D-4965-9752-01470A487101}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{2DD4DD0B-C13E-41DC-B406-1BC486BA6484}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{7FC79AE9-1706-4F0E-9F1D-E1A414BC739A}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{BAD48394-B787-431C-B8F3-EDA51EF6026F}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{20A9A73F-9AAE-44CB-9FEF-2F15832451AD}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{058AC6C5-AF94-449D-A5AE-DCB755A46611}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{492D5308-71A5-4567-AD2D-37A68A8879FC}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{56406B75-0444-4AB1-9A3A-B5E306987B71}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{6F942F1C-F2AC-46B9-A16F-CECE11A05F97}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{E2CA868C-10F7-4FE4-89A0-B344FD6507BA}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{1A00ABBF-A9CE-4AF7-AC4E-CDC899A27737}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{F1AF66C0-130B-480D-BD68-3D98085E8ABB}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{F02C5442-394F-4D0C-9609-16110013DE7A}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{8E339584-0D47-4244-A17C-605A495E5781}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{F3D3C26A-25BF-4BD9-A16B-28CF6CE823EB}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{13F3ECD4-4E05-4465-B31B-7FF3067F01E0}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{59335F0A-486F-4FDB-82CE-33E5DC62C7E9}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{5B671366-E946-4748-96B7-DBE3C09B94A9}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{307C3965-2605-4344-9A7F-56DBFEDBE420}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{D7942277-A8F3-46FF-B3F9-F536CD1A6900}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{A4389082-0993-4117-A060-15889E05EF9C}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{5D89F707-070E-4948-9305-7B72C32AD723}] => (Allow) C:\Program Files\Huawei\PCManager\WeLook.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{30F93EEF-A9CC-4692-8975-28D1FDFB330F}] => (Allow) C:\Program Files\Huawei\PCManager\HwDistributedMainService.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{9045BC93-F4B1-4367-BDE1-449028452ACD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{9A989194-654D-4394-B349-604954404A5B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{DE88D9F2-5871-491E-898B-DD5C4183A9DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{03A9275D-335F-4F87-B41F-72414428DF01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{0B848C6D-531F-460C-9915-577F54D2611A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{2D41E49A-EAC5-4B9A-BABC-1A2DD35CEF21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{B81B11A5-C137-4063-AD45-FD5F323A69D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{44BF9932-A01D-4928-8862-478224FA273A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{31E2B503-6DFB-402D-A031-0BE0411CE875}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{ABEF4035-2688-42A8-9BCB-6598CB8E07F8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{7D7AA57A-9A52-417E-BCAD-9E0449F5BB94}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{865210C8-BE91-4556-AEBE-B2E5CD278002}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{C150E8A6-3C13-457F-9CAF-827F0BF1C6A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{D5ED86B1-400D-4F7A-870C-4AEDA87B9CB8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{B1DA21D9-5120-497F-B408-420FCC18C27C}] => (Allow) C:\Program Files\Huawei\PCManager\HwMdcCenter.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)
FirewallRules: [{DE3ADFB8-042B-42A9-A2BD-4F14134DA848}] => (Allow) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe (Huawei Device Co., Ltd. → Huawei Device Co., Ltd.)

==================== Restore Points =========================

08-08-2023 17:35:15 Windows Modules Installer
11-08-2023 11:48:44 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (08/11/2023 11:49:08 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: wuaucltcore.exe, version: 923.613.111.0, time stamp: 0xfb24798c
Faulting module name: ntdll.dll, version: 10.0.22621.1928, time stamp: 0x7dd9e350
Exception code: 0xc0000005
Fault offset: 0x0000000000033aba
Faulting process id: 0x0x408
Faulting application start time: 0x0x1d9cc1fd1bbea6e
Faulting application path: C:\WINDOWS\uus\AMD64\wuaucltcore.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 03acedc8-dfd2-4fdc-ab7f-85edc416a99c
Faulting package full name:
Faulting package-relative application ID:

Error: (08/08/2023 05:30:39 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-BQN0JE4L)
Description: Faulting application name: ArcControlAssist.exe, version: 1.70.5084.2, time stamp: 0x64af8c9d
Faulting module name: ucrtbase.dll, version: 10.0.22621.608, time stamp: 0xf5fc15a3
Exception code: 0xc0000409
Fault offset: 0x000000000007df28
Faulting process id: 0x0x4834
Faulting application start time: 0x0x1d9c9f4232970e7
Faulting application path: C:\Program Files\Intel\Intel Arc Control\ArcControlAssist.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 7b0722cf-0c73-4ed0-9706-5261813a63d4
Faulting package full name:
Faulting package-relative application ID:

Error: (08/07/2023 04:43:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/07/2023 04:43:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/07/2023 04:43:02 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (08/07/2023 04:43:02 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (08/07/2023 04:42:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\PLATFORM\4.18.2205.7-0\PROTECTIONMANAGEMENT.MOF while recovering .MOF file marked with autorecover.

Error: (08/07/2023 04:42:31 PM) (Source: Microsoft-Windows-WMI) (EventID: 4) (User: NT AUTHORITY)
Description: Error 0x8004401e encountered when trying to load MOF C:\WINDOWS\SYSTEM32\WBEM\WIN32_ENCRYPTABLEVOLUME.MOF while recovering .MOF file marked with autorecover.
[HEADING=1]System errors:[/HEADING]
Error: (08/11/2023 11:49:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f081f: 2023-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5028185).

Error: (08/08/2023 05:35:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f081f: 2023-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5028185).

Error: (08/08/2023 05:32:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-BQN0JE4L)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (08/08/2023 05:30:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (08/08/2023 05:29:50 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error “1115” attempting to start the service UsoSvc with arguments “Unavailable” in order to run the server:
{9C695035-48D2-4229-8B73-4C70E756E519}

Error: (08/08/2023 05:29:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Arc Control Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/08/2023 05:25:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NKSQGP7F2NH-5319275A.WhatsAppDesktop.

Error: (08/08/2023 05:04:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f081f: 2023-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5028185).
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2023-08-08 17:31:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.188\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-27 15:53:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-17 18:18:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-16 22:02:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.79\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-12 21:15:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-04 00:10:46
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\protected_elam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: HUAWEI 1.18 11/02/2022
Motherboard: HUAWEI BOD-WXX9-PCB
Processor: 11th Gen Intel(R) Core™ i5-1135G7 @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 16183.3 MB
Available physical RAM: 9574.01 MB
Total Virtual: 17207.3 MB
Available Virtual: 9889.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:461.23 GB) (Free:167.84 GB) (Model: WDC PC SN730 SDBPNTY-512G-1027) NTFS

\?\Volume{9a0dabee-9acc-4d60-be69-c3079cfd1a82}\ (WINPE) (Fixed) (Total:0.5 GB) (Free:0.13 GB) FAT32
\?\Volume{494f1438-4524-4393-8a1c-323bdd1f24ec}\ (Onekey) (Fixed) (Total:14 GB) (Free:1.77 GB) NTFS
\?\Volume{b395fef3-abfd-4d8e-a4a8-4a1a0f71ea08}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.35 GB) NTFS
\?\Volume{0a1fd3ba-eb4e-4d8d-83e7-d6538410e931}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.14 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

[/HEADING]

**taimrarchy** · 08-11-2023, 07:41 AM

This is the FSS scan log:

Farbar Service Scanner Version: 03-11-2021
Ran by tmmrcy (administrator) on 11-08-2023 at 12:40:34
Running from “C:\Users\tzahi\Desktop”
Microsoft Windows 11 Home (X64)
Boot Mode: Normal

[HEADING=1]Internet Services:[/HEADING]
[HEADING=1]Connection Status:[/HEADING]
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
[HEADING=1]Windows Firewall:[/HEADING]
[HEADING=1]Firewall Disabled Policy:[/HEADING]
[HEADING=1]System Restore:[/HEADING]
[HEADING=1]System Restore Policy:[/HEADING]
[HEADING=1]Security Center:[/HEADING]
wscsvc Service is not running. Checking service configuration:
Checking Start type of wscsvc: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll of wscsvc: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
[HEADING=1]Windows Update:[/HEADING]
[HEADING=1]Windows Autoupdate Disabled Policy:[/HEADING]
[HEADING=1]Windows Defender:[/HEADING]
WinDefend Service is not running. Checking service configuration:
Checking Start type of WinDefend: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll of WinDefend: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
[HEADING=1]Windows Defender Disabled Policy:[/HEADING]
[HEADING=1]Other Services:[/HEADING]
[HEADING=1]File Check:[/HEADING]
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

**Malnutrition** · 08-11-2023, 09:14 AM

[COLOR=rgb(184, 49, 47)]These file must be downloaded and unzipped to your desktop!!

Download Windefend.reg save it to your desktop unzip it there.
Download and save wscsvc.reg save it to your desktop unzip it there.

[COLOR=rgb(184, 49, 47)]Now boot your machine into safe mode. Right click each file and select merge one at a time and then reboot.

If you have any errors while trying to merge the files.
Make sure the .reg file you downloaded earlier is saved to your desktop.

Download Power Run
Unzip it to your desktop.
Open the folder.
Run power run x64
Click file … Add file.
Under file location paste the following.
one at a time and hit run file.
Reboot the computer.
C:\Users\tzahi\Desktop\Windefend.reg
C:\Users\tzahi\Desktop\wscsvc.reg[/COLOR][/COLOR]

**Malnutrition** · 08-13-2023, 04:24 PM

@taimrarchy any update for us please.

**taimrarchy** · 08-16-2023, 08:48 AM

Yeah, sorry haven’t updated you in a while I did what you told me to, everything went smoothly. The Windows security app is still not opening but considering what you’ve told me before that the security of my PC is still intact, I could just leave it be and be careful with what I download. Maybe the fix for this is to reinstall Windows completely (I’m sure that would work). Anyways, I’ll do what you tell me to.

**taimrarchy** · 08-16-2023, 09:06 AM

I checked online to see if I could find another fix and found that windows defender is off in services. I can’t get it to start as it gives me this message everytime.
[ATTACH type=“full”]12525[/ATTACH]

**Malnutrition** · 08-16-2023, 10:19 AM

Download Windows repair all-in-one .
Second link. Use portable version,.
Unzip the archive to your desktop.
Boot the computer into safe mode.
Double click the folder.
Right click Run the file Repair_Windows.exe as admin.
[IMG alt=“1691931798587.png”]https://pchelpforum.net/attachments/...587-png.12508/
Go to the “Repairs” tab, click on the “Open Repairs” button
Attention!!! Click the “Unselect all” button. This should uncheck all items.
Check these boxes only:
#1 - Reset Registry Permissions:
#2 - Reset File Permissions:
#3 - Reset Service Permissions:
#5 - Repair WMI:
#10 - Remove policies set by infections.
#17 - Repair Windows Updates:
#21 - Repair MSI (Windows Installer):
#25 - Restore Important Windows Services:
#26 - Set Windows Services To Default Startup:
#29 - Restore Windows 8 COM+ Unmarshalers:
Then click “Start Repairs”.
This may take ten minutes or longer, do not use the machine while the scan runs.
Reboot the computer after you are sure it is completed/[/IMG]

**taimrarchy** · 08-16-2023, 05:33 PM

done, but unfortunately made no difference

**Malnutrition** · 08-16-2023, 08:54 PM

Can you post a fresh Farbar Service Scanner log. The FSS tool not FRST

**taimrarchy** · 08-17-2023, 07:18 AM

Farbar Service Scanner Version: 03-11-2021
Ran by tmmrcy (administrator) on 17-08-2023 at 12:16:14
Running from “C:\Users\tzahi\Desktop\PC Help Forum Tings”
Microsoft Windows 11 Home (X64)
Boot Mode: Normal

[HEADING=1]Internet Services:[/HEADING]
[HEADING=1]Connection Status:[/HEADING]
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable
[HEADING=1]Windows Firewall:[/HEADING]
[HEADING=1]Firewall Disabled Policy:[/HEADING]
[HEADING=1]System Restore:[/HEADING]
[HEADING=1]System Restore Policy:[/HEADING]
[HEADING=1]Security Center:[/HEADING]
[HEADING=1]Windows Update:[/HEADING]
[HEADING=1]Windows Autoupdate Disabled Policy:[/HEADING]
[HEADING=1]Windows Defender:[/HEADING]
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
[HEADING=1]Windows Defender Disabled Policy:[/HEADING]
[HEADING=1]Other Services:[/HEADING]
[HEADING=1]File Check:[/HEADING]
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Malware removal / windows security is not launching

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment