Solved Malware removal / windows security is not launching

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
FRST:

Code: 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2023
Ran by tmmrcy (administrator) on LAPTOP-BQN0JE4L (HUAWEI BOD-WXX9) (27-07-2023 19:17:28)
Running from C:\Users\tzahi\Desktop\PC Help Forum Tings\FRST64.exe
Loaded Profiles: tmmrcy
Platform: Microsoft Windows 11 Home Version 22H2 22621.1928 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files\Huawei\HMS Core\HMSCoreService.exe ->) (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HMS Core\HMSCoreContainer.exe
(C:\Program Files\Huawei\PCManager\MateBookService.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\HwMdcCenter.exe
(C:\Program Files\Huawei\PCManager\MateBookService.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\DFSSearchService.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MessageCenterUI.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\PerfWndMonHelper.exe
(C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\PerfWndMonHelper_x86.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe <6>
(C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe ->) (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscenter.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxEMN.exe
(explorer.exe ->) (ALCPU -> ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(HWVEAudioService.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\WINDOWS\System32\HWVEAudioSession.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RPC\OSD\osdservice.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\Huawei OSD\OSD_Daemon.exe
(services.exe ->) (A-Volute SAS -> Nahimic) C:\WINDOWS\System32\NahimicService.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\BasicService\BasicService.exe
(services.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe
(services.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\PCManager\MateBookService.exe
(services.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\WINDOWS\System32\HWVEAudioService.exe
(services.exe ->) (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.) C:\WINDOWS\System32\RPC\OSD\osdservice.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> Huawei Device Co., Ltd.) C:\Program Files\Huawei\Hiview\HiviewService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\HMS Core\HMSCoreService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.) C:\Program Files\Huawei\wucs\WUCSProxyService.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3b3ce26993cf233b\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\piecomponent.inf_amd64_0570478011758f12\Intel_PIE_Service.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\WINDOWS\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Goodix) C:\WINDOWS\System32\drivers\SessionService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4b6fe1c4e6f1d68a\RtkAudUService64.exe <3>
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 -> ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.17.0_x64__w2gh52qy24etm\Nahimic3.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2327.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (A-Volute SAS -> Nahimic) C:\WINDOWS\System32\NahimicSvc64.exe
(svchost.exe ->) (A-Volute SAS -> Nahimic) C:\WINDOWS\SysWOW64\NahimicSvc32.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4b6fe1c4e6f1d68a\RtkAudUService64.exe [1256520 2021-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [739448 2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Intel® Arc™ Control] => C:\Program Files\Intel\Intel Arc Control\ArcControl.exe [1529384 2023-06-08] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe"
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\Installer\setup.exe [3663776 2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607520 2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\Run: [MicrosoftEdgeAutoLaunch_2CDA1A8278879F750DEE63BCC2A16BEC] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088272 2023-07-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {89C88217-6FE5-472C-A4A5-BA18A1CA5495} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002472 2023-03-28] (Intel Corporation -> Intel Corporation)
Task: {BD2A0C06-9B8F-41A6-A561-6C469C93768F} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002472 2023-03-28] (Intel Corporation -> Intel Corporation)
Task: {F6A39165-6DE6-464C-8918-7E05503ED911} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {784AD28D-5B5C-46F3-8AA9-8435056AF512} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {974899D4-CE9E-4050-BFDA-3932E40832A1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3A64BBD-5A2E-424B-9F3C-3C331F2FFBC3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FA93288-9CC7-449F-A57C-2BC2C433C4AC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BACC9B00-4A7C-49EC-BC2E-B3F40DFB999D} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [164752 2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {A976026E-4D8C-469E-AEFF-3F088580BC8B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
Task: {E3A30FA9-D4F7-476E-85D1-09C722F93023} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {3C2411E2-875F-4A96-803B-AD1FC43AB975} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [829544 2021-07-02] (A-Volute SAS -> Nahimic)
Task: {A848FA44-1C8C-479F-A946-7E1AC9C29A71} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1088616 2021-07-02] (A-Volute SAS -> Nahimic)
Task: {636B134F-D6A5-4D69-A9B7-48F3DE123F83} - System32\Tasks\NahimicTask32 => C:\WINDOWS\system32\..\SysWOW64\NahimicSvc32.exe [829544 ] (A-Volute SAS -> Nahimic)
Task: {1D726454-0314-486C-8BA3-4515AB09EC63} - System32\Tasks\NahimicTask64 => C:\WINDOWS\system32\.\NahimicSvc64.exe [1088616 ] (A-Volute SAS -> Nahimic)
Task: {EB1E1C1D-1736-48EA-B249-BF4A5FC2CECA} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4125576 2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {D16417EF-0C5E-40D7-821D-FA90EEA2B722} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-516455074-3529725477-31475253-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4125576 2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {42FE7CEB-8F85-4C25-95A6-4BD0F736AAC7} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [200704 2023-05-12] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {6DEF4AB9-144A-495D-82D7-9170E5329F5D} - System32\Tasks\Window Update => C:\Users\tzahi\AppData\Local\Updates\Run.vbs [1015 2022-05-09] () [File not signed] <==== ATTENTION
Task: {1EBDEC72-F7EB-4367-A91D-1407EB41AB1F} - System32\Tasks\WpsExternal_tzahi_20221119083148 => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpscloudsvr.exe [1057928 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {8B915058-845F-43C0-A27E-CF36D34D133D} - System32\Tasks\WpsUpdateTask_tmmrcy => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpsupdate.exe [172168 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {E48D667A-D43B-41D1-AE87-35C0BBF0EB86} - System32\Tasks\WpsUpdateTask_tzahi => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\wpsupdate.exe [172168 2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0e1db6e2-967c-4181-ad20-1a7c8debc340}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f56d216f-17ce-4734-aca7-25767677a9dd}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{f8d21a67-f548-45c5-a7aa-e808c1aba960}: [DhcpNameServer] 40.42.1.13

Edge:
=======
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-07-27]
Edge Notifications: Profile 1 -> hxxps://pchelpforum.net; hxxps://teams.microsoft.com
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-07-27]
Edge Extension: (Halo – Arrival) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ddgdgdmkcagpbibgcilbidjfokdngfld [2022-09-07]
Edge Extension: (Edge relevant text changes) - C:\Users\tzahi\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-27]
Edge HKU\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [njjljiblognghfjfpcdpdbpbfcmhgafg]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2020-04-22] [Legacy]
FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2020-04-22]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.371.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.371.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-04-22]
CHR HKU\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gjgfobnenmnljakmhboildkafdkicala]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-04-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-07-06] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11851240 2023-07-17] (Microsoft Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43272 2023-07-03] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [212744 2023-07-03] (Intel Corporation -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2022-07-06] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-15] (Epic Games Inc. -> Epic Games, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncHelper.exe [3447736 2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [381312 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe [1995184 2020-04-29] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HiviewService; C:\Program Files\Huawei\Hiview\HiviewService.exe [5127064 2022-12-05] (Huawei Technologies Co., Ltd. -> Huawei Device Co., Ltd.)
S3 HmdfsOfficeSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [786312 2022-10-24] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
S3 HmdfsPcSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [786312 2022-10-24] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
S3 HmdfsPhoneSvc; C:\Program Files\Huawei\PCManager\hmdfsservice.exe [786312 2022-10-24] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
R2 HMSCoreService; C:\Program Files\Huawei\HMS Core\HMSCoreService.exe [176712 2022-06-29] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-07-18] (HP Inc. -> HP Inc.)
R2 HwPCCoreService; C:\Program Files\Huawei\BasicService\BasicService.exe [629640 2022-10-24] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
R2 HWVEAudioService; C:\WINDOWS\system32\HWVEAudioService.exe [104592 2021-03-27] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
R2 HW_OSDServer; C:\Windows\system32\RPC\OSD\osdservice.exe [252168 2020-12-23] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
R2 IntelArcControlService; C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe [1432104 2023-06-08] (Intel Corporation -> Intel Corporation)
R2 LCD_Service; C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe [44424 2022-10-24] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
R2 MBAMainService; C:\Program Files\Huawei\PCManager\MateBookService.exe [589192 2022-10-24] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9266864 2023-07-06] (Malwarebytes Inc. -> Malwarebytes)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1675384 2021-07-02] (A-Volute SAS -> Nahimic)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.142.0709.0001\OneDriveUpdaterService.exe [3783544 2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2572096 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3491144 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1244144 2023-06-29] (Rockstar Games, Inc. -> Rockstar Games)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182296 2021-06-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ucldr_Crowz_ST; C:\Program Files\Common Files\UNCHEATER\ucldr_Crowz_ST.exe [5613296 2022-04-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 WUCSProxy; C:\Program Files\HuaWei\wucs\WUCSProxyService.exe [7016008 2022-06-29] (Huawei Technologies Co., Ltd. -> Huawei Technologies Co., Ltd.)
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
S4 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe" [X]
S4 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [561152 2023-06-28] (Microsoft Windows -> Microsoft Corporation)
R3 ALSysIO; C:\Users\tzahi\AppData\Local\Temp\ALSysIO64.sys [47240 2023-07-27] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 dokan2; C:\Program Files\Huawei\PCManager\dokan2.sys [117176 2021-10-19] (Huawei Device Co., Ltd. -> Dokan Project)
R1 dokan2a; C:\Program Files\Huawei\PCManager\dokan2a.sys [403472 2022-05-03] (Huawei Device Co., Ltd. -> Dokan Project)
R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-10] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-10] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-10] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-10] (Intel Corporation -> Intel Corporation)
R0 IBtRstd; C:\WINDOWS\System32\drivers\ibtrstd.sys [61376 2020-07-15] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-07-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-06-16] (A-Volute -> Windows (R) Win 7 DDK provider)
S3 UniFairy_x64; C:\WINDOWS\system32\drivers\UniFairy_x64.sys [8209904 2022-07-05] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 unirsdt; C:\WINDOWS\system32\drivers\unirsdt.sys [6166504 2022-09-22] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [239664 2021-07-28] (Oracle Corporation -> Oracle Corporation)
R3 virtbus; C:\WINDOWS\System32\drivers\virtbus.sys [42968 2022-10-23] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
R3 WDTDrv; C:\WINDOWS\System32\Drivers\WDTDrv.sys [46912 2020-07-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 WUCS; C:\WINDOWS\system32\drivers\WUCSDriver.sys [993728 2022-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Device Co., Ltd.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1431256 2022-04-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
U4 MsSecFlt; no ImagePath
U4 Sense; no ImagePath
U4 SgrmAgent; no ImagePath
U4 SgrmBroker; no ImagePath
S4 WdBoot; \SystemRoot\system32\drivers\wd\WdBoot.sys [X]
S4 WdFilter; \SystemRoot\system32\drivers\wd\WdFilter.sys [X]
S4 WdNisDrv; system32\drivers\wd\WdNisDrv.sys [X]
S3 WmFilter; \SystemRoot\system32\drivers\WmFilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-21 20:35 - 2023-07-21 20:35 - 000000000 ____D C:\WINDOWS\Minidump
2023-07-21 18:41 - 2023-07-21 18:41 - 000001427 _____ C:\WINDOWS\system32\default_error_stack-000026-000000.txt
2023-07-18 17:00 - 2022-03-22 10:30 - 000000000 ____D C:\Users\tzahi\Downloads\lc500
2023-07-18 16:56 - 2016-11-12 17:06 - 000000000 ____D C:\Users\tzahi\Downloads\lex570
2023-07-18 16:55 - 2023-04-26 17:10 - 000000000 ____D C:\Users\tzahi\Downloads\sc300a
2023-07-18 16:46 - 2022-02-03 16:44 - 000000000 ____D C:\Users\tzahi\Downloads\lx600
2023-07-18 16:46 - 2018-06-07 23:38 - 000000000 ____D C:\Users\tzahi\Downloads\na1
2023-07-18 16:45 - 2016-01-17 02:38 - 000000000 ____D C:\Users\tzahi\Downloads\shonen
2023-07-18 16:23 - 2017-02-18 20:10 - 000000000 ____D C:\Users\tzahi\Downloads\rcf
2023-07-17 18:18 - 2023-07-17 18:18 - 000000000 ____D C:\Program Files\chrome_BITS_5924_1230364416
2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\Users\tzahi\Documents\Square Enix
2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-07-13 21:55 - 2023-07-13 21:55 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2023-07-13 21:35 - 2023-07-27 17:11 - 000000000 ____D C:\KVRT2020_Data
2023-07-06 14:15 - 2023-07-27 19:15 - 000000000 ____D C:\Users\tzahi\Desktop\PC Help Forum Tings
2023-07-06 13:52 - 2023-07-06 13:52 - 000000000 ____D C:\Users\tzahi\AppData\Local\mbam
2023-07-06 13:51 - 2023-07-07 17:56 - 000000000 ____D C:\Users\tzahi\AppData\Local\Malwarebytes
2023-07-06 13:51 - 2023-07-06 13:51 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-07-06 13:50 - 2023-07-06 13:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-07-06 13:50 - 2023-07-06 13:50 - 000000000 ____D C:\Program Files\Malwarebytes
2023-07-06 13:44 - 2023-07-06 13:44 - 000000000 ____D C:\AdwCleaner
2023-07-06 05:33 - 2023-07-27 19:17 - 000000000 ____D C:\FRST
2023-07-04 10:43 - 2023-07-21 20:35 - 000000000 ___HD C:\Intel
2023-07-04 10:43 - 2023-04-01 09:17 - 000001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telegram.lnk
2023-07-04 10:43 - 2021-09-05 07:39 - 000001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photoshop.lnk
2023-07-04 10:43 - 2021-09-05 07:30 - 000001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS Pro 16.lnk
2023-07-04 10:43 - 2021-09-05 07:07 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Teams for School.lnk
2023-07-04 10:33 - 2023-07-04 10:49 - 000000000 ___HD C:\$SysReset
2023-07-04 10:33 - 2023-07-03 23:51 - 000000000 ____D C:\$Windows.~BT
2023-07-04 00:10 - 2023-07-04 00:10 - 000000000 ____D C:\Users\tzahi\AppData\Local\GUI
2023-07-03 23:52 - 2023-07-27 16:53 - 000000000 ____D C:\Users\tzahi\AppData\Local\D3DSCache
2023-07-03 23:51 - 2023-07-27 19:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-03 23:51 - 2023-07-21 20:35 - 002503478 ____N C:\WINDOWS\Minidump\072123-7609-01.dmp
2023-07-03 23:27 - 2023-07-03 23:27 - 000000000 ____D C:\Users\tzahi\AppData\Local\ElevatedDiagnostics
2023-07-03 21:24 - 2023-07-03 21:24 - 000001427 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2023-07-03 20:58 - 2023-07-27 19:15 - 000000000 ____D C:\Users\tzahi\AppData\Local\Updates
2023-07-03 20:58 - 2023-07-03 21:22 - 000003252 _____ C:\WINDOWS\system32\Tasks\Window Update
2023-07-03 20:58 - 2023-07-03 20:58 - 000014544 _____ (OpenLibSys.org) C:\WINDOWS\system32\WinRing0x64.sys
2023-07-03 20:58 - 2023-07-03 20:58 - 000000000 ____D C:\Program Files (x86)\OceanofGames.ccom
2023-06-29 14:58 - 2023-06-29 14:58 - 000000360 _____ C:\Users\tzahi\Desktop\Grand Theft Auto V.url
2023-06-28 13:44 - 2023-07-03 21:24 - 000000000 ____D C:\Users\tmmrcy
2023-06-28 12:47 - 2023-06-28 12:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2023-06-28 12:44 - 2023-06-20 20:58 - 000515528 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2023-06-28 12:44 - 2023-06-20 20:58 - 000455664 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2023-06-28 12:44 - 2023-06-20 20:57 - 000937504 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2023-06-28 12:44 - 2023-06-20 20:56 - 000700360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2023-06-28 12:44 - 2023-06-20 20:55 - 000586232 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2023-06-28 12:44 - 2023-06-20 20:55 - 000447760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2023-06-28 12:44 - 2023-06-20 20:54 - 000488056 _____ C:\WINDOWS\SysWOW64\IntelControlLib32.dll
2023-06-28 12:44 - 2023-06-20 20:51 - 002184128 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-06-28 12:44 - 2023-06-20 20:51 - 002184128 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-06-28 12:44 - 2023-06-20 20:51 - 001618368 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-06-28 12:44 - 2023-06-20 20:51 - 001618368 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-06-28 12:44 - 2023-06-20 20:51 - 001481672 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-06-28 12:44 - 2023-06-20 20:51 - 001481672 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-06-28 12:44 - 2023-06-20 20:51 - 001214400 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-06-28 12:44 - 2023-06-20 20:51 - 001214400 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-06-28 12:44 - 2023-06-20 20:51 - 000497648 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2023-06-28 12:44 - 2023-06-20 20:51 - 000437752 _____ C:\WINDOWS\system32\ze_loader.dll
2023-06-28 12:44 - 2023-06-20 20:51 - 000288192 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2023-06-28 12:44 - 2023-06-20 20:50 - 027958720 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2023-06-28 12:44 - 2023-06-20 20:50 - 020682736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2023-06-28 12:44 - 2023-06-20 20:49 - 000274288 _____ C:\WINDOWS\system32\ControlLib.dll
2023-06-28 12:44 - 2023-06-20 20:49 - 000223608 _____ C:\WINDOWS\SysWOW64\ControlLib32.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-27 19:16 - 2021-04-14 23:10 - 000000000 ____D C:\ProgramData\Goodix
2023-07-27 19:15 - 2022-05-07 10:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-07-27 19:13 - 2022-05-07 10:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-27 17:12 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-27 17:05 - 2022-05-07 10:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-27 17:05 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-27 16:36 - 2020-11-19 12:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-27 16:01 - 2022-05-07 10:22 - 000000000 ____D C:\WINDOWS\INF
2023-07-27 15:58 - 2022-09-22 10:53 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-516455074-3529725477-31475253-1001
2023-07-27 15:58 - 2022-09-22 10:53 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-07-27 15:58 - 2022-05-14 14:04 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-07-27 15:58 - 2021-09-04 00:17 - 000000000 ___RD C:\Users\tzahi\OneDrive
2023-07-27 15:58 - 2021-09-04 00:14 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-27 15:51 - 2021-09-13 23:38 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\PCManager
2023-07-27 15:50 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-07-27 15:48 - 2022-09-06 23:45 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\HMSCore
2023-07-21 20:50 - 2022-09-22 10:50 - 000000000 ____D C:\Users\tzahi
2023-07-21 20:49 - 2022-09-22 10:53 - 000003112 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2023-07-21 20:49 - 2022-09-22 10:53 - 000003092 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2023-07-21 20:39 - 2022-09-22 10:53 - 000850372 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-21 20:35 - 2022-09-22 10:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-21 20:35 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-07-21 20:35 - 2021-03-09 07:39 - 000012288 ___SH C:\DumpStack.log.tmp
2023-07-21 18:41 - 2022-05-07 10:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2023-07-18 17:32 - 2021-10-21 16:44 - 000000000 ____D C:\Users\tzahi\AppData\Local\CrashDumps
2023-07-18 05:11 - 2021-09-05 08:13 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-07-18 00:56 - 2022-09-22 10:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-07-17 22:45 - 2022-05-12 10:08 - 000000000 ____D C:\Program Files\Microsoft Office
2023-07-17 18:22 - 2022-05-07 10:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-13 17:03 - 2021-09-04 06:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-13 17:01 - 2021-09-04 06:44 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-12 21:53 - 2022-09-22 10:53 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-12 21:53 - 2022-09-22 10:53 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-06 14:03 - 2022-04-27 03:53 - 000000525 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2023-07-06 13:57 - 2021-09-05 07:09 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\uTorrent
2023-07-06 13:51 - 2022-05-07 10:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-07-06 13:44 - 2021-09-07 08:19 - 000000000 ____D C:\Users\tzahi\AppData\Local\BitTorrentHelper
2023-07-06 05:55 - 2021-09-05 00:42 - 000000000 ____D C:\Program Files (x86)\Steam
2023-07-06 05:32 - 2023-05-12 12:31 - 000001517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2023-07-06 05:32 - 2021-03-09 07:43 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-04 16:29 - 2021-11-25 13:07 - 000000000 ___RD C:\Users\tzahi\Documents\EXCEL Files
2023-07-04 16:15 - 2021-09-04 14:50 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-07-04 10:51 - 2023-03-01 23:48 - 000000000 ____D C:\WINDOWS\Panther
2023-07-04 10:50 - 2023-06-13 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher
2023-07-04 10:50 - 2023-02-22 00:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2023-07-04 10:50 - 2022-09-22 10:51 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Crypto
2023-07-04 10:50 - 2022-09-22 10:50 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Windows
2023-07-04 10:50 - 2022-05-12 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-07-04 10:50 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-07-04 10:50 - 2022-03-03 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HUAWEI
2023-07-04 10:50 - 2021-09-05 07:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2023-07-04 10:50 - 2020-11-19 12:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-07-03 23:51 - 2022-09-22 10:52 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2023-07-03 23:51 - 2022-09-22 10:52 - 000015243 _____ C:\WINDOWS\diagerr.xml
2023-07-03 23:23 - 2022-05-07 10:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-07-03 23:23 - 2022-05-07 10:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-07-03 23:22 - 2022-09-22 10:49 - 000618256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-03 22:08 - 2021-09-05 07:01 - 000000000 ____D C:\Program Files\TeamViewer
2023-07-03 21:38 - 2022-05-07 10:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-03 21:30 - 2021-09-04 00:16 - 000000000 ____D C:\Users\tzahi\AppData\Local\Packages
2023-06-30 16:39 - 2022-10-11 02:20 - 000000000 ____D C:\Users\tzahi\Desktop\Important Documents
2023-06-30 16:39 - 2022-05-12 04:59 - 000000000 ____D C:\Users\tzahi\Documents\Recovery Codes
2023-06-30 16:39 - 2021-09-05 07:41 - 000000000 ____D C:\Users\tzahi\Documents\PDF FIles
2023-06-29 15:33 - 2021-09-04 05:20 - 000000000 ____D C:\Users\tzahi\Documents\Rockstar Games
2023-06-29 15:32 - 2023-02-23 00:46 - 000000000 ____D C:\Users\tzahi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2023-06-29 15:32 - 2021-09-04 05:15 - 000000000 ____D C:\ProgramData\Rockstar Games
2023-06-29 15:32 - 2021-09-04 05:13 - 000000000 ____D C:\Program Files\Rockstar Games
2023-06-29 15:32 - 2021-09-04 05:13 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2023-06-29 11:55 - 2022-11-19 13:05 - 000000000 ____D C:\Users\tzahi\Desktop\English 181-191
2023-06-28 13:43 - 2023-05-12 13:43 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\UUS
2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-06-28 13:22 - 2022-05-07 10:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-06-28 13:00 - 2022-09-22 10:51 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-06-28 12:44 - 2021-03-09 07:43 - 000000000 ____D C:\Program Files\Intel
2023-06-28 10:59 - 2021-03-09 07:43 - 000000000 ____D C:\Program Files (x86)\Intel

==================== Files in the root of some directories ========

2021-09-05 07:08 - 2021-09-05 07:08 - 000000128 ____H () C:\Users\tzahi\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2021-09-12 12:38 - 2021-12-06 22:52 - 082428480 _____ (Sony) C:\Users\tzahi\AppData\Local\pcc.exe
2021-12-29 23:33 - 2022-01-14 12:15 - 000007597 _____ () C:\Users\tzahi\AppData\Local\Resmon.ResmonCfg

==================== FLock ==============================

2023-06-14 18:31 C:\WINDOWS\system32\smartscreen.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
Last edited by a moderator:
Addition:



Code: 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2023
Ran by tmmrcy (27-07-2023 19:17:59)
Running from C:\Users\tzahi\Desktop\PC Help Forum Tings
Microsoft Windows 11 Home Version 22H2 22621.1928 (X64) (2022-09-22 05:53:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-516455074-3529725477-31475253-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-516455074-3529725477-31475253-503 - Limited - Disabled)
Guest (S-1-5-21-516455074-3529725477-31475253-501 - Limited - Disabled)
tmmrcy (S-1-5-21-516455074-3529725477-31475253-1001 - Administrator - Enabled) => C:\Users\tzahi
WDAGUtilityAccount (S-1-5-21-516455074-3529725477-31475253-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Anaconda3 2022.10 (Python 3.9.13 64-bit) (HKLM\...\Anaconda3 2022.10 (Python 3.9.13 64-bit)) (Version: 2022.10 - Anaconda, Inc.)
Anaconda3 2022.10 (Python 3.9.13 64-bit) (HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\Anaconda3 2022.10 (Python 3.9.13 64-bit)) (Version: 2022.10 - Anaconda, Inc.)
Batman Episode 5 (HKLM-x32\...\Batman Episode 5_is1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Discord (HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Documentation Manager (HKLM\...\{619AF8CA-69CA-4463-88F7-86E2E387FB66}) (Version: 22.230.0.8 - Intel Corporation) Hidden
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.4.3 - DEV47APPS)
Dynamic Application Loader Host Interface Service (HKLM\...\{1216C70E-6887-41B6-8EDB-FD91B5A8708F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FiveM (HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\CitizenFX_FiveM) (Version:  - Cfx.re)
Foxit PhantomPDF (HKLM-x32\...\{0a0d1ae2-8a54-11ea-8e74-54bf64a63c26}) (Version: 10.0.0.35798 - Foxit Software Inc.)
Free Cam 8 (HKLM-x32\...\{31FACC6B-2EB0-4092-B715-FE8B8916A967}) (Version: 8.7.27159 - iSpring Solutions Inc.)
Halo 2 Project Cartographer (HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\Halo 2 Project Cartographer) (Version: 01.7.00.00 - H2PC)
HMS Core (HKLM\...\HMS Core) (Version: 6.6.0.300 - Huawei Technologies Co., Ltd.)
HP DeskJet 2130 series Basic Device Software (HKLM\...\{A81ACE32-12C9-43C8-BFD6-BEA725ACB9F4}) (Version: 40.11.1124.17107 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
Huawei PC Manager(Multi-screen Collaboration and Official Driver) (HKLM\...\PC Manager) (Version: 13.0.2.370 - Huawei Device Co., Ltd.)
HW OSD (HKLM\...\HwOsd) (Version: 11.0.5.3 - Huawei Device Co., Ltd.)
Intel Driver && Support Assistant (HKLM-x32\...\{0F7F6F7B-684E-435A-9FCE-C8A1F71EDA14}) (Version: 23.3.25.6 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM\...\{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel(R) Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{438CD419-50DF-4A15-B9AD-986D47085E54}) (Version: 2.4.09146 - Intel Corporation)
Intel(R) Dynamic Tuning (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10400.15556 - Intel Corporation)
Intel(R) Dynamic Tuning Technology (HKLM-x32\...\{bb67b2ec-1792-405b-8351-21bcc9f00f45}) (Version: 8.7.10400.15556 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{0703311b-31d5-4c17-9668-c48dee4b7749}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{209fc91f-5b9a-4901-ac8f-cb1759c75a18}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{34663e82-6c5e-4b48-b1b1-fee1881dc39b}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{55fc13d0-814b-49bb-b13b-27836022cfb9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8850e5d7-7f46-4a65-8f61-90533664733c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{907b050d-5a10-4585-a175-7003de7204b2}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{c4456f6f-fe06-4281-b612-7431efe37891}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{d1d0fa4c-90ba-4580-9bc0-161e91344b1c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{e8608a5e-87fa-4830-99b6-f679b87d3cb6}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Icls (HKLM\...\{DA3AEB76-773F-417C-B053-7A9A28F413B2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) LMS (HKLM\...\{2C22227F-09AF-4498-AEFD-6DC10FCD664F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2033.15.0.1783 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B3956502-1A32-4061-8A99-015E9EA66132}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{C046A888-9C09-411B-B3C8-73F77E861243}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{A670C124-DF72-42A3-8C1A-061FF3A09E29}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2031.2 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{BA425414-4D86-4FB0-8EEE-FA7F34E79C00}) (Version: 30.100.2031.2 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000230-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.230.0.2 - Intel Corporation)
Intel® Arc™ Control (HKLM\...\{13865A06-C2AB-4814-BAE6-69FCB841C8DA}) (Version: 1.69.5033.3 - Intel Corporation) Hidden
Intel® Arc™ Control (HKLM-x32\...\{5893f084-4b18-43be-a951-629c07848117}) (Version: 1.69.5033.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{0ddcdf18-17cd-44ad-af4e-ba6821421c30}) (Version: 23.3.25.6 - Intel)
Intel® Software Installer (HKLM-x32\...\{09b61d86-bc76-4353-a7d8-ebc9e2822195}) (Version: 22.230.0.8 - Intel Corporation) Hidden
Java 8 Update 371 (HKLM-x32\...\{71124AE4-039E-4CA4-87B4-2F32180371F0}) (Version: 8.0.3710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.32.271 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.32.271 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.16529.20182 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.142.0709.0001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\OpenIV) (Version: 4.1.1502 - .black/OpenIV Team)
Origin (HKLM-x32\...\Origin) (Version: 10.5.122.52971 - Electronic Arts, Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.74.1546_B - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.8.4 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.885 - TLauncher Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 125.0.10582 - Ubisoft)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WPS Office (11.2.0.11388) (HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\Kingsoft Office) (Version: 11.2.0.11388 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom Video Communications, Inc.)

Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-06] (INTEL CORP) [Startup Task]
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.477.714.2_x64__8wekyb3d8bbwe [2023-04-06] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack -> C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2023-02-23] (Microsoft Studios)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-18] (HP Inc.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1910.4.130.0_x64__8xx8rvfyw5nnt [2023-07-27] (Meta) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-07-17] (Microsoft Corporation)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-09-22] (Microsoft Corporation)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.2.16.0_x64__8wekyb3d8bbwe [2023-06-09] (Microsoft Studios)
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.17.0_x64__w2gh52qy24etm [2023-07-03] (A-Volute)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-10-26] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-15] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.247.0_x64__dt26b99r8h8gj [2023-07-03] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0 [2023-07-27] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2327.6.0_x64__cv1g1gvanyjgm [2023-07-13] (WhatsApp Inc.) [Startup Task]
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2023-07-03] (Matt Hafner)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-516455074-3529725477-31475253-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-516455074-3529725477-31475253-1001_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [HwShareMenu] -> {9557F42F-BD61-4E26-9752-33A8A20FC9F9} => C:\Program Files\Huawei\PCManager\ShareMenu.dll [2022-10-24] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DFSDriveMenu] -> {9557F42F-BD61-4E26-9752-33A8A20FC9F9} => C:\Program Files\Huawei\PCManager\ShareMenu.dll [2022-10-24] (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-06] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll [2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-23] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-07-06] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-516455074-3529725477-31475253-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll [2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-516455074-3529725477-31475253-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\office6\kwpsmenushellext64.dll [2022-11-19] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tzahi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2022-03-22 17:59 - 2021-10-30 07:08 - 001080832 _____ () [File not signed] C:\Program Files\HuaWei\wucs\sqlcipher.dll
2023-04-25 13:32 - 2023-04-25 13:32 - 001600512 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2023-04-25 13:32 - 2023-04-25 13:32 - 002165760 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2021-11-12 14:53 - 2021-11-12 14:53 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-11-12 14:53 - 2021-11-12 14:53 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-11-12 14:53 - 2021-11-12 14:53 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2023-03-15 00:10 - 2021-11-12 14:53 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Recovery:err [1590]
AlternateDataStreams: C:\ProgramData\droidcam-client-options-v2:8329C6407A [10]
AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [10]
AlternateDataStreams: C:\ProgramData\droidcam.log:ADD74D6E12 [10]
AlternateDataStreams: C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6:2EA0371A72 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net.lnk:E2208A86CD [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DroidCam Client.lnk:96D1DD3380 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF.lnk:4851378599 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Cam 8.lnk:6991C8B2BC [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP DeskJet 2130 series.lnk:25ED2E7AB7 [10]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2734]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-516455074-3529725477-31475253-1001 -> DefaultScope {D070BD48-05DB-4F29-BB4E-FCEA17667687} URL =
SearchScopes: HKU\S-1-5-21-516455074-3529725477-31475253-1001 -> {D070BD48-05DB-4F29-BB4E-FCEA17667687} URL =
BHO: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. -> )
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2020-04-22] (FOXIT SOFTWARE INC. -> )
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll [2023-03-17] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll [2020-04-22] (FOXIT SOFTWARE INC. -> )
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2020-04-22] (FOXIT SOFTWARE INC. -> )
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\sharepoint.com -> hxxps://doguakdeniz-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 14:14 - 2023-07-04 00:15 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2022-04-27 03:53 - 2023-07-06 14:03 - 000000525 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.114 HUAWEI_MatePad_11-ce7ac16.mshome.net # 2023 7 4 13 9 3 13 606
192.168.137.1 LAPTOP-BQN0JE4L.mshome.net # 2028 7 2 4 9 3 13 606

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-516455074-3529725477-31475253-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tzahi\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\abstract-background-5544x2480-10823.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-516455074-3529725477-31475253-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{EA28C9BF-57C5-43E3-A2F1-CCBA70771B67}G:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) G:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{EB19FCAB-5755-47FD-B469-2AC6B697F463}G:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) G:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [UDP Query User{B5F0B45F-121A-4751-8BCA-446A8D83452A}G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe] => (Allow) G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe => No File
FirewallRules: [TCP Query User{AD6655D5-D0F0-4383-9CFF-B4CF0DA2FF31}G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe] => (Allow) G:\games\epic games\arksurvivalevolved\shootergame\binaries\win64\shootergame.exe => No File
FirewallRules: [UDP Query User{F628B4F6-1D8D-45A0-9E94-7CF81819442B}G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{A0BCCD4D-9A5B-4B0B-A7F2-A0786144B0BF}G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) G:\games\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C6452449-CB73-4359-A274-18F6844A794E}G:\games\epic games\fallguys\fallguys_client_game.exe] => (Block) G:\games\epic games\fallguys\fallguys_client_game.exe => No File
FirewallRules: [TCP Query User{4D4716CE-B023-4059-8BB5-69109DE13CD6}G:\games\epic games\fallguys\fallguys_client_game.exe] => (Block) G:\games\epic games\fallguys\fallguys_client_game.exe => No File
FirewallRules: [UDP Query User{0079DD27-BE20-40EF-96B7-B041B8C38B42}C:8\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:8\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{8290BD0F-9C0D-4C57-B4E6-6BD9F1BF4979}C:8\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:8\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{EC880E9B-6339-4142-A9DF-195CF4B7F548}C:4\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:4\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{7455CCF7-4821-46E1-9AC4-99DAAC1ED0C9}C:4\games\call of duty modern warfare\modernwarfare.exe] => (Allow) C:4\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{86A1D011-AF02-4E84-905B-041E00021A8E}G:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{FD82AA22-29D1-463E-BEA6-B6BCFFE9B6F6}G:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) G:\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{91A86FBF-F7E3-4D90-8B48-AB7AE27860E5}C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [TCP Query User{D7262939-48C9-4911-9D26-FC73EBD360B3}C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [{01148211-9260-478B-BFBE-BEBF656A6723}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{C6947DE2-5C0B-473A-8EEC-87C982DD0923}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{DDCD9EDB-FA3F-4A35-A805-FFDE8C260241}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{C6A1318C-2AA9-4295-B067-F1E127337781}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{B85120DE-6858-4F4F-9A5C-04534AC5DB19}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{51474B11-90B4-42F4-BA7B-2F0EF0E2EBA6}] => (Allow) G:\Games\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [UDP Query User{6E76F11A-31FD-47D9-808C-DC26B315FB10}G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [TCP Query User{D74A2248-60C0-4216-BC08-9EC19356DCC4}G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe] => (Allow) G:\steamlibrary\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [{DF69DABD-6F13-4E02-B946-3434A01E33D3}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{7B70BD56-3B0F-434B-ABF3-FC98622B5050}] => (Allow) G:\\Nox\bin\Nox.exe => No File
FirewallRules: [{9EB7B4F0-A658-4C3C-8826-10F4D6FDCEE0}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{0AC01DF3-1247-44E6-9ACB-C344CC07ABCE}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\eac_wt_mlauncher.exe => No File
FirewallRules: [{B17DD100-466D-4D6A-9761-32E58F86D229}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [{21132FD2-9F3A-446C-A5C4-26A2E43892C5}] => (Allow) C:4\SteamLibrary\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [UDP Query User{CDAC9157-EF8A-44EF-9199-6A6DCF877134}C:\users\tzahi\appdata\roaming\.minecraft\runtime\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming\.minecraft\runtime\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{ACC88C82-6E4A-4F4F-A795-73DB027299AB}C:\users\tzahi\appdata\roaming\.minecraft\runtime\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming\.minecraft\runtime\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{2218EC88-AB59-40E2-8429-C7901D99CB2C}] => (Allow) C:6\Games\Apex\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{D80405D4-2D08-47F3-93C3-E289D250F4DF}] => (Allow) C:6\Games\Apex\EasyAntiCheat_launcher.exe => No File
FirewallRules: [UDP Query User{B67C447F-BB5D-45A2-81D9-F74B8A9638DE}C:0\games\alienisolation\ai.exe] => (Allow) C:0\games\alienisolation\ai.exe => No File
FirewallRules: [TCP Query User{0F2EE437-3297-4AD6-9036-C68B225E1ED2}C:0\games\alienisolation\ai.exe] => (Allow) C:0\games\alienisolation\ai.exe => No File
FirewallRules: [UDP Query User{6B9146FE-1C34-4923-AEF8-2C7854C53F6A}C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{40B18058-B3EA-410C-AABC-67F7B0CE5A76}C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) C:8\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [{AF31A34F-3AE4-4177-852C-FB25F9EA6512}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe => No File
FirewallRules: [{670A6739-0E4B-4FA0-B399-AFA9BF3DCCEB}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe => No File
FirewallRules: [{F7D4E450-DA93-4EE0-8A49-71E56D22956B}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
FirewallRules: [{48D7F757-F925-4334-9406-86D65CEEDF92}] => (Allow) G:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
FirewallRules: [UDP Query User{C9823F84-1984-4090-907F-DC3702EE5C3C}G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{9B1C125E-F31B-4EB1-A660-4A42AD0031B8}G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe] => (Allow) G:\steamlibrary\steamapps\common\destiny 2\destiny2.exe => No File
FirewallRules: [UDP Query User{8D778748-74C2-4A53-8246-F355CDB36559}D:\games\thealtocollection\the alto collection.exe] => (Allow) D:\games\thealtocollection\the alto collection.exe => No File
FirewallRules: [TCP Query User{BE086E0D-5C43-4C1F-9345-8CFBB02837E0}D:\games\thealtocollection\the alto collection.exe] => (Allow) D:\games\thealtocollection\the alto collection.exe => No File
FirewallRules: [UDP Query User{93616156-6050-4782-9135-382098F0125B}C:\users\tzahi\downloads\_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe] => (Allow) C:\users\tzahi\downloads\_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe => No File
FirewallRules: [TCP Query User{F2376F81-F25A-4240-9DA7-074BED35B83A}C:\users\tzahi\downloads\_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe] => (Allow) C:\users\tzahi\downloads\_oceanofgames.com_beamng_drive_v0.17.0.2\beamng.drive.v0.17.0.2\bin64\beamng.drive.x64.exe => No File
FirewallRules: [UDP Query User{13D6E50B-8C50-4C01-BD48-F76ED594F5C1}C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe] => (Allow) C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe => No File
FirewallRules: [TCP Query User{353ACCB8-F62C-488B-A610-12860458E4DE}C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe] => (Allow) C:\users\tzahi\appdata\roaming\utorrent\updates\3.5.5_46200.exe => No File
FirewallRules: [UDP Query User{9ADC7A0D-6B8A-4780-AD91-F58B0AF10FE3}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [TCP Query User{4DD82B7C-7456-4F85-AC55-594AC94FF4F9}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe => No File
FirewallRules: [{5240E39F-9644-4A12-BD38-D757DE5CDE3B}] => (Allow) C:\Program Files\Huawei\PCManager\HWVCR.exe => No File
FirewallRules: [UDP Query User{C5CC5E83-9AE7-430E-8A69-893AAB721002}G:\games\alienisolation\ai.exe] => (Allow) G:\games\alienisolation\ai.exe => No File
FirewallRules: [TCP Query User{13C379D5-EDCE-4E1F-AAA7-7056FB3B1656}G:\games\alienisolation\ai.exe] => (Allow) G:\games\alienisolation\ai.exe => No File
FirewallRules: [UDP Query User{B31C2896-6F9F-4BB8-915F-6463DE3E92CA}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{57A72B6A-3BC4-4BC4-B935-F764EE63E2C1}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{BFDC8DDA-B806-4CFA-936F-74361414B688}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
FirewallRules: [{D349103B-4285-496E-9CB5-0D02ACF2C655}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
FirewallRules: [{3E641BF7-7B82-4104-AE0B-9DB957AD3993}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
FirewallRules: [{D4E98496-5FB9-439E-84B8-CA29C65E524D}] => (Allow) D:\Games\BatmanArkhamKnight\Binaries\Win64\BatmanAK.exe => No File
FirewallRules: [UDP Query User{032F130F-CE2D-4F0B-9689-EA25664C3B61}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
FirewallRules: [TCP Query User{2E72795F-2FCB-4F29-9BC2-918C792784CE}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
FirewallRules: [UDP Query User{96736BC3-6EAF-4D40-9749-EDDA9C099D12}C:4\haloinfinite.exe] => (Allow) C:4\haloinfinite.exe => No File
FirewallRules: [TCP Query User{799FC99B-3EE1-4608-8404-58E4F28D94C1}C:4\haloinfinite.exe] => (Allow) C:4\haloinfinite.exe => No File
FirewallRules: [UDP Query User{A22BB818-D073-47B3-A13D-9EE73A3A4545}G:\games\need for speed heat\needforspeedheat.exe] => (Allow) G:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{F2201F51-2D5A-477A-950E-92DDF6F77CBC}G:\games\need for speed heat\needforspeedheat.exe] => (Allow) G:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{9147ECAD-4EA4-4DEB-BF1D-AFA2E046C448}D:\games\halo - combat evolved\halo.exe] => (Allow) D:\games\halo - combat evolved\halo.exe => No File
FirewallRules: [TCP Query User{19BA2A16-59CB-4748-B66A-B30F21E6F212}D:\games\halo - combat evolved\halo.exe] => (Allow) D:\games\halo - combat evolved\halo.exe => No File
FirewallRules: [UDP Query User{F36DEEA1-23BF-4B09-B3D4-B174E93CDB1F}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [TCP Query User{896A95CD-3759-4D51-9AF0-D659AA3F8C5B}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [UDP Query User{33AD8D6C-6243-43FD-80BF-F6F245D9FC85}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [TCP Query User{2A7286D4-1DDC-4BDC-8C8D-44F453D2D5AD}D:\games\batmanarkhamcity\binaries\win32\batmanac.exe] => (Allow) D:\games\batmanarkhamcity\binaries\win32\batmanac.exe => No File
FirewallRules: [UDP Query User{6979730F-9FD2-4E15-851D-42273A7836B5}E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
FirewallRules: [TCP Query User{7FAF4581-5E01-4380-A2AC-6EAAFEA7D2DA}E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) E:\games\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
FirewallRules: [UDP Query User{7D0A512A-8B78-4D8E-8FA4-6866B09C41AA}D:6\games\need for speed heat\needforspeedheat.exe] => (Allow) D:6\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{A7AEAB1E-82BA-48A9-93F3-A6422090A5CB}D:6\games\need for speed heat\needforspeedheat.exe] => (Allow) D:6\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{0ACBD6DF-7CCF-4C90-B544-0490AFF45C28}C:8\games\need for speed heat\needforspeedheat.exe] => (Allow) C:8\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{E076492C-43A7-4F0D-B98F-56C18F280BFC}C:8\games\need for speed heat\needforspeedheat.exe] => (Allow) C:8\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{34220ABC-610D-48E8-9E83-5077596F3D71}C:0\games\need for speed heat\needforspeedheat.exe] => (Allow) C:0\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{6C337EA5-260D-44CF-A356-0C9EE5A03E9D}C:0\games\need for speed heat\needforspeedheat.exe] => (Allow) C:0\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{7474242E-5991-44A3-8A26-8BBFDCD44427}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
FirewallRules: [TCP Query User{AB423B4E-4F6A-4D37-9175-822D9220F913}D:\games\halo 2 project cartographer\halo2.exe] => (Allow) D:\games\halo 2 project cartographer\halo2.exe => No File
FirewallRules: [UDP Query User{20C3997E-BCFB-448B-8B6A-3C2A949E262F}E:\games\need for speed heat\needforspeedheat.exe] => (Allow) E:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{633368D0-825A-4931-A016-8C0063235851}E:\games\need for speed heat\needforspeedheat.exe] => (Allow) E:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{A3AADF0F-C0D6-4D16-8D97-6D50753F8CDE}E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe] => (Allow) E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{6F079768-278D-4793-89E7-FFAEA7A20C57}E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe] => (Allow) E:\need.for.speed.heat.fixed\need.for.speed.heat.fixed\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{492D7C10-DE5B-4F47-A6A7-C509ACC13DAB}E:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) E:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{A3E321D0-A618-4D5A-8CBA-D7AEDB6D02A8}E:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) E:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [{483E1497-5E75-4E0C-9C99-49677EACA549}] => (Allow) C:\Users\tzahi\AppData\Local\Temp\7zS1821\HP.EasyStart.exe => No File
FirewallRules: [{624BF7BD-7287-46A3-8BA5-DDE03D760207}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{745143F7-3627-4358-B774-65469BB22287}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [UDP Query User{2BE7F379-EA57-4382-AA63-BDDF28BCC7A7}D:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{6BE017BB-76DD-4F71-BE14-7D89CA9874CE}D:\games\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\games\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [UDP Query User{7C4ED888-1FF2-4BC2-AFC5-FADBE245A80F}C:\users\tzahi\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{27ECEF1F-3BA5-408E-9365-942DD0019CB7}C:\users\tzahi\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{B5E25C3C-619E-4DF7-8CE9-13D3BC92A016}D:\games\call of duty - world at war\codwawmp.exe] => (Allow) D:\games\call of duty - world at war\codwawmp.exe => No File
FirewallRules: [TCP Query User{3688B6D7-87FE-4ACC-AEA5-A2F1D916A656}D:\games\call of duty - world at war\codwawmp.exe] => (Allow) D:\games\call of duty - world at war\codwawmp.exe => No File
FirewallRules: [UDP Query User{B4F8C979-E8D9-4621-99DC-39CB33225CF9}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [TCP Query User{46BC3532-350C-4B08-879B-6CA2D25348B8}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{981D4048-3A8E-466A-8A6E-33CE7E14930B}D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [TCP Query User{CEB568B2-B264-4B20-A3AC-1883A3B110CD}D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe] => (Allow) D:\scrap.mechanic.v0.5.1.659\scrap.mechanic.v0.5.1.659\scrap mechanic\release\scrapmechanic.exe => No File
FirewallRules: [UDP Query User{CF9F81C2-2267-47CB-A8D2-7C26F4D9F630}C:\users\tzahi\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{4063D162-4AE4-40DF-AFFF-DEAB784CA913}C:\users\tzahi\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\tzahi\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{EBADD02C-BBC9-4F0F-9F8F-66DE30B15C99}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{0216A500-D61C-46EB-8B32-DE85C9E383D1}D:\gtav\gta5.exe] => (Allow) D:\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{8FA96D3B-E7E6-45FF-9065-A1D32C49FB38}E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
FirewallRules: [UDP Query User{48AE4541-051A-47BB-8800-EA48B79BD852}E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\2016 office\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
FirewallRules: [{B562A4CE-27C2-4D1D-B7E4-3A36C96E0F92}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{304EE8D8-3F5A-49A5-BECF-3575DB29617E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BAFF4445-C787-451D-ABE8-BDC6E4FAC935}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A24A1572-C7C5-4B01-B3AC-B0E51B6CE4E8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4E91C996-AC44-4DBD-B236-80F2EEB400A1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{2F9AC40A-89F9-42DF-8DAC-1E95C36F659E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{E181A739-F50D-47C4-B096-B24A0FE73C69}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{D49FB4CB-2370-485A-B4F9-0F0DBEA5B0ED}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{DF49A91C-5D4E-469B-B7CE-643823718E89}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{FF74FF6D-CE35-49AF-BCC6-3FE721870BFC}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{06E27EE6-529B-47B7-B780-C7C90E0ED745}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{191F5EB6-5D65-45FD-A5C3-497B3FE7E194}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{D98FDDD9-F538-49E3-8C37-15C161B58243}] => (Allow) C:\Users\tzahi\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{2A31E666-7087-4A06-95CA-C91D900259B9}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{4213F32C-23B4-45CC-B534-0DF1FE3B2E5D}D:\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{164886CA-B042-419F-9A19-8B2FD218A56B}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{55CCA0CE-89F8-46B3-A341-76D1F41F9389}D:\games\call of duty - world at war\codwaw.exe] => (Allow) D:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [TCP Query User{A945DC9E-537C-4D94-BE0F-5C583BF08EC2}D:\games\need for speed heat\needforspeedheat.exe] => (Allow) D:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{296D16E9-D655-4045-8277-49C46A79C436}D:\games\need for speed heat\needforspeedheat.exe] => (Allow) D:\games\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{052E67D2-1DEF-4EF8-A9C6-0474F5E19FB8}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{A272DE0D-1538-40C5-8009-DFECDAE829F0}D:\games\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\games\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{08784593-E73B-4C4B-BE0B-7BCE48CF8476}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{AF409DEC-2DB2-4B0C-B6C9-750C36ADA323}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{E5FBC816-AC93-40F4-B865-10090B2324FE}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [UDP Query User{14DBF5DF-3D0A-4F40-A274-B342EA877FF0}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\53df87b7-962c-419e-94be-39c94be73dc7\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [TCP Query User{688E2E3D-AAFB-40FA-9D31-39E89F90AC8F}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [UDP Query User{95A5A608-C279-42A9-ADE4-D68320D5B4CD}C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\temp\microsoftedgedownloads\b6403e6f-4fbd-416e-9e1a-9a029cacedf0\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe => No File
FirewallRules: [TCP Query User{F5917260-8A37-4CF4-80D9-066BEF8509A2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{B2C71823-5E92-4AA9-BC02-D15A42562402}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{404A6B72-A68D-4603-8F4C-46CF062CDD13}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{474F5B6E-7604-49E4-89B7-5EC033D01880}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{4A0FDF09-C814-4D16-8B2B-311A6B34D8BE}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{088B53CC-385E-4375-8986-0D21D16223F9}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{1739FFA1-65B5-4DA9-AAE0-AE9BDAAF28A2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{2EA08748-D7F4-4FF0-8843-A97F80082E6E}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{67879EC0-7F45-43E2-A1BE-6E172D789D8E}E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
FirewallRules: [UDP Query User{911A7058-14F7-469B-B8F3-AAF9868BD92B}E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe] => (Allow) E:\zip files\office 2013-2016 c2r install v5.9.5\files\bin\kmss.exe => No File
FirewallRules: [TCP Query User{F338CC62-138A-4312-916E-1A7175017E8C}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{3902C0A1-9C7B-4A41-AC27-62391E508EC2}D:\games\gtav\gta5.exe] => (Allow) D:\games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{0F56E17D-578F-4D7D-A730-0F0B080E1139}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{02FE9A59-75D1-4B09-810C-BAE04F5E68BD}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{82549B22-3496-4A57-9AD6-883C97470EFD}G:\games\call of duty - world at war\codwaw.exe] => (Allow) G:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{575F1E90-FC88-48C5-A116-C87C21E942DD}G:\games\call of duty - world at war\codwaw.exe] => (Allow) G:\games\call of duty - world at war\codwaw.exe => No File
FirewallRules: [{868539F8-B2F4-44DB-AA82-C1B99DCC3AE9}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
FirewallRules: [{F2000940-5EE3-4319-B89D-93FB90F55851}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe => No File
FirewallRules: [TCP Query User{FCF10B71-8708-4A5A-B4C2-1C88081325DD}G:\games\epic games\gtav\gta5.exe] => (Allow) G:\games\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{DFBA9E29-CF2C-4602-9AFB-5F05A40658DB}G:\games\epic games\gtav\gta5.exe] => (Allow) G:\games\epic games\gtav\gta5.exe => No File
FirewallRules: [{47A73207-3BA6-4617-9183-C3E577806E1B}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{695AA84C-C6F1-44FE-8A8B-7618020CBD29}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{C41F783A-62C6-47A9-8B25-EA25514E98F3}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{CC70A4A5-D07B-4BF0-993C-EB4F4D8E00CC}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{EA7AEB47-F243-4E32-A7F7-283E5B034C33}] => (Allow) C:\Program Files\Huawei\PCManager\HwExScreen.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{EB743446-677D-4E57-9163-574EEE2191E6}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{77FC2787-94C0-401A-8017-4937626ABB15}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{077ECFA9-D03C-48B1-A262-0305C940FE98}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{7CA8893A-BD42-4A46-BB93-B77E47B0D3B2}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{246D140C-9362-471F-9378-FFDBA944F763}] => (Allow) C:\Program Files\Huawei\PCManager\HwMirror.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{75B3F4BD-8A15-4F76-B3A8-A87D82722CF0}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{73F30F65-AE19-4C2B-AE1C-DE4AF1996A00}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{907EDA94-129E-4E08-94F2-B3D0FD5A5DEA}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{7F5EAC2E-9BFB-4AEE-AE7A-231CFB2197B7}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{ED348C74-04D7-4833-8A83-B1461AD0B438}] => (Allow) C:\Program Files\Huawei\PCManager\hmdfsservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{B6F7D6F6-8E19-443B-815C-18AF3CAE6958}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{BE1C6A13-DA3A-46BD-A88A-874C083EE926}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{FA1E39E1-6A96-4BB8-AC9C-EE2E4B67EF9E}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{DBDFA9E9-8495-40B3-A85E-B08396CC5B84}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{A27B01A1-3CB8-49D1-9561-8DF592C30BC3}] => (Allow) C:\Program Files\Huawei\PCManager\distributedfileservice.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{7D9704AE-8F10-499D-A17C-494D69BE8B1A}] => (Allow) C:\Program Files\Huawei\PCManager\WeLook.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{A366E840-6FA3-46F7-8BA4-BC0DE8F5EA51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{B936A21D-4D1B-4007-9CE3-2A57C9687689}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{18E9511D-46B7-4AF6-B5A7-246DC43E1FD0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7C927E17-F6A0-4FF0-8A51-60413B2D3297}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{33F23815-FBA9-4F0E-AD13-86CEA1F3A12B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0F54CC9A-62FA-4252-A806-03BE91226BD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{55452FB0-B240-44E1-ABE9-353B866A3337}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{80039718-1023-4E22-9EE4-4AC364E70D2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{644642DF-CAEF-47FF-9E40-0470941187AA}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3BB5B344-A168-41FE-BC38-696315D9485D}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0B369198-1A59-4B7F-B0BC-46C9EFAD6998}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{93358649-8692-4B9B-BFD5-CF3A5462AF41}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{3221B027-1D2C-4539-A3EB-7B37128F8051}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{96CA939F-6DAD-40A1-B381-68E0F1356FF3}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7C526CC0-51BE-429B-B68D-774591ADD0C9}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{DD682023-17D4-4D26-8649-59378350961A}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6D73BF28-7E09-469D-AC55-6B6BA3B07165}] => (Allow) G:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe => No File
FirewallRules: [{08B6734A-AD50-4CC9-A5AC-11BABE336224}] => (Allow) G:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe => No File
FirewallRules: [TCP Query User{3518FD20-0E74-4BCB-B848-9C4457DC352C}C:0\games\epic games\gtav\gta5.exe] => (Allow) C:0\games\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{901B7417-78B6-44AB-BC9E-84080A7A6BD9}C:0\games\epic games\gtav\gta5.exe] => (Allow) C:0\games\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{6E18A220-0088-40AB-BC50-A213E8CF5608}C:4\games\epic games\gtav\gta5.exe] => (Allow) C:4\games\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{CAEBC1F0-DE91-401C-9B66-1805EEE89BD0}C:4\games\epic games\gtav\gta5.exe] => (Allow) C:4\games\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{95F4086A-76EA-400E-86AA-86889102979E}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [UDP Query User{754DE51B-2ECA-4221-B4A2-C12D1625CCC2}C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe] => (Allow) C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [TCP Query User{E8CFD126-90D3-40C1-B8D7-E06FFD558F15}C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [UDP Query User{61E94D63-A178-41EF-9D53-2012B3394D0D}C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [{2EA198D2-F5CF-4D21-A571-02146DBDD8D3}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E76499F9-0013-4AD2-92F4-24818FD67E3D}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23078.300.1950.927_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45187A72-1DCD-44B4-8BB9-4242BD246879}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5D43B417-5712-4C53-9794-FBCEEB050768}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{7FE08657-F96A-4A49-B769-4DD6948BC24D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{2DAA5A39-D37F-43EC-BE02-D79E3B8022A3}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{F9B8995A-E3A9-4E03-9241-99B8D9976B43}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{BCCB7EE4-7A09-4BBA-9A1E-AFE04873401A}] => (Allow) C:\Users\tzahi\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{4B1354C8-E7D9-4F54-A867-0B13C15A7E28}] => (Allow) C:\Users\tzahi\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{3F5EC13A-0B96-4296-A464-E31497309942}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{D2DFC4EA-6248-45D4-B03B-B2EC1409BBD7}] => (Allow) C:\Users\tzahi\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{278016B9-43AA-4390-8983-313FF73E2172}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46C04076-8BB7-4A78-932B-8BFDA90D3301}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E80FDD3F-1ACE-438D-9AED-9AE369953EC4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D537EC0D-64E5-4776-B192-A46D464D029C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{4DD6DC7E-93FB-4F27-872E-C6A6486B57E7}G:\games\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe] => (Allow) G:\games\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [UDP Query User{2F8AB3E9-CCE1-4574-AABF-7AD8443025D9}G:\games\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe] => (Allow) G:\games\epic games\batmanarkhamasylum\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [{E6783EBE-1E2F-4084-A177-9A11FB312229}] => (Allow) C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe (Huawei Device Co., Ltd. -> Huawei Device Co., Ltd.)
FirewallRules: [{950CCA77-40F3-47BF-A937-04B1F204503B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F2A58129-F755-4310-9FE3-BF78F9383CBB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3C8CAAD9-FCA1-45FD-B00D-F1BBBCF93A2D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F500499C-6AA0-488C-BB34-D001E6413A0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0A0D2096-8A31-41D7-93CE-DB405A745F43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D131EACF-AE3E-4826-AA68-3D9A8E924F2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6CFA9FFC-3344-41AB-ACA8-15C7F9B9CE13}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{862D8FF7-7FFC-408E-AD9B-E5897628EEE1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{43CA19FF-5559-431F-8BFE-986636CCBEE5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FA7F6C92-54C6-4194-A474-41FCE97626AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{39BA118D-01D2-45FC-ACA4-F278508898E4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:461.23 GB) (Free:167.75 GB) (36%)

==================== Faulty Device Manager Devices ============

Name: Virtual Display Device
Description: Virtual Display Device
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Huawei
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/21/2023 06:41:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/21/2023 06:41:07 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/21/2023 06:41:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (07/21/2023 06:41:07 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/18/2023 05:32:55 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-BQN0JE4L)
Description: Faulting application name: GTA5.exe, version: 1.0.2944.0, time stamp: 0x6481e52b
Faulting module name: clr.dll, version: 4.8.9167.0, time stamp: 0x648f6bcc
Exception code: 0xc000041d
Fault offset: 0x00000000005f8960
Faulting process id: 0x0x4f50
Faulting application start time: 0x0x1d9b97185bb28ce
Faulting application path: G:\Games\Epic Games\GTAV\GTA5.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: 890aed60-37a4-414a-bcd0-c23a51da1370
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2023 12:13:12 AM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0xcaa70004mcpmanagementservice.dll

Error: (07/18/2023 12:13:12 AM) (Source: Universal Print) (EventID: 1) (User: )
Description: Error requesting OAuth token. hr: 0xcaa70004, WebTokenRequestStatus: 5, Error: The server or proxy was not found.mcpmanagementservice.dll

Error: (07/18/2023 12:13:10 AM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0xcaa70004mcpmanagementservice.dll


System errors:
=============
Error: (07/27/2023 04:55:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NKSQGP7F2NH-5319275A.WhatsAppDesktop.

Error: (07/27/2023 04:48:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9N36PPMP8S23-A-Volute.Nahimic.

Error: (07/27/2023 04:43:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (07/27/2023 03:51:56 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-BQN0JE4L)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (07/27/2023 03:48:50 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS Compatible Device, {f56d216f-17ce-4734-aca7-25767677a9dd}, had event 74

Error: (07/27/2023 03:48:45 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {09488615-b6d1-4e7d-beb0-98da4ac09c15}, had event 74

Error: (07/21/2023 08:35:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
This driver has been blocked from loading

Error: (07/21/2023 08:35:24 PM) (Source: Microsoft-Windows-WER-SystemErrorReporting) (EventID: 1001) (User: NT AUTHORITY)
Description: 0x000000be (0xffffac8fbbce7000, 0x8a00000446f95121, 0xfffff8053bba2810, 0x000000000000000a)C:\WINDOWS\Minidump\072123-7609-01.dmp2530c8c0-868a-48f8-8ecc-61b80dff4ad4


CodeIntegrity:
===============
Date: 2023-07-27 15:53:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-17 18:18:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-16 22:02:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.79\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-12 21:15:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-04 00:10:46
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\protected_elam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: HUAWEI 1.18 11/02/2022
Motherboard: HUAWEI BOD-WXX9-PCB
Processor: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 16183.3 MB
Available physical RAM: 9068.51 MB
Total Virtual: 17207.3 MB
Available Virtual: 9820.76 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:461.23 GB) (Free:167.75 GB) (Model: WDC PC SN730 SDBPNTY-512G-1027) NTFS

\\?\Volume{9a0dabee-9acc-4d60-be69-c3079cfd1a82}\ (WINPE) (Fixed) (Total:0.5 GB) (Free:0.13 GB) FAT32
\\?\Volume{494f1438-4524-4393-8a1c-323bdd1f24ec}\ (Onekey) (Fixed) (Total:14 GB) (Free:1.77 GB) NTFS
\\?\Volume{b395fef3-abfd-4d8e-a4a8-4a1a0f71ea08}\ (WinRE) (Fixed) (Total:1 GB) (Free:0.35 GB) NTFS
\\?\Volume{0a1fd3ba-eb4e-4d8d-83e7-d6538410e931}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.14 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================
 
Last edited by a moderator:
Again.... I'm sorry I haven't replied in a while. It's just wi-fi is pretty bad so i haven't even used my laptop, just been checking the site on my tablet hope the logs I've uploaded help. 🙌
 
I will have to make a reply here tomorrow. I had a 14 hour work day today.
 
ZHP cleaner Scan.


Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.

ZHP Diag Scanner.

Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.
 
OK, The tools will clean some junk and give me a deeper look into your system to make sure I clean up proper.


Are you still having any issues? If so what are they?
 
Yes, I still can't get into windows security although the command prompt window that opens at startup only happens sometimes.
 
However, I'm downloading the ZHP stuff right now. I'll report back any changes once that's done
 
~ ZHPCleaner v2023.7.31.36 by Nicolas Coolman (2023/07/31)
~ Run by tmmrcy (Administrator) (05/08/2023 13:42:08)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Illegal
~ Type : Repair
~ Report : C:\Users\tzahi\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\tzahi\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 22621)

---\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

---\ Services (0)
~ No malicious or unnecessary items found. (Service)

---\ Browser internet (0)

---\ Hosts file (1)
~ The hosts file is legitimate (1)

---\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

---\ Explorer ( File, Folder) (1)
MOVED folder: C:\Users\tzahi\AppData\Local\Microsoft Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache

---\ Registry ( Key, Value, Data) (15)
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Discord [] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r [] =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\Discord [URL:Discord Protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-1001157001461629108 [URL:Run game 1001157001461629108 protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-379371722685808641 [URL:Run game 379371722685808641 protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-382624125287399424 [URL:Run game 382624125287399424 protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-432980957394370572 [URL:Run game 432980957394370572 protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-475006012840083466 [URL:Run game 475006012840083466 protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-478935469887848448 [URL:Run game 478935469887848448 protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-645224472219090945 [URL:Run game 645224472219090945 protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-694907641662537798 [URL:Run game 694907641662537798 protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-770314100885422095 [URL:Run game 770314100885422095 protocol] =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-800743764351254569 [URL:Run game 800743764351254569 protocol] =>.SUP.Discord
DELETED key**: HKCU\Software\Discord [] =>.SUP.Discord
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Discord [Discord Inc.] =>.SUP.Discord

---\ Summary of the elements found (3)
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache
https://nicolascoolman.eu/forum/Topic/Discord-logiciel-potentiellement-superflu-lps/ =>.SUP.Discord
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Adware.Navipromo

---\ Other deletions. (16)
~ Registry Keys Tracing deleted (16)
~ Remove the old reports ZHPCleaner. (0)

---\ Result of repair
~ Repair carried out successfully
~ Microsoft Edge OK
~ Microsoft Internet Explorer OK

---\ Statistics
~ Items scanned : 1121
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 10/18

---\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of clean in 00h00mn25s

---\ Reports (2)
ZHPCleaner--05082023-13_41_15.txt
ZHPCleaner-[R]-05082023-13_42_33.txt
 
I think the above report is only of the repair. If you want I'll do the scan again and paste the report. I actually didn't realize the report was on the webpage that opens afterwards, kinda looked like malware itself😅. Going to do the ZHP suite now
 
This is the ZHP Suite report:



[00A657F778B31AE523D667131718D16EB2] [06/07/2023] (.Malwarebytes Inc..) - C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe
[00A657F778B31AE523D667131718D16EB2] [06/07/2023] (.Malwarebytes Inc..) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
[00A657F778B31AE523D667131718D16EB2] [06/07/2023] (.Malwarebytes Inc..) - C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
[01000000000115372421A8] [03/07/2023] (.Noriyuki MIYAZAKI.) - C:\WINDOWS\System32\WinRing0x64.sys
[01616E5E84494C777A0CE5D8D2EA3093] [20/04/2021] (.DEV47 APPS LTD..) - C:\Program Files (x86)\DroidCam\DroidCamApp.exe =>.Not verified
[01E20D5BE0B5190B1DBFDE9BEF380D9A] [21/09/2021] (.Discord Inc..) - C:\Users\tzahi\AppData\Local\Discord\Update.exe =>.SUP.Discord
[0222A8D60B06B04FAFFBDA53EFFD5795] [15/06/2023] (.HP Inc..) - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe
[0222A8D60B06B04FAFFBDA53EFFD5795] [18/07/2023] (.HP Inc..) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
[02D6AAEAB3924859805EBB529E314DE0] [14/02/2023] (.Discord Inc..) - C:\users\tzahi\appdata\local\discord\app-1.0.9011\discord.exe =>.SUP.Discord
[03B4BC5EE79D842C03930B8619EDEAE4] [05/09/2021] (.Zoom Video Communications, Inc..) - C:\Users\tzahi\AppData\Roaming\Zoom\bin\Zoom.exe
[03B4BC5EE79D842C03930B8619EDEAE4] [27/08/2021] (.Zoom Video Communications, Inc..) - C:\Users\tzahi\AppData\Roaming\Zoom\uninstall\Installer.exe
[04C530703A210EC1D6F83CB4FE1118C5] [27/07/2023] (.Spotify AB.) - C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.216.947.0_x64__zpdnekdrzrea0\Spotify.exe
[05308B76AC2E15B29720FB4395F65F38] [28/07/2021] (.Oracle Corporation.) - C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys
[05308B76AC2E15B29720FB4395F65F38] [28/07/2021] (.Oracle Corporation.) - C:\WINDOWS\System32\drivers\VBoxNetLwf.sys
[054F466CECCBE9D6BEE81F5435E64D47] [05/02/2021] (.Valve.) - C:\Program Files (x86)\Steam\uninstall.exe
[05A81D3B96270D9A1DEB07CD8867D0A9] [19/11/2022] (.Zhuhai Kingsoft Office Software Co., Ltd..) - C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\11.2.0.11388\utility\uninst.exe =>.Not verified
[05A81D3B96270D9A1DEB07CD8867D0A9] [19/11/2022] (.Zhuhai Kingsoft Office Software Co., Ltd..) - C:\Users\tzahi\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe =>.Not verified
[0689B3BCEB4409890A32D71976B132A4] [29/04/2023] (.Valve Corp..) - C:\Program Files (x86)\Common Files\Steam\steamservice.exe
[0689B3BCEB4409890A32D71976B132A4] [29/04/2023] (.Valve Corp..) - C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
[0689B3BCEB4409890A32D71976B132A4] [29/04/2023] (.Valve Corp..) - C:\Program Files (x86)\Steam\Steam.exe
[068BE2F53452C882F18ED41A5DD4E7A3] [17/03/2023] (.Oracle America, Inc..) - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
[0751A21B29586708685BB12FFCC97D05] [13/03/2023] (.Electronic Arts, Inc..) - C:\Program Files (x86)\Origin\Origin.exe =>.Not verified
[0751A21B29586708685BB12FFCC97D05] [13/03/2023] (.Electronic Arts, Inc..) - C:\Program Files (x86)\Origin\OriginClientService.exe =>.Not verified
[0751A21B29586708685BB12FFCC97D05] [13/03/2023] (.Electronic Arts, Inc..) - C:\Program Files (x86)\Origin\OriginUninstall.exe =>.Not verified
[0751A21B29586708685BB12FFCC97D05] [13/03/2023] (.Electronic Arts, Inc..) - C:\Program Files (x86)\Origin\OriginWebHelperService.exe =>.Not verified
[077F2238BE4210BCDDA87CD5BDDB9061809F32] [10/05/2023] (.TLauncher Inc..) - C:\Users\tzahi\AppData\Roaming\.minecraft\TLauncher.exe =>.Not verified
[077F2238BE4210BCDDA87CD5BDDB9061809F32] [13/06/2023] (.TLauncher Inc..) - C:\Users\tzahi\AppData\Roaming\.tlauncher\tl-uninstall.exe =>.Not verified
[08404767E0D6C26CBD443F664AEF0A5C] [22/04/2020] (.FOXIT SOFTWARE INC..) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll
[08404767E0D6C26CBD443F664AEF0A5C] [22/04/2020] (.FOXIT SOFTWARE INC..) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll
[08404767E0D6C26CBD443F664AEF0A5C] [22/04/2020] (.FOXIT SOFTWARE INC..) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin_x64.dll
[08404767E0D6C26CBD443F664AEF0A5C] [29/04/2020] (.FOXIT SOFTWARE INC..) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe
[09105884EB959D3BC8B994F918A7B6EE] [20/10/2021] (.Oracle America, Inc..) - C:\users\tzahi\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
[0B6DF9E453CD62BAD3EEAD50A9100DCF] [02/04/2020] (.iSpring Solutions, Inc..) - C:\Program Files (x86)\Free Cam 8\freecam.exe =>.Not verified
[0BFCFAC08E216A1C1FDAA6B77BB2D66E] [13/04/2021] (.Realtek Semiconductor Corp..) - C:\WINDOWS\System32\drivers\RTKVHD64.sys
[0BFCFAC08E216A1C1FDAA6B77BB2D66E] [13/04/2021] (.Realtek Semiconductor Corp..) - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4b6fe1c4e6f1d68a\RtkAudUService64.exe
[0C067D0F436427B359B7A6BABD673873] [10/04/2022] (.Wellbia.com Co., Ltd..) - C:\WINDOWS\xhunter1.sys =>.Not verified
[0C4420483C0F11248AABBB6EA8A86E82] [08/07/2022] (.Blizzard Entertainment, Inc..) - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
[0C4420483C0F11248AABBB6EA8A86E82] [08/07/2022] (.Blizzard Entertainment, Inc..) - C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe
[0CA6A7A3916ECDE96F5EA62A34148760] [02/07/2021] (.A-Volute SAS.) - C:\WINDOWS\System32\NahimicService.exe
[0CA6A7A3916ECDE96F5EA62A34148760] [02/07/2021] (.A-Volute SAS.) - C:\WINDOWS\SysWOW64\NahimicSvc32.exe
[0D683E6AD0CDA9B4475CF8AE1D7D2133] [06/07/2022] (.BattlEye Innovations e.K..) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
[0D88C08F566D2B1F0C194DB1F8CAC9A9] [04/07/2023] (.Rockstar Games, Inc..) - C:\Program Files\Rockstar Games\Launcher\uninstall.exe =>.Not verified
[0D88C08F566D2B1F0C194DB1F8CAC9A9] [16/05/2023] (.Rockstar Games, Inc..) - C:\Program Files (x86)\Rockstar Games\Social Club\SocialClubHelper.exe =>.Not verified
[0D88C08F566D2B1F0C194DB1F8CAC9A9] [16/05/2023] (.Rockstar Games, Inc..) - C:\Program Files\Rockstar Games\Social Club\SocialClubHelper.exe =>.Not verified
[0D88C08F566D2B1F0C194DB1F8CAC9A9] [29/06/2023] (.Rockstar Games, Inc..) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe =>.Not verified
[0DFE7BA482F076DB90BCC22B2C487CBD] [15/07/2022] (.Epic Games Inc..) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
[0DFE7BA482F076DB90BCC22B2C487CBD] [29/07/2023] (.Epic Games Inc..) - C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe
[0DFE7BA482F076DB90BCC22B2C487CBD] [29/07/2023] (.Epic Games Inc..) - C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe
[0E331230525A25A7F810E53488B0AA40] [09/07/2022] (.Tencent Technology(Shenzhen) Company Limited.) - C:\WINDOWS\System32\drivers\unirsdt_temp.sys =>.Not verified
[0E331230525A25A7F810E53488B0AA40] [15/09/2022] (.Tencent Technology(Shenzhen) Company Limited.) - C:\WINDOWS\System32\drivers\Unirsdt_tmp.sys =>.Not verified
[0E8D9AB54720C0B1541F08E4B4707794] [16/06/2020] (.A-Volute.) - C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys
[0FD092438045AA3E667A4952FD8E429A] [29/07/2023] (.ALCPU (Arthur Liberman).) - C:\Users\tzahi\AppData\Local\Temp\ALSysIO64.sys
[11218F56DAFD7542D5F3D70B213E2A546CFF] [14/04/2021] (.ChongKim Chan.) - C:\WINDOWS\System32\drivers\RwDrv.sys
[20860EF8B3C48BE347F9A762] [02/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\BasicService\BasicService.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\DFSSearchUI.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\distributedfileservice.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\HiConnectivityService.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\hmdfsservice.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\HwDistributedMainService.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\HwExScreen.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\HwMdcCenter.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\HwMdcUI.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\HwMirror.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\HwOs2EC10x64.sys =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\HwPhotoViewer.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\MateBookService.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\MBAMessageCenter.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\MessageCenterUI.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\PCManager.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\ShareMenu.dll =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\UninstallGuide.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\WeLook.exe =>.Not verified
[20860EF8B3C48BE347F9A762] [26/05/2023] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\HwLcdEnhancement\LCD_Service.exe =>.Not verified
[26504E0645C8DDDC8C28CC15] [06/07/2022] (.EasyAntiCheat Oy.) - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
[26AA5AB2D49AE3FB429EB976] [01/07/2022] (.Huawei Technologies Co., Ltd..) - C:\Program Files\Huawei\HMS Core\uninst.exe
[26AA5AB2D49AE3FB429EB976] [18/05/2023] (.Huawei Technologies Co., Ltd..) - C:\Program Files\Huawei\wucs\WUCSProxyService.exe
[26AA5AB2D49AE3FB429EB976] [29/06/2022] (.Huawei Technologies Co., Ltd..) - C:\Program Files\Huawei\HMS Core\HMSCoreContainer.exe
[26AA5AB2D49AE3FB429EB976] [29/06/2022] (.Huawei Technologies Co., Ltd..) - C:\Program Files\Huawei\HMS Core\HMSCoreService.exe
[2F99F291001A5E2B570DED6E] [30/05/2023] (.Huawei Technologies Co., Ltd..) - C:\Program Files\Huawei\Hiview\HiviewService.exe =>.Not verified
[3020CDC2DB9ED0BE866D8392BB5C4D0E] [11/04/2021] (.ALCPU.) - C:\Program Files\Core Temp\Core Temp.exe
[33000003183E18830F1770AD20000000000318] [13/07/2023] (.Skype Software Sarl.) - C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe
[41C888CD480408C6A6DEFE9E] [06/06/2023] (.Huawei Device Co., Ltd..) - C:\WINDOWS\System32\drivers\virtbus.sys =>.Not verified
[420B1AD8D94118DCF821B8CBD6E142F9] [10/04/2022] (.Wellbia.com Co., Ltd..) - C:\Program Files\Common Files\UNCHEATER\ucldr_Crowz_ST.exe =>.Not verified
[47D529F44091B5185E6FAB9D3034F0DF] [06/12/2021] (.TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL).) - C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2372_gtaprocess.exe =>.Not verified
[47D529F44091B5185E6FAB9D3034F0DF] [25/03/2023] (.TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL).) - C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_b2189_gtaprocess.exe =>.Not verified
[47D529F44091B5185E6FAB9D3034F0DF] [25/03/2023] (.TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL).) - C:\users\tzahi\appdata\local\fivem\fivem.app\data\cache\subprocess\fivem_gtaprocess.exe =>.Not verified
[47D529F44091B5185E6FAB9D3034F0DF] [25/03/2023] (.TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL).) - C:\Users\tzahi\AppData\Local\FiveM\FiveM.exe =>.Not verified
[4B18D6298C19A073602B9E7B] [03/05/2022] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\dokan2a.sys =>.Not verified
[4B18D6298C19A073602B9E7B] [19/10/2021] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\PCManager\dokan2.sys =>.Not verified
[4B18D6298C19A073602B9E7B] [23/12/2020] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\Huawei OSD\OSD_Daemon.exe =>.Not verified
[4B18D6298C19A073602B9E7B] [23/12/2020] (.Huawei Device Co., Ltd..) - C:\Program Files\Huawei\Huawei OSD\uninst.exe =>.Not verified
[4B18D6298C19A073602B9E7B] [23/12/2020] (.Huawei Device Co., Ltd..) - C:\Windows\system32\RPC\OSD\osdservice.exe =>.Not verified
[4B18D6298C19A073602B9E7B] [27/03/2021] (.Huawei Device Co., Ltd..) - C:\WINDOWS\System32\HWVEAudioService.exe =>.Not verified
[51029B3B9CB48FA076FA2DA87A91DB42] [04/09/2021] (.Epic Games Inc..) - C:\ProgramData\Package Cache\{43a03b9c-4770-409c-a999-587b60700b63}\LauncherPrereqSetup_x64.exe
[56000001F46907127A1D6406CD0000000001F4] [15/07/2020] (.Intel(R) Wireless Connectivity Solutions.) - C:\WINDOWS\System32\drivers\ibtrstd.sys
[560000082B1E36C56B00276A8A00000000082B] [14/08/2020] (.Intel(R) Embedded Subsystems and IP Blocks Group.) - C:\WINDOWS\System32\DriverStore\FileRepository\heci.inf_amd64_1308ad4bd1ad0f9f\x64\TeeDriverW10x64.sys
[560000082B1E36C56B00276A8A00000000082B] [18/08/2020] (.Intel(R) Embedded Subsystems and IP Blocks Group.) - C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe
[56000008EC159857E6E9C942510000000008EC] [09/03/2021] (.Intel(R) Software and Firmware Products.) - C:\ProgramData\Package Cache\{a2c684b7-4a4b-425f-a805-1e88940804b0}\SetupChipset.exe
[5600000C970A207F2C4F00043D000000000C97] [16/06/2021] (.Intel(R) Embedded Subsystems and IP Blocks Group.) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
[722A666775DC480EA2B841413D7B8765] [13/04/2022] (.Ubisoft Entertainment Sweden AB.) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftConnect.exe
[722A666775DC480EA2B841413D7B8765] [13/04/2022] (.Ubisoft Entertainment Sweden AB.) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
[72F0C9305FD97A974DC024A6980E6886] [09/10/2020] (.WDKTestCert build,132303256403278908.) - C:\WINDOWS\System32\drivers\AppleLowerFilter.sys
[731D40AE3F3A1FB2BC3D8395] [11/06/2021] (.win.rar GmbH.) - C:\Program Files\WinRAR\Rar.exe
[731D40AE3F3A1FB2BC3D8395] [11/06/2021] (.win.rar GmbH.) - C:\Program Files\WinRAR\RarExt.dll
[731D40AE3F3A1FB2BC3D8395] [14/06/2021] (.win.rar GmbH.) - C:\Program Files\WinRAR\uninstall.exe
[738E0B963A4DB08231F49F664AF83E5B] [18/04/2017] (.Hewlett Packard.) - C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe
[738E0B963A4DB08231F49F664AF83E5B] [18/04/2017] (.Hewlett Packard.) - C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe
[75B5499C96D676A5FAE2656B351E1FD6] [23/06/2021] (.Samsung Electronics Co., Ltd..) - C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe
[786F9512D3157EFD9BA4476044E54D1E] [27/04/2010] (.Logitech.) - C:\WINDOWS\System32\drivers\WmHidLo.sys
[7AE2B5021371F092A904B6FA] [21/03/2023] (.Telegram FZ-LLC.) - C:\Users\tzahi\AppData\Roaming\Telegram Desktop\Telegram.exe =>.Not verified
[7F7A98215628D3AC30A9EA8735C1BA22] [05/09/2021] (.MAGIX Software GmbH.) - C:\VEGAS Pro 16.0\vegas160.exe
 
This is the scan report from ZHP cleaner:


~ ZHPCleaner v2023.7.31.36 by Nicolas Coolman (2023/07/31)
~ Run by tmmrcy (Administrator) (05/08/2023 13:34:26)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Illegal
~ Type : Scan
~ Report : C:\Users\tzahi\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\tzahi\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 22621)

---\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

---\ Services (0)
~ No malicious or unnecessary items found. (Service)

---\ Browser internet (1)
FOUND folder: C:\Users\tzahi\AppData\Local\Microsoft Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache

---\ Hosts file (1)
~ The hosts file is legitimate (1)

---\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

---\ Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found. (Explorer)

---\ Registry ( Key, Value, Data) (15)
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Discord [] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r [] =>Adware.Navipromo
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\Discord [URL:Discord Protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-1001157001461629108 [URL:Run game 1001157001461629108 protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-379371722685808641 [URL:Run game 379371722685808641 protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-382624125287399424 [URL:Run game 382624125287399424 protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-432980957394370572 [URL:Run game 432980957394370572 protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-475006012840083466 [URL:Run game 475006012840083466 protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-478935469887848448 [URL:Run game 478935469887848448 protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-645224472219090945 [URL:Run game 645224472219090945 protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-694907641662537798 [URL:Run game 694907641662537798 protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-770314100885422095 [URL:Run game 770314100885422095 protocol] =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-516455074-3529725477-31475253-1001\SOFTWARE\Classes\discord-800743764351254569 [URL:Run game 800743764351254569 protocol] =>.SUP.Discord
FOUND key: HKCU\Software\Discord [] =>.SUP.Discord
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Discord [Discord Inc.] =>.SUP.Discord

---\ Summary of the elements found (3)
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache
https://nicolascoolman.eu/forum/Topic/Discord-logiciel-potentiellement-superflu-lps/ =>.SUP.Discord
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Adware.Navipromo

---\ Result of repair
~ Any repair made
~ Microsoft Edge OK
~ Microsoft Internet Explorer OK

---\ Statistics
~ Items scanned : 107082
~ Items found : 16
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 10/18

---\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of search in 00h06mn49s

---\ Reports (0)
ZHPCleaner--05082023-13_41_15.txt
 
Ok. Post the Zhp diag log. Then we can get you fixed up. Attach the entire log.
 
It is incomplete. Please attach entire report. I have a fix waiting for you, I just need the entire ZHP Diag report to ensure that everything is removed. It is difficult to tell what has been removed with FRST because you post fresh FRST logs before running the fix with FRST as noted via time stamp in logs and many items remainiong that are confirmed removed with the fixlog.

If you are unable to complete a ZHP diag log in entire form then post new FRST and Addition.txt logs. I have a script waiting that will repair windows security/Defender I just need to make sure that nothing lurks on your machine.

@taimrarchy

I will be around all weekend so we can get this completed.


1691280427019.png

Attach the ZHPDIAG.txt
 
Last edited:
Status
Not open for further replies.
Top Bottom