Solved Windows Security Stopped working

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
Josh9688

Josh9688

PCHF Member
Mar 11, 2023
5
0
24
1681323929380.png

when i want to open windows security it stays like this until it closes eventually . this happedn when i tried to download a program
any help is appreciated
thanks.
 
Please read these instructions, and post the requested logs.


Information - [Prework] Please Read Before Posting

You must be Registered and Logged in to Follow this Procedure. Welcome to the PCHF Malware Removal Forums Please review the PCHF Security team Disclaimer prior to beginning your adventure through malware removal. Additionally, please read the Security Forum Guidelines before posting. Please...
pchelpforum.net pchelpforum.net
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-04-2023
Ran by El Pakhio (administrator) on DESKTOP-89GEUSA (MSI MS-7817) (12-04-2023 21:10:45)
Running from D:\New folder (2)
Loaded Profiles: El Pakhio
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2728 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files (x86)\AlbionOnline\game\Albion-Online.exe ->) (Unity Technologies ApS -> ) C:\Program Files (x86)\AlbionOnline\game\UnityCrashHandler64.exe
(C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
(C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(Discord Inc. -> Discord Inc.) C:\Users\El Pakhio\AppData\Local\Discord\app-1.0.9012\Discord.exe <6>
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21374.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe <2>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Sandbox Interactive GmbH -> ) C:\Program Files (x86)\AlbionOnline\game\Albion-Online.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (EasyAntiCheat Oy -> Epic Games, Inc) C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_5a1db089dddab6b2\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(svchost.exe ->) (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2664_none_7dfa24947c9c0a36\TiWorker.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [366960 2022-09-01] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3088752 2023-03-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2021-04-27] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4253032 2023-02-14] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [Discord] => C:\Users\El Pakhio\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32754128 2022-12-30] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [com.blitz.app] => C:\Users\El Pakhio\AppData\Local\Programs\Blitz\Blitz.exe --autostart (No File)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [453368 2022-04-29] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [MicrosoftEdgeAutoLaunch_8DADA27F4AC811977AA12428113E7BD0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4139936 2023-04-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [AudioRelay] => "C:\Program Files (x86)\AudioRelay\AudioRelay.exe" --minimized (No File)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [ut] => C:\Users\El Pakhio\AppData\Roaming\uTorrent\uTorrent.exe [2103968 2022-07-10] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [utweb] => C:\Users\El Pakhio\AppData\Roaming\uTorrent Web\utweb.exe [6418944 2023-03-27] (Rainberry Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\MountPoints2: {4062cfef-0b7f-11ed-bb1e-448a5b953110} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\MountPoints2: {a273e6e3-d129-11eb-ba86-448a5b953110} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\111.0.5563.147\Installer\chrmstp.exe [2023-03-29] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A8A25D7-F4FF-43A3-8B43-629C00381175} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {0E7C38B6-0595-491E-8CD0-08AABB4318B9} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {15A27ED7-130E-4CCE-969D-AD05DC475659} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {1772F2A1-C91C-4C1A-9B87-939BDF9EC201} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1C4977A2-2FCE-4229-BAB0-5CD17E9BD560} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4A819083-615D-4101-A0E2-528DD92BB52C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5D7C3B57-9C10-4EF2-8C46-A370D5B0FC55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {71BD20FE-64C0-4989-B35E-6F77AD2B7E52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-27] (Google LLC -> Google LLC)
Task: {7BC46F72-7633-420B-B7B1-F8159AA77FB6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {84EBEBF4-83C4-49BC-B076-3EBAA51B964C} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [417160 2021-02-27] (Alexey Nicolaychuk -> )
Task: {90A0189E-4FE2-499B-93A6-D1AA0B6D800D} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9FCAC584-5435-47B2-B20A-21FFAB80A0DF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A4F02269-5627-4C54-89FF-E9BC4D2EABE3} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [274912 2023-01-18] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {A9431A1E-43F0-4295-86BD-88E456D611EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-04-27] (Google LLC -> Google LLC)
Task: {D142D5F7-2932-4F80-8072-0B3750022150} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [791608 2021-03-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {DBDC20C4-7A30-4C74-8C40-91E8E8F2BF9A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F06639E9-BAE7-4D39-A1D2-ACEDA2FF163B} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2B44616-E682-42D3-B3FA-536FA532F507} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FC57D1A2-E2E9-42CE-A234-ECD29BF67646} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47fed84c-5e98-49eb-8e6a-ae79a373e8a1}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{53bce8e9-0ebd-4812-900c-37b487afa202}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{822927de-b124-4272-801a-ab02d77f41a7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9fb100d0-6e22-4057-b6a1-f377db5326ac}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{a93421ad-b8a1-4c65-b2bc-4ebe6d6070f3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bd3c2432-493b-448f-8c0d-62e1f0bd452a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c9587e3b-da89-4f6f-9610-9107ffb8bca9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d32da069-6d3d-422e-a7ba-a6dab3872ac3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d872b655-c99e-4bb1-b21a-69ac30bf6af5}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Profile: C:\Users\El Pakhio\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-11]
Edge Extension: (IDM Integration Module) - C:\Users\El Pakhio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2022-06-24]
Edge HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2022-05-31]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2021-05-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2021-05-12] (Oracle America, Inc. -> Oracle Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Default [2023-04-12]
CHR Notifications: Default -> hxxps://business.facebook.com; hxxps://mail.google.com; hxxps://web.whatsapp.com; hxxps://www.instagram.com
CHR Extension: (AdGuard AdBlocker) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2023-04-09]
CHR Extension: (Google Docs Offline) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-04]
CHR Extension: (Twitch Adblock) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljhnljhabgjcihjoihakgdiicdjncpkd [2022-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-27]
CHR Profile: C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-04-12]
CHR Profile: C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-04-10]
CHR Notifications: Profile 1 -> hxxps://www.youtube.com
CHR Extension: (Torrent Scanner) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-28]
CHR Profile: C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-04-09]
CHR Extension: (Torrent Scanner) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-03-07]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-04-09]
CHR Extension: (Google Docs Offline) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-02]
CHR Profile: C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-03-23]
CHR Extension: (Torrent Scanner) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-03-07]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-03-23]
CHR Extension: (Google Docs Offline) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-04]
CHR Profile: C:\Users\El Pakhio\AppData\Local\Google\Chrome\User Data\System Profile [2023-04-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103280 2022-09-01] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2022-11-07] (BattlEye Innovations e.K. -> )
R3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-03-29] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-03-11] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-06-13] (Epic Games Inc. -> Epic Games, Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [856472 2023-04-05] (McAfee, LLC -> McAfee, LLC)
R2 NativePushService; C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [755616 2022-08-25] (Wondershare Technology Group Co.,Ltd -> Wondershare)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [414456 2022-04-29] (Parsec Cloud, Inc. -> Parsec)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [226976 2023-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [11060856 2023-03-10] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_5a1db089dddab6b2\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_5a1db089dddab6b2\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [322304 2023-01-18] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 EasyAntiCheatSys; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [14515208 2023-04-12] (EasyAntiCheat Oy -> EasyAntiCheat Oy)
S3 MpKsl19029315; C:\Windows\system32\MpEngineStore\MpKslDrv.sys [137464 2022-05-28] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsl80a0bd0b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{076303BB-D09F-403C-BFD4-D7F21CEBE1AE}\MpKslDrv.sys [211208 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 UniFairy_x64; C:\Windows\system32\drivers\UniFairy_x64.sys [8182152 2022-01-09] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 unirsdt; C:\Windows\system32\drivers\unirsdt.sys [6155704 2022-01-19] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 VBAudioVACMME; C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22292248 2023-03-10] (Riot Games, Inc. -> Riot Games, Inc.)
R1 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [165744 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 VOICEMOD_Driver; C:\Windows\system32\drivers\vmdrv.sys [48136 2021-08-12] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2023-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [497920 2023-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-11] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-04-12 17:29 - 2023-04-12 17:29 - 000027048 _____ (EasyAntiCheat Oy) C:\Windows\system32\eac_usermode_2022215983951664.dll
2023-04-12 17:27 - 2023-04-12 17:27 - 000000000 ___HD C:\$WinREAgent
2023-04-11 21:30 - 2023-04-11 21:30 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2023-04-11 21:29 - 2023-04-11 22:32 - 000000000 ____D C:\Users\El Pakhio\AppData\Local\Avast Software
2023-04-11 21:28 - 2023-04-11 21:28 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\Avast Software
2023-04-11 21:26 - 2023-04-11 21:26 - 000313240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2023-04-11 21:26 - 2023-04-11 21:26 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-04-11 21:25 - 2023-04-11 21:25 - 000000000 ____D C:\Program Files\Avast Software
2023-04-11 21:24 - 2023-04-11 22:33 - 000000000 ____D C:\ProgramData\Avast Software
2023-04-11 21:24 - 2023-04-11 21:24 - 000888600 _____ (Google LLC) C:\Users\Public\Documents\gcapi.dll
2023-04-11 17:17 - 2023-04-11 17:32 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2023-04-05 16:42 - 2023-04-05 16:42 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2023-04-01 14:45 - 2023-04-01 14:45 - 000000000 ____H C:\Users\El Pakhio\Documents\Default.rdp
2023-03-23 23:45 - 2023-03-23 23:45 - 000000000 ____D C:\Windows\LastGood
2023-03-23 23:12 - 2023-03-17 19:16 - 002172512 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-03-23 23:12 - 2023-03-17 19:16 - 002172512 _____ C:\Windows\system32\vulkaninfo.exe
2023-03-23 23:12 - 2023-03-17 19:16 - 001607728 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-03-23 23:12 - 2023-03-17 19:16 - 001607728 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-03-23 23:12 - 2023-03-17 19:16 - 001487384 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-03-23 23:12 - 2023-03-17 19:16 - 001479224 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-03-23 23:12 - 2023-03-17 19:16 - 001479224 _____ C:\Windows\system32\vulkan-1.dll
2023-03-23 23:12 - 2023-03-17 19:16 - 001227312 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-03-23 23:12 - 2023-03-17 19:16 - 001211448 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-03-23 23:12 - 2023-03-17 19:16 - 001211448 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-03-23 23:12 - 2023-03-17 19:10 - 001536040 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-03-23 23:12 - 2023-03-17 19:10 - 001194544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-03-23 23:12 - 2023-03-17 19:10 - 000851480 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-03-23 23:12 - 2023-03-17 19:10 - 000671744 _____ C:\Windows\system32\nvofapi64.dll
2023-03-23 23:12 - 2023-03-17 19:10 - 000506352 _____ C:\Windows\SysWOW64\nvofapi.dll
2023-03-23 23:12 - 2023-03-17 19:09 - 001620968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-03-23 23:12 - 2023-03-17 19:09 - 000979480 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-03-23 23:12 - 2023-03-17 19:09 - 000759808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-03-23 23:12 - 2023-03-17 19:09 - 000741936 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-03-23 23:12 - 2023-03-17 19:08 - 013767144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-03-23 23:12 - 2023-03-17 19:08 - 011647536 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-03-23 23:12 - 2023-03-17 19:08 - 006083608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-03-23 23:12 - 2023-03-17 19:08 - 005911552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-03-23 23:12 - 2023-03-17 19:08 - 005834776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-03-23 23:12 - 2023-03-17 19:08 - 003429912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2023-03-23 23:12 - 2023-03-17 19:08 - 000457752 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-03-23 23:12 - 2023-03-17 19:06 - 000852976 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-03-23 23:12 - 2023-03-17 19:04 - 006796280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-03-23 23:12 - 2023-03-17 08:32 - 000104369 _____ C:\Windows\system32\nvinfo.pb
2023-03-19 16:39 - 2023-03-19 16:39 - 000027048 _____ (EasyAntiCheat Oy) C:\Windows\system32\eac_usermode_332717907522.dll
2023-03-17 21:11 - 2023-03-17 21:13 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\AnyDesk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-04-12 21:11 - 2022-07-02 15:20 - 000000000 ____D C:\FRST
2023-04-12 21:11 - 2021-04-27 21:16 - 000000000 ____D C:\Program Files (x86)\Google
2023-04-12 20:49 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-12 20:27 - 2021-04-27 21:17 - 000000000 ____D C:\Users\El Pakhio\AppData\Local\Discord
2023-04-12 19:48 - 2020-11-19 07:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-04-12 18:40 - 2022-12-07 14:06 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\zaap
2023-04-12 18:40 - 2022-12-07 14:06 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\Ankama Launcher
2023-04-12 18:39 - 2021-04-28 16:13 - 000000008 _____ C:\Users\El Pakhio\AppData\Roaming\DofusAppId0_1
2023-04-12 18:27 - 2021-04-28 16:13 - 000000117 _____ C:\Users\El Pakhio\AppData\Roaming\D2Info0
2023-04-12 17:29 - 2021-04-27 22:42 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-12 17:28 - 2020-11-19 07:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-04-12 17:28 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-12 17:28 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness
2023-04-12 17:27 - 2022-08-14 15:07 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\uTorrent Web
2023-04-12 17:27 - 2021-06-07 21:05 - 000000000 ____D C:\Users\El Pakhio\AppData\Local\CrashDumps
2023-04-12 17:27 - 2021-04-28 00:52 - 000003150 _____ C:\Windows\system32\Tasks\MSIAfterburner
2023-04-12 17:27 - 2021-04-27 21:17 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\discord
2023-04-12 17:26 - 2021-11-27 15:24 - 000000000 ____D C:\Users\El Pakhio\AppData\Local\BitTorrentHelper
2023-04-12 17:26 - 2021-11-16 16:03 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-04-12 00:21 - 2021-05-04 12:25 - 000000008 _____ C:\Users\El Pakhio\AppData\Roaming\DofusAppId0_2
2023-04-11 23:42 - 2021-04-28 16:13 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\Dofus
2023-04-11 22:44 - 2020-11-19 07:43 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-04-11 21:48 - 2021-04-27 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2023-04-11 21:48 - 2021-04-27 21:16 - 000000000 ____D C:\Program Files\7-Zip
2023-04-11 21:26 - 2019-12-07 09:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-04-11 17:42 - 2021-05-31 15:01 - 000000000 ____D C:\Users\El Pakhio\AppData\Local\ElevatedDiagnostics
2023-04-11 17:33 - 2021-04-27 23:14 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2023-04-11 17:32 - 2022-07-19 00:03 - 000000000 ____D C:\Users\El Pakhio\AppData\Local\Wondershare
2023-04-11 17:19 - 2022-07-18 23:49 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2023-04-11 17:01 - 2022-07-19 00:04 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\Wondershare
2023-04-11 16:59 - 2022-07-19 00:03 - 000000000 ____D C:\Program Files\Wondershare
2023-04-10 23:08 - 2021-04-27 21:40 - 000000000 ____D C:\Program Files (x86)\AlbionOnline
2023-04-09 19:10 - 2021-05-20 17:44 - 000000008 _____ C:\Users\El Pakhio\AppData\Roaming\DofusAppId0_3
2023-04-09 18:25 - 2021-04-30 13:22 - 000000000 ____D C:\ProgramData\Riot Games
2023-04-07 21:03 - 2021-12-13 21:02 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1884303637-1749700489-2208129876-1001
2023-04-07 21:03 - 2021-04-27 20:04 - 000003388 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1884303637-1749700489-2208129876-1001
2023-04-07 21:03 - 2021-04-27 20:00 - 000002395 _____ C:\Users\El Pakhio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-07 20:52 - 2021-04-27 21:16 - 000003714 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2023-04-07 20:52 - 2021-04-27 21:16 - 000003590 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2023-04-07 00:08 - 2022-08-11 02:24 - 000001036 _____ C:\Users\El Pakhio\Desktop\New Text Document.txt
2023-04-04 13:48 - 2022-08-14 15:07 - 000001885 _____ C:\Users\El Pakhio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2023-04-03 23:29 - 2020-11-19 07:46 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-04-03 23:29 - 2020-11-19 07:46 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-30 01:44 - 2021-04-27 22:50 - 000000000 ____D C:\Users\El Pakhio\AppData\Local\D3DSCache
2023-03-29 23:25 - 2021-04-27 21:16 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-03-29 23:25 - 2021-04-27 21:16 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-03-29 13:07 - 2022-10-08 19:59 - 000001255 _____ C:\Users\Public\Desktop\AlbionOnline.lnk
2023-03-26 21:09 - 2021-04-27 23:14 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2023-03-25 18:54 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF
2023-03-23 23:50 - 2020-11-19 07:54 - 000841126 _____ C:\Windows\system32\PerfStringBackup.INI
2023-03-23 23:49 - 2021-04-27 22:43 - 000000000 ____D C:\Users\El Pakhio\AppData\Local\NVIDIA
2023-03-23 23:02 - 2021-04-27 20:48 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-03-23 23:01 - 2021-04-27 22:43 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-23 23:01 - 2021-04-27 22:43 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-23 23:01 - 2021-04-27 22:43 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2023-03-23 23:01 - 2021-04-27 22:42 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-23 23:01 - 2021-04-27 22:42 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-23 23:01 - 2021-04-27 22:42 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-23 23:01 - 2021-04-27 22:42 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-23 23:01 - 2021-04-27 22:42 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-23 23:01 - 2021-04-27 22:42 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-23 23:01 - 2021-04-27 22:42 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-03-23 23:01 - 2021-04-27 22:42 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-03-23 23:01 - 2021-04-27 20:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-03-22 22:59 - 2021-04-27 21:17 - 000002251 _____ C:\Users\El Pakhio\Desktop\Discord.lnk
2023-03-19 18:43 - 2021-09-06 11:42 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-03-19 17:08 - 2021-04-27 20:00 - 000000000 ____D C:\Users\El Pakhio
2023-03-19 17:06 - 2021-04-27 19:56 - 000008192 ___SH C:\DumpStack.log.tmp
2023-03-19 17:06 - 2020-11-19 07:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-03-18 21:01 - 2019-12-07 09:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-03-17 20:25 - 2020-11-19 07:43 - 000613672 _____ C:\Windows\system32\FNTCACHE.DAT
2023-03-17 19:09 - 2021-12-23 20:57 - 002165744 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-03-17 19:04 - 2021-04-27 20:48 - 007933048 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2023-03-17 16:38 - 2019-12-07 09:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-03-17 16:38 - 2019-12-07 09:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-03-17 16:38 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SystemResources
2023-03-17 16:38 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\oobe
2023-03-17 16:38 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-03-17 16:38 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\bcastdvr
2023-03-17 12:56 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp
2023-03-17 12:54 - 2020-11-19 07:45 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-03-17 12:48 - 2021-04-27 20:14 - 000000000 ____D C:\Windows\system32\MRT
2023-03-17 12:46 - 2021-04-27 20:14 - 153620824 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-03-17 08:32 - 2021-04-27 20:48 - 000121880 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2023-03-16 18:17 - 2021-06-26 12:29 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\Lindo
2023-03-16 11:28 - 2021-11-18 18:17 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\Telegram Desktop
2023-03-16 10:51 - 2022-11-22 14:26 - 000000000 ____D C:\Program Files\Riot Vanguard
2023-03-15 19:39 - 2022-07-02 17:28 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\.minecraft
2023-03-15 19:38 - 2022-07-02 17:28 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\.tlauncher

==================== Files in the root of some directories ========

2021-07-31 17:39 - 2022-07-24 12:14 - 000000032 _____ () C:\Users\El Pakhio\AppData\Roaming\.machineId
2021-04-28 16:13 - 2023-04-12 18:27 - 000000117 _____ () C:\Users\El Pakhio\AppData\Roaming\D2Info0
2021-04-28 16:13 - 2023-04-12 18:39 - 000000008 _____ () C:\Users\El Pakhio\AppData\Roaming\DofusAppId0_1
2021-05-04 12:25 - 2023-04-12 00:21 - 000000008 _____ () C:\Users\El Pakhio\AppData\Roaming\DofusAppId0_2
2021-05-20 17:44 - 2023-04-09 19:10 - 000000008 _____ () C:\Users\El Pakhio\AppData\Roaming\DofusAppId0_3
2021-08-05 17:34 - 2023-01-01 14:15 - 000000008 _____ () C:\Users\El Pakhio\AppData\Roaming\DofusAppId0_4
2022-03-20 16:04 - 2022-03-20 17:43 - 000002676 _____ () C:\Users\El Pakhio\AppData\Roaming\ExaltMultiTool_Settings.bin

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-04-2023
Ran by El Pakhio (12-04-2023 21:12:52)
Running from D:\New folder (2)
Microsoft Windows 10 Pro Version 22H2 19045.2728 (X64) (2021-04-27 19:58:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1884303637-1749700489-2208129876-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1884303637-1749700489-2208129876-503 - Limited - Disabled)
El Pakhio (S-1-5-21-1884303637-1749700489-2208129876-1001 - Administrator - Enabled) => C:\Users\El Pakhio
Guest (S-1-5-21-1884303637-1749700489-2208129876-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1884303637-1749700489-2208129876-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\uTorrent) (Version: 3.5.5.46248 - BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Albion Murder Ledger (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\a473e190d6b0b745e355bf3a156731b8) (Version: 1.0 - Google\Chrome)
Albion Online (HKLM-x32\...\SandboxAlbionOnline) (Version: - Sandbox Interactive GmbH)
Ankama Launcher 3.9.5 (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\410fcd79-1be8-5bf1-986e-ea09c55f7edf) (Version: 3.9.5 - Ankama)
Apple Mobile Device Support (HKLM\...\{065D0CC8-C382-48AF-8A88-0DD3366EB26C}) (Version: 16.0.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Arturia Mellotron V (HKLM\...\Mellotron V_is1) (Version: 1.0.1.2810 - Arturia & Team V.R)
Arturia Pigments (HKLM\...\Pigments_is1) (Version: 2.0.1.837 - Arturia & Team V.R)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Assassins Creed IV Black Flag version 1.0.0.0 (HKLM-x32\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlestate Games Launcher 12.12.3.1964 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 12.12.3.1964 - Battlestate Games)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.10.110.1002 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\BlueStacks X) (Version: 0.19.26.1001 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cableguys HalfTime 1.1.6 (HKLM\...\HalfTime_is1) (Version: 1.1.6 - Cableguys)
Cymatics Origin (HKLM-x32\...\Cymatics Origin_is1) (Version: 1.0.0 - Cymatics)
Discord (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{B3DE52F7-D9AA-49EF-873F-506F76CD45B8}) (Version: 2.0.35.0 - Epic Games, Inc.)
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.13.0.1.21531 - Battlestate Games)
FabFilter Total Bundle (HKLM\...\FabFilter Total Bundle_is1) (Version: 2019.03.13 - FabFilter)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Google Chrome (HKLM\...\{943D3AC3-A94D-3ADE-B875-6CBB57908A35}) (Version: 111.0.5563.147 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iTunes (HKLM\...\{E42D1B4D-78C2-4144-8E4D-FA82C53B68A4}) (Version: 12.12.5.8 - Apple Inc.)
iZotope Vinyl (HKLM\...\Vinyl_is1) (Version: 1.8.0 - iZotope)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
LeoMoon ParsiNegar version 2.1.7 (HKLM-x32\...\LeoMoon ParsiNegar_is1) (Version: 2.1.7 - LeoMoon Studios)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.39 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\OneDriveSetup.exe) (Version: 23.061.0319.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
MSI Afterburner 4.6.3 (HKLM-x32\...\Afterburner) (Version: 4.6.3 - MSI Co., LTD)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA GeForce NOW 2.0.46.135 (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.46.135 - NVIDIA Corporation)
NVIDIA Graphics Driver 531.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 531.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Output Arcade (HKLM\...\Arcade_is1) (Version: 1.6.1.4076 - Output)
Parsec (HKLM-x32\...\Parsec) (Version: 150-82a - Parsec Cloud Inc.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
RivaTuner Statistics Server 7.3.0 (HKLM-x32\...\RTSS) (Version: 7.3.0 - Unwinder)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
Telegram Desktop (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.3.1 - Telegram FZ-LLC)
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.86 - TLauncher Inc.)
TouchEmu 4.6.2 (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\ff2800a8-82f7-55db-a750-d7c45dda3725) (Version: 4.6.2 - Prixe)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 123.2.10554 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)
uTorrent Web (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\utweb) (Version: 1.3.0 - Rainberry, Inc.)
VALORANT (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.810 - McAfee, LLC)
WinDirStat 1.1.2 (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\WinDirStat) (Version: - )
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare NativePush(Build 1.0.0.7) (HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Wondershare NativePush_is1) (Version: - )

Packages:
=========
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-23] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-07-23] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-23] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-22] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0 [2023-03-31] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1884303637-1749700489-2208129876-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_5a1db089dddab6b2\nvshext.dll [2023-03-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\El Pakhio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Albion Murder Ledger.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jdjiepofoadjkfcfappdfliaoakcfjef
ShortcutWithArgument: C:\Users\El Pakhio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\amine - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\El Pakhio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Boudaoui - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\El Pakhio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\dealz - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) =============

2022-07-19 00:04 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2022-07-19 00:04 - 2017-09-12 09:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2021-02-08 14:24 - 2021-02-08 14:24 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2021-02-08 14:24 - 2021-02-08 14:24 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2021-02-08 14:24 - 2021-02-08 14:24 - 000668160 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2021-02-08 14:24 - 2021-02-08 14:24 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2021-02-08 14:24 - 2021-02-08 14:24 - 000371712 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2021-02-27 10:49 - 2021-02-27 10:49 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2021-02-27 10:50 - 2021-02-27 10:50 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2021-02-27 10:50 - 2021-02-27 10:50 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2022-07-19 00:04 - 2017-09-12 09:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\Users\El Pakhio\AppData\Local\Microsoft:ISBD1 [33]
AlternateDataStreams: C:\Users\El Pakhio\AppData\Local\Microsoft:ISBD2 [33]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4722]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2021-05-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2021-05-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 09:14 - 2022-06-24 15:47 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

2022-09-04 14:11 - 2022-09-04 14:11 - 000000443 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\El Pakhio\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\3625225.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "Voicemod"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "electron.app.OP.GG"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "Parsec.App.0"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_8DADA27F4AC811977AA12428113E7BD0"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D7F21219-D438-492D-951E-B63F2D8955D6}C:\program files\windowsapps\spotifyab.spotifymusic_1.188.612.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.188.612.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{0489D0A1-068E-4C58-84F2-3D74FC7C904F}C:\program files\windowsapps\spotifyab.spotifymusic_1.188.612.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.188.612.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [TCP Query User{1EF3BF81-308A-41F6-9878-C7664997384A}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{5B9F973A-B174-4229-B95D-8D467A745033}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{786E6882-2354-4EDC-9016-2396111DC7C8}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{5D3A55E6-26F5-4AEE-8040-19AC0A83BE39}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{039943C3-2E82-4077-81A8-8AC657696B9D}C:\users\el pakhio\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{818D945D-8F3E-41C4-834D-0BCEDF99179E}C:\users\el pakhio\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{594F3B65-D5DD-427E-9BF5-655680D02C75}C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [UDP Query User{943FFC3B-A2E3-4C42-830B-B31BCB258916}C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8322AF33-13C2-458B-9AFD-1DD05C37C868}C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{E8209F39-2AEC-42F0-8740-10EF40D6F8C3}C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{E7C2E6BB-B750-4B06-935B-9A526941AFC7}] => (Allow) C:\Users\El Pakhio\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F2846DEB-CB22-4AD0-9936-067E4EE6819D}] => (Allow) C:\Users\El Pakhio\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1835C8E6-68E3-44CE-9DBB-3D486CCD7E90}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FBE4F8E7-8B2B-41B2-9314-BEDBEDEBE9E0}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{43BA58D3-D8D8-40D0-90C6-5ED1F4185C46}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D3BA679C-50CC-4EF5-A6BA-F772FC70E8FD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{856B650C-6ED8-49D2-B82D-B93844EA8D44}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{6AAA5358-3BE9-4087-A3B9-47160BB986F9}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [TCP Query User{AD6CF075-E25E-40EB-A474-3EB139C340E4}C:\users\el pakhio\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\el pakhio\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [UDP Query User{B5A7BD14-5A58-4089-83BD-53FC7E6D177C}C:\users\el pakhio\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\el pakhio\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [TCP Query User{60FD4247-C265-46BC-ACE3-80B16D70E3C4}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{0DA150E8-7D67-43EB-BF5A-077B8B267737}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{F5AFDCEF-9007-43D7-949C-957A950AADB8}] => (Allow) C:\Users\El Pakhio\AppData\Roaming\uTorrent Web\utweb.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{DD69E978-FD1E-44AA-81F7-388A01E69DAD}] => (Allow) C:\Users\El Pakhio\AppData\Roaming\uTorrent Web\utweb.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{E84D99E6-5316-43E2-82C4-46FE671455D7}] => (Allow) C:\Program Files (x86)\iMobie\AnyMirror\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{E5F2334D-372A-4033-B9D1-E25AC1777464}] => (Allow) C:\Program Files (x86)\iMobie\AnyMirror\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{6FD28A26-15AF-429C-96B8-8B66DBAF69BA}] => (Allow) C:\Program Files (x86)\iMobie\AnyMirror\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{ECC5514E-8F1D-485F-BE10-79F549F8D5A5}] => (Allow) C:\Program Files (x86)\iMobie\AnyMirror\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [TCP Query User{4C58580D-BF3C-4EE6-BDE4-B3BEC999000D}C:\program files (x86)\imobie\anymirror\anymirror.exe] => (Allow) C:\program files (x86)\imobie\anymirror\anymirror.exe => No File
FirewallRules: [UDP Query User{3FEDFE5B-ED04-4012-89D1-7F2059D2C065}C:\program files (x86)\imobie\anymirror\anymirror.exe] => (Allow) C:\program files (x86)\imobie\anymirror\anymirror.exe => No File
FirewallRules: [{6C4B9547-A098-4753-8AF8-261CC355E71B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BC24834A-A30B-40CD-A25B-3C2D00A6EB62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7E41142F-4A3A-4CA2-8C2C-7F6AA33E8525}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C690F933-C653-4223-BCB8-EC1A0554B03A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{136D7358-3633-4075-BF63-7EB3D6297A8F}] => (Allow) C:\Program Files (x86)\AudioRelay\AudioRelay.exe => No File
FirewallRules: [{2E34467A-71EE-4FA2-9567-C228881B6A09}] => (Allow) C:\Program Files (x86)\AudioRelay\AudioRelay.exe => No File
FirewallRules: [{06CA2B51-681C-4072-8BC3-9607A7CB655B}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C91442F7-EFF0-4F91-A09E-C9ADCD6EB85D}] => (Allow) C:\Users\El Pakhio\AppData\Roaming\TsInstTmp\20221007215105278_dl_inst_tmp.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{0E39AE64-81A1-4277-A301-92FBF3700216}] => (Allow) C:\Users\El Pakhio\AppData\Roaming\TsInstTmp\20221007215105278_dl_inst_tmp.exe (Tenorshare Co., Ltd. -> Tenorshare Co., Ltd.)
FirewallRules: [{BB6DCF4F-9ACB-4EF7-8917-9DA9A02D9E1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{68A2AD07-43FD-455E-800B-9E21F02BC34E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{1F0EB614-3CB0-4E7E-97AA-40E5F7CEC477}C:\users\el pakhio\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{E5E9FEE9-E1F3-47D9-9FB5-B18CFC45EE5F}C:\users\el pakhio\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{04271F1D-9BA3-47AC-AF1E-ABEBA436405B}C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{D482AFA4-6E14-4299-996F-003C0E558C7F}C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{CD6C14F5-571F-4686-ADB9-D5CC724B4717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. -> Blue Mammoth Games)
FirewallRules: [{4B9C29CD-E0B0-435F-8870-1CEFA1E1286A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe (UBISOFT ENTERTAINMENT INC. -> Blue Mammoth Games)
FirewallRules: [{0A1029A9-E803-4F87-A459-CF0B21EC4483}] => (Allow) D:\SteamLibrary\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [{F2ABD997-9F72-4A50-BBED-A7FBF64D5C62}] => (Allow) D:\SteamLibrary\steamapps\common\Real Pool 3D\Poolians.exe () [File not signed]
FirewallRules: [TCP Query User{D94F7FAE-EB18-4A59-81AA-6CC1B5E73C16}C:\users\el pakhio\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\el pakhio\appdata\roaming\utorrent web\utweb.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{E54789FD-2C9D-4FC4-A0A3-3874CA69D2E2}C:\users\el pakhio\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\el pakhio\appdata\roaming\utorrent web\utweb.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{CA7176E4-F10C-43BE-928E-AAFF98021175}] => (Allow) D:\SteamLibrary\steamapps\common\Divine Knockout\DivineKnockout.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C162ED03-D172-487A-A25F-4376C7F8FA7E}] => (Allow) D:\SteamLibrary\steamapps\common\Divine Knockout\DivineKnockout.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{B6E67AEC-3B01-4257-AFA0-E4A0D4963ED4}] => (Allow) D:\SteamLibrary\steamapps\common\Dark and Darker Playtest\DungeonCrawler.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{B0D33D00-1C15-47ED-95A5-A6ACDE1DBE68}] => (Allow) D:\SteamLibrary\steamapps\common\Dark and Darker Playtest\DungeonCrawler.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{94D2C7C3-8BB1-481F-8D4D-84D6BD602790}D:\new folder (2)\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) D:\new folder (2)\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe (Fancy Games) [File not signed]
FirewallRules: [UDP Query User{D2DB1FCE-0BA1-471A-9D64-B618CBEDD3DE}D:\new folder (2)\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) D:\new folder (2)\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe (Fancy Games) [File not signed]
FirewallRules: [TCP Query User{E5B91BB4-0130-402A-BC39-EEF8A0DEAB26}C:\users\el pakhio\desktop\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) C:\users\el pakhio\desktop\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [UDP Query User{AB3E7EDA-29BD-48AD-A3C9-F0B4307F5BA6}C:\users\el pakhio\desktop\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) C:\users\el pakhio\desktop\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [{DD93BF58-E5AC-43F2-B4B3-15D8971463B7}] => (Allow) D:\SteamLibrary\steamapps\common\EscapeTheBackrooms\Backrooms.exe => No File
FirewallRules: [{BFAC3860-20BE-4A07-AD84-203D2665FE36}] => (Allow) D:\SteamLibrary\steamapps\common\EscapeTheBackrooms\Backrooms.exe => No File
FirewallRules: [TCP Query User{8A40C9AE-2BD1-4FD8-BB0D-EF6197CB4774}D:\steamlibrary\steamapps\common\escapethebackrooms\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\escapethebackrooms\backrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [UDP Query User{01F81D8A-656C-495E-8F02-8D10E459DAA5}D:\steamlibrary\steamapps\common\escapethebackrooms\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\escapethebackrooms\backrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [TCP Query User{3AE2CB52-86EA-4CE3-A683-B3BE44846EF2}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D795604D-08DF-48A4-81F2-85FF26345603}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{B601C8CA-11B7-42B1-9011-0EB4C7A67353}] => (Allow) D:\GAMES\BsgLauncher\BsgLauncher.exe (BATTLESTATE GAMES LIMITED -> Battlestate Games)
FirewallRules: [{0BAB0B85-7214-44B6-8DDC-38A8A3E0386A}] => (Allow) D:\GAMES\BsgLauncher\BsgLauncher.exe (BATTLESTATE GAMES LIMITED -> Battlestate Games)
FirewallRules: [TCP Query User{A2ECF8FF-1C7A-49D3-AE12-14A8BDBD7173}D:\games\bsglauncher\bsglauncher.exe] => (Allow) D:\games\bsglauncher\bsglauncher.exe (BATTLESTATE GAMES LIMITED -> Battlestate Games)
FirewallRules: [UDP Query User{4B163B98-E3B5-4526-AB33-BCE69F7AB7F7}D:\games\bsglauncher\bsglauncher.exe] => (Allow) D:\games\bsglauncher\bsglauncher.exe (BATTLESTATE GAMES LIMITED -> Battlestate Games)
FirewallRules: [{9646A45E-46A5-4607-97C3-96D8945022F6}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.)
FirewallRules: [{0969300A-AD11-4FB4-8864-FBEFA3805D2F}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Bluestack Systems, Inc -> COMPANY NAME)
FirewallRules: [{C3F8FBB5-B40F-4DBC-8F95-D3D1EE5D5912}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems)
FirewallRules: [{2941A46B-E4E8-4F61-8D86-4D8A33676F96}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Bluestack Systems, Inc -> The Qt Company Ltd.)
FirewallRules: [TCP Query User{8ECA4864-BDA7-4D3A-8959-5A4B7058C69D}D:\new folder (2)\new folder (3)\lindo.exe] => (Allow) D:\new folder (2)\new folder (3)\lindo.exe (Zenoxs) [File not signed]
FirewallRules: [UDP Query User{7E24D4C6-5FBB-40AF-9E61-8B28C5EB924D}D:\new folder (2)\new folder (3)\lindo.exe] => (Allow) D:\new folder (2)\new folder (3)\lindo.exe (Zenoxs) [File not signed]
FirewallRules: [TCP Query User{4978D481-984F-457E-A546-F8BD9355F830}D:\new folder (2)\new folder (3)\lindo.exe] => (Allow) D:\new folder (2)\new folder (3)\lindo.exe (Zenoxs) [File not signed]
FirewallRules: [UDP Query User{D388BE20-E979-495B-B493-D162A2E025CC}D:\new folder (2)\new folder (3)\lindo.exe] => (Allow) D:\new folder (2)\new folder (3)\lindo.exe (Zenoxs) [File not signed]
FirewallRules: [{B236437E-9F83-4CC0-97B8-F9AE0FD4E334}] => (Allow) D:\SteamLibrary\steamapps\common\FPS Chess\FPSChess.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{5261BFD7-6507-4F0D-8B26-37597F3F6125}] => (Allow) D:\SteamLibrary\steamapps\common\FPS Chess\FPSChess.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{0BAFF9CF-1718-4AFB-9FF9-970538DDF005}] => (Allow) D:\SteamLibrary\steamapps\common\Dark and Darker Demo\DungeonCrawler.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{932CCB9D-9CD2-494A-A5BF-9BEF7B6DB90E}] => (Allow) D:\SteamLibrary\steamapps\common\Dark and Darker Demo\DungeonCrawler.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{1AA25025-C0AA-4C33-8F62-1693DBFE3033}D:\new folder (2)\anydesk.exe] => (Allow) D:\new folder (2)\anydesk.exe => No File
FirewallRules: [UDP Query User{5351A139-1DDE-4A6F-9597-1D8C72F980F0}D:\new folder (2)\anydesk.exe] => (Allow) D:\new folder (2)\anydesk.exe => No File
FirewallRules: [{BD9082DD-9CC9-4A84-9495-A0B652D9A7BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{611B1F29-6BB7-40D6-8725-3AB127ECB5D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{E5AF4CC0-E8D3-493B-9284-D7201BC13094}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{159DE0A4-5C6B-49AD-9914-E21916E96B2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9710D28C-87DE-48B0-8F64-E7E62E0325D1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C0F7D6AB-11FD-4977-88E4-4F8577EFE19B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{F675FA68-FBB6-4E99-AA8A-1534BFC54FB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{E582B216-F61A-4E05-89D5-F7FB3E6C73C9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{184DC127-0F2B-45C1-8DD4-DD591B85D93B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{C7A2290F-CFA3-409C-812D-A29BB99CF478}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{9CBDD9F9-C8C8-4F3D-8EC1-92223C9D5681}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{96C70670-06F5-42D2-8C3C-65CF01F9AE85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{F5FEE7F8-0DEC-46AF-B2F1-F9CCE123A80A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{84D5BCA3-F66F-4C41-90C7-24D4B187289B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{C4E4E185-B148-4AFD-82B7-90650FBC372A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{26E25327-114D-4A4E-8D8B-ACBCD4107EF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{7BCB844E-763F-45FF-8309-313C2D6D4C9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{C11D283D-153D-4E2B-89ED-7226C7E22EB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{6C312CF7-BE8B-4728-BC98-483AF86FECEF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [TCP Query User{8D9FA2CD-D6F3-468D-ADF7-6A61299CF6F1}C:\users\el pakhio\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\el pakhio\appdata\local\discord\app-1.0.9012\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [UDP Query User{33D8979E-B6A7-4A79-ABFF-B490B64F6533}C:\users\el pakhio\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\el pakhio\appdata\local\discord\app-1.0.9012\discord.exe (Discord Inc. -> Discord Inc.)
FirewallRules: [{1AC1EB87-3053-43EA-A4C9-9EAC84DFD028}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{74916CB7-134A-4320-82CF-6D80479727BD}C:\users\el pakhio\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Allow) C:\users\el pakhio\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [UDP Query User{EED373D1-161C-4757-987D-E4B13BCC66D0}C:\users\el pakhio\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Allow) C:\users\el pakhio\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)

==================== Restore Points =========================

09-04-2023 18:58:11 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/12/2023 06:26:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3ff8

Start Time: 01d96d6c23305477

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

Report Id: 5e2d1e2a-902a-4d7f-a926-92abd4271733

Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy

Faulting package-relative application ID: SecHealthUI

Hang type: Cross-thread

Error: (04/12/2023 05:27:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utweb.exe, version: 1.3.0.5663, time stamp: 0x642204dc
Faulting module name: ntdll.dll, version: 10.0.19041.2364, time stamp: 0xea5711f3
Exception code: 0xc0000005
Fault offset: 0x0005f693
Faulting process id: 0x2b94
Faulting application start time: 0x01d96d63f0df4dcc
Faulting application path: C:\Users\El Pakhio\AppData\Roaming\uTorrent Web\utweb.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5c26666c-48f6-451a-859f-83b088937b32
Faulting package full name:
Faulting package-relative application ID:

Error: (04/11/2023 09:24:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 37d8

Start Time: 01d96cbbe312a41a

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

Report Id: 4d110bce-b250-40ff-9b8e-1a17879d5772

Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy

Faulting package-relative application ID: SecHealthUI

Hang type: Cross-thread

Error: (04/11/2023 09:23:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utweb.exe, version: 1.3.0.5663, time stamp: 0x642204dc
Faulting module name: ntdll.dll, version: 10.0.19041.2364, time stamp: 0xea5711f3
Exception code: 0xc0000005
Fault offset: 0x0005f693
Faulting process id: 0x1514
Faulting application start time: 0x01d96cbbdae5a9b6
Faulting application path: C:\Users\El Pakhio\AppData\Roaming\uTorrent Web\utweb.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 57e70671-a93d-44f1-aa9e-1cb1166091a1
Faulting package full name:
Faulting package-relative application ID:

Error: (04/11/2023 05:36:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5654

Start Time: 01d96c9c0ab523fc

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

Report Id: 1913ccbb-22e1-4517-8e42-b1aed47c4089

Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy

Faulting package-relative application ID: SecHealthUI

Hang type: Cross-thread

Error: (04/11/2023 05:35:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5760

Start Time: 01d96c9be40abad6

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

Report Id: bcb8ec18-a4ec-4688-9b33-e2a0d9c95873

Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy

Faulting package-relative application ID: SecHealthUI

Hang type: Cross-thread

Error: (04/11/2023 05:33:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5120

Start Time: 01d96c9b83029dfa

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

Report Id: 77021ce2-419a-4e7e-92ef-c8e330492f5a

Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1865_neutral__cw5n1h2txyewy

Faulting package-relative application ID: SecHealthUI

Hang type: Cross-thread

Error: (04/11/2023 05:18:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: perf_check.exe, version: 3.0.127.0, time stamp: 0x63a42573
Faulting module name: igdrcl64.dll, version: 20.19.15.4531, time stamp: 0x57ed260c
Exception code: 0xc0000005
Fault offset: 0x000000000007a74a
Faulting process id: 0x3ad0
Faulting application start time: 0x01d96c99aed6ee0f
Faulting application path: C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\perf_check.exe
Faulting module path: C:\Windows\SYSTEM32\igdrcl64.dll
Report Id: 59bd083b-e2a7-40ac-9174-4fb7fb1af6d2
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (04/04/2023 04:50:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-89GEUSA)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (04/04/2023 04:50:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-89GEUSA)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.

Error: (04/02/2023 02:56:19 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/02/2023 02:56:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-89GEUSA)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_210a7077 with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell

Error: (04/02/2023 02:56:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GameDVR and Broadcast User Service_210a7077 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/02/2023 02:56:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GameDVR and Broadcast User Service_210a7077 service to connect.

Error: (03/30/2023 06:35:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic.

Error: (03/30/2023 06:32:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.


Windows Defender:
================
Date: 2023-04-11 17:31:13
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Packunwan
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\El Pakhio\AppData\Local\Temp\Wondershare Filmora Uninstaller\FFWsUpgrade.dll; file:_C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\FFWsUpgrade.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\ELPAKH~1\AppData\Local\Temp\Wondershare Filmora Uninstaller\FilmoraUninstaller.exe
Security intelligence Version: AV: 1.387.695.0, AS: 1.387.695.0, NIS: 1.387.695.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-11 17:31:04
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Packunwan
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\FFWsUpgrade.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\ELPAKH~1\AppData\Local\Temp\_iu14D2N.tmp
Security intelligence Version: AV: 1.387.695.0, AS: 1.387.695.0, NIS: 1.387.695.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-11 17:28:26
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Woreflint.A!cl
Severity: Severe
Category: Trojan
Path: file:_C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\FExportView.dll; file:_C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\FFWsRegister.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\Patch.exe
Security intelligence Version: AV: 1.387.695.0, AS: 1.387.695.0, NIS: 1.387.695.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-11 17:28:20
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Woreflint.A!cl
Severity: Severe
Category: Trojan
Path: file:_C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\FExportView.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\Patch.exe
Security intelligence Version: AV: 1.387.695.0, AS: 1.387.695.0, NIS: 1.387.695.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-11 17:28:16
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Packunwan
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\FFWsUpgrade.dll; file:_C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\FMediaLibraryView.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\El Pakhio\AppData\Local\Wondershare\Wondershare Filmora\12.0.12.1450\Patch.exe
Security intelligence Version: AV: 1.387.695.0, AS: 1.387.695.0, NIS: 1.387.695.0
Engine Version: AM: 1.1.20200.4, NIS: 1.1.20200.4

CodeIntegrity:
===============
Date: 2023-04-12 20:59:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2023-04-12 20:46:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.4 02/20/2014
Motherboard: MSI H81M-P33 (MS-7817)
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 51%
Total physical RAM: 16328.03 MB
Available physical RAM: 7933.59 MB
Total Virtual: 17352.03 MB
Available Virtual: 3459.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.64 GB) (Free:10.68 GB) (Model: TOSHIBA THNSNJ128GCSU) NTFS
Drive d: (Local Disk) (Fixed) (Total:465.76 GB) (Free:121.31 GB) (Model: TOSHIBA DT01ACA050) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{bc0083ff-a197-440d-9433-c835a70027b9}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{14b6c356-187b-46f9-9c1d-a06e380c25e4}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0E7A4E8A)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 4CF7D762)

Partition: GPT.

==================== End of Addition.txt =======================
 
Adware Cleaner




  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exeand select, Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please Attach the contents of that log into your next reply to me
Download Malwarebytes v.4 . Install and run.
  • Once the MBAM dashboard opens, click on Settings (gear icon).
  • Click on Security tab and make sure that all four Scan options are enabled.
  • Close Settings and click on the Scan button on the dashboard.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
  • If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.
 
Please run these tools to allow me some time to look over your logs. :)
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-13-2023
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.2728)
# Cleaned: 8
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Tencent
Deleted C:\Users\El Pakhio\AppData\Local\Tencent
Deleted C:\Users\El Pakhio\AppData\Roaming\Tencent
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

Deleted cpphicholibkljkoddjfoiphjpccmhkn

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1968 octets] - [13/04/2023 02:13:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/13/23
Scan Time: 2:18 AM
Log File: 8c058aba-d9a1-11ed-8527-448a5b953110.json

-Software Information-
Version: 4.5.26.259
Components Version: 1.0.1976
Update Package Version: 1.0.67923
License: Trial

-System Information-
OS: Windows 10 (Build 19045.2728)
CPU: x64
File System: NTFS
User: DESKTOP-89GEUSA\El Pakhio

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 294467
Threats Detected: 14
Threats Quarantined: 14
Time Elapsed: 2 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
PUP.Optional.ByteFence, HKLM\SOFTWARE\CLASSES\*\SHELL\ByteFence File Scan, Quarantined, 7064, 391313, 1.0.67923, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELL\ByteFence Folder Scan, Quarantined, 7064, 823186, 1.0.67923, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\ByteFence, Quarantined, 7064, 388723, 1.0.67923, , ame, , ,
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\ByteFence, Quarantined, 7064, 388723, 1.0.67923, , ame, , ,
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ByteFenceService, Quarantined, 7064, 389039, 1.0.67923, , ame, , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.ByteFence, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ByteFence Anti-Malware, Quarantined, 7064, 823168, 1.0.67923, , ame, , ,
PUP.Optional.GetMyDrivers, C:\Users\El Pakhio\AppData\Roaming\GetMyDrivers\InstallerLogs, Quarantined, 10897, 665595, , , , , ,
PUP.Optional.GetMyDrivers, C:\USERS\EL PAKHIO\APPDATA\ROAMING\GETMYDRIVERS, Quarantined, 10897, 665595, 1.0.67923, , ame, , ,
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE, Quarantined, 7064, 823167, 1.0.67923, , ame, , ,

File: 5
PUP.Optional.GetMyDrivers, C:\Users\El Pakhio\AppData\Roaming\GetMyDrivers\InstallerLogs\StatusLog2021_9_26_17_18.log, Quarantined, 10897, 665595, , , , , 9F51F3FF00E19E9CCA01824C7B01938C, D3F7FA452570BD0192808C0A9F818BEBFBCD7FDE6EBDEA6C496D77B79BE2E282
Malware.AI.4250793954, C:\USERS\EL PAKHIO\APPDATA\LOCAL\TEMP\WONDERSHARE FILMORA UNINSTALLER\FFWSUPGRADE.DLL, Quarantined, 1000000, -44173342, 1.0.67923, F9A8399F098936FBFD5DF7E2, dds, 02250724, 4BE5AEFEA4684E2A2403A03D3C7503BB, BBDFBD50EC24F1088EA339AD5350211F34ECD6CFB59BEDCFEED47F5A783694C6
PUP.Optional.BundleInstaller, C:\USERS\EL PAKHIO\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_46304.EXE, Quarantined, 118, 1082103, 1.0.67923, , ame, , DC207CC725BA775FE9A5D7FD3ABBF0D1, 8CE54612B6BA168908343FC29C89C6D4CADBB05BAB38B87876FF9FB3E98B4E4E
PUP.Optional.GetMyDrivers, D:\NEW FOLDER (2)\GETMYDRIVERSSETUP.EXE, Quarantined, 10897, 666250, 1.0.67923, , ame, , 0F21221A5AFDA17F43E950ADAB3A6D29, 882718338DBF9B5FF66470F00D767217FD1F0B3CDB4EBD714FE3435A8705C6A7
PUP.Optional.BundleInstaller, D:\NEW FOLDER (2)\UTORRENT.EXE, Quarantined, 118, 1090108, 1.0.67923, , ame, , 007857E1CD5E960FEA0416B2EF54534D, 4C7F671006C954103B076F46DA7E2DA23669DA27A9E55B6AC268D071F8C90B86

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 
@Josh9688

Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code: 
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [com.blitz.app] => C:\Users\El Pakhio\AppData\Local\Programs\Blitz\Blitz.exe --autostart (No File)
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\Run: [AudioRelay] => "C:\Program Files (x86)\AudioRelay\AudioRelay.exe" --minimized (No File)
2023-04-11 21:30 - 2023-04-11 21:30 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2023-04-11 21:29 - 2023-04-11 22:32 - 000000000 ____D C:\Users\El Pakhio\AppData\Local\Avast Software
2023-04-11 21:28 - 2023-04-11 21:28 - 000000000 ____D C:\Users\El Pakhio\AppData\Roaming\Avast Software
2023-04-11 21:26 - 2023-04-11 21:26 - 000313240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2023-04-11 21:26 - 2023-04-11 21:26 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-04-11 21:25 - 2023-04-11 21:25 - 000000000 ____D C:\Program Files\Avast Software
2023-04-11 21:24 - 2023-04-11 22:33 - 000000000 ____D C:\ProgramData\Avast Software
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
S3 UniFairy_x64; C:\Windows\system32\drivers\UniFairy_x64.sys [8182152 2022-01-09] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 unirsdt; C:\Windows\system32\drivers\unirsdt.sys [6155704 2022-01-19] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
C:\Windows\system32\drivers\unirsdt.sys
C:\Windows\system32\drivers\UniFairy_x64.sys
Folder: C:\Program Files (x86)\Internet Download
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{47fed84c-5e98-49eb-8e6a-ae79a373e8a1}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{53bce8e9-0ebd-4812-900c-37b487afa202}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{822927de-b124-4272-801a-ab02d77f41a7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9fb100d0-6e22-4057-b6a1-f377db5326ac}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{a93421ad-b8a1-4c65-b2bc-4ebe6d6070f3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bd3c2432-493b-448f-8c0d-62e1f0bd452a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c9587e3b-da89-4f6f-9610-9107ffb8bca9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d32da069-6d3d-422e-a7ba-a6dab3872ac3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d872b655-c99e-4bb1-b21a-69ac30bf6af5}: [DhcpNameServer] 192.168.1.1
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\MountPoints2: {4062cfef-0b7f-11ed-bb1e-448a5b953110} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1884303637-1749700489-2208129876-1001\...\MountPoints2: {a273e6e3-d129-11eb-ba86-448a5b953110} - "E:\HiSuiteDownLoader.exe"
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\system32\drivers\etc\hosts
Hosts:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{D7F21219-D438-492D-951E-B63F2D8955D6}C:\program files\windowsapps\spotifyab.spotifymusic_1.188.612.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.188.612.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{0489D0A1-068E-4C58-84F2-3D74FC7C904F}C:\program files\windowsapps\spotifyab.spotifymusic_1.188.612.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.188.612.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [TCP Query User{594F3B65-D5DD-427E-9BF5-655680D02C75}C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [UDP Query User{943FFC3B-A2E3-4C42-830B-B31BCB258916}C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\el pakhio\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [TCP Query User{AD6CF075-E25E-40EB-A474-3EB139C340E4}C:\users\el pakhio\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\el pakhio\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [UDP Query User{B5A7BD14-5A58-4089-83BD-53FC7E6D177C}C:\users\el pakhio\appdata\local\discord\app-1.0.9005\discord.exe] => (Allow) C:\users\el pakhio\appdata\local\discord\app-1.0.9005\discord.exe => No File
FirewallRules: [{E84D99E6-5316-43E2-82C4-46FE671455D7}] => (Allow) C:\Program Files (x86)\iMobie\AnyMirror\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{E5F2334D-372A-4033-B9D1-E25AC1777464}] => (Allow) C:\Program Files (x86)\iMobie\AnyMirror\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{6FD28A26-15AF-429C-96B8-8B66DBAF69BA}] => (Allow) C:\Program Files (x86)\iMobie\AnyMirror\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{ECC5514E-8F1D-485F-BE10-79F549F8D5A5}] => (Allow) C:\Program Files (x86)\iMobie\AnyMirror\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [TCP Query User{4C58580D-BF3C-4EE6-BDE4-B3BEC999000D}C:\program files (x86)\imobie\anymirror\anymirror.exe] => (Allow) C:\program files (x86)\imobie\anymirror\anymirror.exe => No File
FirewallRules: [UDP Query User{3FEDFE5B-ED04-4012-89D1-7F2059D2C065}C:\program files (x86)\imobie\anymirror\anymirror.exe] => (Allow) C:\program files (x86)\imobie\anymirror\anymirror.exe => No File
FirewallRules: [{136D7358-3633-4075-BF63-7EB3D6297A8F}] => (Allow) C:\Program Files (x86)\AudioRelay\AudioRelay.exe => No File
FirewallRules: [{2E34467A-71EE-4FA2-9567-C228881B6A09}] => (Allow) C:\Program Files (x86)\AudioRelay\AudioRelay.exe => No File
FirewallRules: [TCP Query User{E5B91BB4-0130-402A-BC39-EEF8A0DEAB26}C:\users\el pakhio\desktop\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) C:\users\el pakhio\desktop\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [UDP Query User{AB3E7EDA-29BD-48AD-A3C9-F0B4307F5BA6}C:\users\el pakhio\desktop\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) C:\users\el pakhio\desktop\escape.the.backrooms.build.9309810\escape.the.backrooms.build.9309810\backrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [{DD93BF58-E5AC-43F2-B4B3-15D8971463B7}] => (Allow) D:\SteamLibrary\steamapps\common\EscapeTheBackrooms\Backrooms.exe => No File
FirewallRules: [{BFAC3860-20BE-4A07-AD84-203D2665FE36}] => (Allow) D:\SteamLibrary\steamapps\common\EscapeTheBackrooms\Backrooms.exe => No File
FirewallRules: [TCP Query User{8A40C9AE-2BD1-4FD8-BB0D-EF6197CB4774}D:\steamlibrary\steamapps\common\escapethebackrooms\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\escapethebackrooms\backrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [UDP Query User{01F81D8A-656C-495E-8F02-8D10E459DAA5}D:\steamlibrary\steamapps\common\escapethebackrooms\backrooms\binaries\win64\backrooms-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\escapethebackrooms\backrooms\binaries\win64\backrooms-win64-shipping.exe => No File
FirewallRules: [TCP Query User{1AA25025-C0AA-4C33-8F62-1693DBFE3033}D:\new folder (2)\anydesk.exe] => (Allow) D:\new folder (2)\anydesk.exe => No File
FirewallRules: [UDP Query User{5351A139-1DDE-4A6F-9597-1D8C72F980F0}D:\new folder (2)\anydesk.exe] => (Allow) D:\new folder (2)\anydesk.exe => No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\Users\El Pakhio\AppData\Local\Microsoft:ISBD1 [33]
AlternateDataStreams: C:\Users\El Pakhio\AppData\Local\Microsoft:ISBD2 [33]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4722]
VirusTotal: C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: ipconfig /flushdns
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::
 
Status
Not open for further replies.
Top Bottom