Hi everyone,
I noticed recently there are random PowerShell and CMD popups. Then Microsoft Defender Antivirus detected something called Trojan:PowerShell/Malgent.
Also PowerShell always running in background with high CPU%. And "Event Viewer" shows thousands of these entries
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Version 5.1 -s -NoLogo -NoProfile
Please see attached pictures.
Below are the FRST.txt and Addition.txt logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22.05.2024 01
Ran by Alexandra (administrator) on ALEX (Dell Inc. Inspiron 3543) (28-05-2024 20:11:35)
Running from C:\Users\Alexandra\Desktop\FRST64.exe
Loaded Profiles: Alexandra & Administrator
Platform: Microsoft Windows 10 Home Single Language Version 22H2 19045.4412 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\audit\TelemetryUtility.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.CoreServices.Client.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\91.0.2.0\crashpad_handler.exe
(C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <2>
(explorer.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (The qBittorrent Project) [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(explorer.exe ->) (Wistron Corporation -> Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <19>
(nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(services.exe ->) (@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (GoPro Media, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(services.exe ->) (GZ Systems Limited -> ) C:\Program Files (x86)\Ivacy\Atom\AtomService\Atom.SDK.WindowsService.exe
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Sony Corporation -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2402.12017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2403.6.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2419.11.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (CAFC46F7-1785-4D22-8843-62BB23E99ACE -> ) C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.155.0_x64__pwbj9vvecjh7j\PrimeVideo.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.60911.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsMaps_11.2403.4.0_x64__8wekyb3d8bbwe\Maps.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.3191.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.3191.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2403.5.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> AdobeGenP.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AtwtusbIcon] => C:\WINDOWS\SYSTEM32\AtwtusbIcon.exe [3593728 2012-09-10] () [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [600496 2015-07-07] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Wistron Corporation -> Dell Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1690368 2022-07-22] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Nearby Share] => C:\Program Files\Google\NearbyShare\nearby_share_launcher.exe [1185568 2024-04-17] (Google LLC -> Google)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2024-04-22] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [7604128 2024-05-28] (Adobe Inc. -> Adobe Systems Inc.) [File not signed]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3002048 2017-02-07] (Sony Corporation -> Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Run: [31189E638F1DDF5F5610FE033AD84FA898743FD3._service_run] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8 [2779936 2024-05-23] (Google LLC -> Google LLC)
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Run: [qBittorrent] => C:\Program Files\qBittorrent\qbittorrent.exe [32302080 2024-05-26] (The qBittorrent Project) [File not signed]
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Run: [SmartSwitchPDLR.exe] => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe [1123648 2024-04-16] (Samsung Electronics Co., Ltd. -> Samsung)
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [1126568 2021-05-28] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Run: [MicrosoftEdgeAutoLaunch_BF8F2EA0426A481DEAE7168D29A75B4B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4136912 2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Run: [Samsung DeX] => C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe [10071360 2023-02-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\MountPoints2: {190c95c0-398d-11ec-8438-74e6e241499a} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [154112 2024-04-27] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3154358939-2545289201-4114463858-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4136912 2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3154358939-2545289201-4114463858-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-20] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3154358939-2545289201-4114463858-500\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3154358939-2545289201-4114463858-500\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-20] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MG2400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBW.DLL [30208 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\SYSTEM32\AdobePDF.dll [203936 2024-05-12] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2400 series: C:\WINDOWS\SYSTEM32\CNMLMBW.DLL [391168 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2400 series XPS: C:\WINDOWS\SYSTEM32\CNMXLMBW.DLL [393728 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\WINDOWS\SYSTEM32\CNAS0MOK.DLL [1006080 2012-08-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON Stylus Pro 4880 64MonitorBE: C:\WINDOWS\SYSTEM32\E_ILMCRE.DLL [108032 2008-08-08] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\FPR10:: C:\WINDOWS\SYSTEM32\fpmon10-x64.dll [227816 2019-09-23] (FinePrint Software, LLC -> FinePrint Software, LLC)
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\SYSTEM32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\125.0.6422.113\Installer\chrmstp.exe [2024-05-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\BtwCP.dll [2015-07-27] (Broadcom Corporation -> Broadcom Corporation.)
IFEO\vdsldr.exe: [Debugger] cmd /q Skip TPM Check on Dynamic Update © AveYo, 2021 /d/x/r>nul (erase /f/s/q %systemdrive%\$windows.~bt\appraiserres.dll&md 11&cd 11&ren vd.exe vdsldr.exe&robocopy "../" "./" "vdsldr.exe"&ren vdsldr.exe vd.exe&start vd -Embedding)&rem;
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2019-09-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot" could not be unlocked. <==== ATTENTION
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
Task: {129408D1-4733-4698-833F-3B77C0E01EF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {AE659A13-6539-4042-BAB8-04A21CA83C5D} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {316175A5-EC78-4094-8C47-00EE1AADF5E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {B4DF6217-735F-42C3-91BC-30A9C924441C} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {D5D9AAF1-7971-4384-A9A5-085C0236DA5C} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [752136 2020-10-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {6F5BABBB-8F34-493A-8EF8-9A9362A9F117} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5672240 2024-04-27] (Microsoft Windows -> Microsoft Corporation)
Task: {C67AFC50-5BB1-4D26-8188-4D1D2E4A3EDF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [964936 2024-04-25] (Dell Technologies Inc. -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {EBB48042-A056-488B-8E58-C12D35A8BB2B} - System32\Tasks\Google\Quick Share Relaunch => C:\Program Files\Google\NearbyShare\nearby_share_launcher.exe [1185568 2024-04-17] (Google LLC -> Google)
Task: {46BE6B49-0A62-43CB-83D0-4EC242ED597F} - System32\Tasks\Google\Quick Share Update Shortcuts => C:\Program Files\Google\NearbyShare\nearby_config.exe [1330976 2024-04-17] (Google LLC -> )
Task: {7B2CB435-8A3B-4F21-9456-C5ED2A7308C2} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{F4999276-522E-4BB3-995B-2B0EBB17534C} => C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
Task: {691804B1-EACB-4F73-8D09-DB5FE900FEB4} - System32\Tasks\HPCustParticipation HP DeskJet 2300 series => C:\Program Files\HP\HP DeskJet 2300 series\Bin\HPCustPartic.exe [6733472 2021-11-06] (HP Inc. -> HP Inc.)
Task: {0CCD866C-EC96-421F-9BCA-19C19FF0410C} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel® Corporation)
Task: {657FCD28-E534-43CB-AE0B-D9120330EED6} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {95BE100A-C2FC-4CFC-978B-F773F224B4A8} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {63199B86-7218-4549-8EC4-9EFF7AA63232} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {B21C22E9-0D73-4C46-A181-080047EBFE0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C6E436D-BFAD-4523-9A9B-A7EF20C387C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEE2616B-E72F-42D1-BC5F-22EEA0E61EB0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {1221B93D-FE44-4826-AA5D-2C93C4232621} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB864F35-E459-4090-BBFE-929A4D0E2F2B} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168928 2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {054C9AE1-4061-4484-A6AC-B817BE88A77B} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\AppInstallerUpdater => C:\WINDOWS\SYSTEM32\rundll32.exe [71680 2024-04-27] (Microsoft Windows -> Microsoft Corporation) -> %windir%\system32\AppxDeploymentClient.dll,AppInstallerUpdateAllTask
Task: {1F730258-F4FA-4473-AB9D-CF93B4AD35C0} - System32\Tasks\Microsoft\Windows\Management\Provisioning\10rP0sct\0C09363D-D684-43A3-AD3D-4CEE7E575A21 => C:\WINDOWS\SYSTEM32\cmd.exe [289792 2024-04-27] (Microsoft Windows -> Microsoft Corporation) -> /c EchO IEx "iCM ([ <removed by forum moderator> <==== ATTENTION
Task: {16F7358B-C533-4E5A-A934-9F3C9DE44E93} - System32\Tasks\Microsoft\Windows\Management\Provisioning\RALopNJW2\BED0499D-52DC-4310-8802-6B545FDEF54C => C:\WINDOWS\SYSTEM32\cmd.exe [289792 2024-04-27] (Microsoft Windows -> Microsoft Corporation) -> /c EcHo ieX "Icm ([ i]<removed by forum moderator>[/i] <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {1C53D37E-6900-4D01-AA2B-059F3B515680} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {452F90B5-1CDE-41C9-9395-E3DF25D07901} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {28E82204-15DD-4083-9E09-8ADDC9B9038E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FD316312-7948-4FCF-8C7E-7E5ED4B14970} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5C6C9833-2FE7-4338-8C96-DFC3777D9808} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe join (No File)
Task: {8C45BCE4-9F8C-44E0-A117-FD060E44BEB9} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673184 2024-05-18] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {FF9F9770-D2BF-4D66-98FC-16D578A34FDA} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3154358939-2545289201-4114463858-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673184 2024-05-18] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {CC6CF917-EEA8-4280-ABDD-8ED45B5308A2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-05-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {6180920B-EBEF-4CB6-9154-40FBE4F05649} - System32\Tasks\Nafifas => "C:\Users\Alexandra\AppData\Local\Temp\Anydesk\Anydesk.exe" (No File) <==== ATTENTION
Task: {8CA22AEB-DBA8-4328-9031-71527EC183B9} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]
Task: {70CF90FD-C865-4082-9D43-2D202E948A4E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3154358939-2545289201-4114463858-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {FF02015F-1935-4ED5-8CC7-9837AF480988} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3154358939-2545289201-4114463858-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {AABFBAA3-DE63-4549-995C-7D4A298B5E69} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {86EAC909-A4D7-4838-9665-9C87F91E7BA7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4158504 2018-06-27] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {5E1734A4-F7F2-4087-8FAE-87F18E3BD3C5} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [170496 2023-10-10] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{7206f95d-0e9f-44ca-bbd1-6d92647d6ba2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7206f95d-0e9f-44ca-bbd1-6d92647d6ba2}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{7206f95d-0e9f-44ca-bbd1-6d92647d6ba2}\84F6D656D25374: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7206f95d-0e9f-44ca-bbd1-6d92647d6ba2}\84F6D656D25374: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{7206f95d-0e9f-44ca-bbd1-6d92647d6ba2}\D616B616C697D223E24374: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{baf224a1-0986-4d25-84a7-30004b3e09a2}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{baf224a1-0986-4d25-84a7-30004b3e09a2}: [DhcpDomain] lan
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Alexandra\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-27]
Edge Extension: (Google Docs Offline) - C:\Users\Alexandra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-19]
Edge Extension: (Edge relevant text changes) - C:\Users\Alexandra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-05-19]
Edge Extension: (Google Sheets) - C:\Users\Public\Microsoft\Edge\User Data\Default\Extension\ofpkbldppprdijeolpemjfpmfjkarrmm\8.1.2._0 [2024-03-17]
Edge Profile: C:\Users\Alexandra\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2024-05-27]
Edge Profile: C:\Users\Alexandra\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2024-05-19]
Edge Extension: (Google Docs Offline) - C:\Users\Alexandra\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-01]
Edge Extension: (Edge relevant text changes) - C:\Users\Alexandra\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
Edge Extension: (Google Sheets) - C:\Users\Public\Microsoft\Edge\User Data\Default\Extension\afbdlkpcoioffleencfaknpndpbfcnkr\3.3.4._0 [2024-03-17]
FireFox:
========
FF DefaultProfile: tas1yl6e.default
FF ProfilePath: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\tas1yl6e.default [2021-02-24]
FF ProfilePath: C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\hdgdzty5.default-release [2024-05-28]
FF Extension: (Ivacy: Best VPN for Privacy & Security) - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\hdgdzty5.default-release\Extensions\apps@ivacy.com.xpi [2022-03-31]
FF Extension: (Elemental – Bold) - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\hdgdzty5.default-release\Extensions\elemental-bold-colorway@mozilla.org.xpi [2023-04-04]
FF Extension: (SConnect) - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\hdgdzty5.default-release\Extensions\jid1-HfFCNbAsKx6Aow@jetpack.xpi [2021-03-30]
FF Extension: (AdBlock — block ads across the web) - C:\Users\Alexandra\AppData\Roaming\Mozilla\Firefox\Profiles\hdgdzty5.default-release\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2024-05-18]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Alexandra\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.391.2 -> C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.391.2 -> C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-01] (Google Inc -> Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.391.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.391.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\npPMCADownloader.dll [2012-10-17] (Sony Corporation -> Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderHelper.exe [2012-10-17] (Sony Corporation -> Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.2.0.13221\PMCADownloaderLib.dll [2012-10-17] (Sony Corporation -> Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-3154358939-2545289201-4114463858-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alexandra\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3154358939-2545289201-4114463858-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Alexandra\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3154358939-2545289201-4114463858-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Alexandra\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default [2024-05-28]
CHR Notifications: Default -> hxxps://calendar.google.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/"
CHR Extension: (Silk - Privacy Pass Client) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2024-04-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-05-18]
CHR Extension: (Flip this) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\donljlliiecjcagcenoeohjmabfegkph [2023-05-31]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-05-28]
CHR Extension: (Google Docs Offline) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-05-28]
CHR Extension: (Save to Pinterest) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-05-25]
CHR Extension: (Zoom Chrome Extension) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2024-04-23]
CHR Extension: (Ivacy VPN - Best Free VPN to Unblock Websites) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lblebdecfhdegbeoejplcpmhibbkbkin [2023-10-04]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-09-01]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2024-05-28]
CHR Extension: (SConnect) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjhbkkaddmmnkghdnnmkjcgpphnopnfk [2023-10-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-07]
CHR Extension: (PlayMemories Camera Apps Downloader) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlghnkgcadghcdodlcjfhogekonhdei [2023-03-04]
CHR Extension: (The QR Code Extension) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijdcdmnjjgnnhgljmhkjlablaejfeeb [2022-10-21]
CHR Profile: C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-07-15]
CHR Profile: C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-05-14]
CHR StartupUrls: Profile 1 -> "hxxp://staff.taism.com/","hxxps://mail.google.com/","hxxps://calendar.google.com/","hxxps://heac.gov.om/index.php/en/students-guide-book"
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2024-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-17]
CHR Extension: (Save to Pinterest) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-05-14]
CHR Extension: (G Suite Training) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idkloemkmldbemijiamdiolojbffnjlh [2018-12-10]
CHR Extension: (Zoom Chrome Extension) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2024-05-14]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-23]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2024-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-02]
CHR Extension: (Google Sheets) - C:\Users\Public\Google\Chrome\User Data\Default\Extension\neqprcjrqjkmomeqmrckekeqciboombi\2.8.4._0 [2024-03-17]
CHR Extension: (Google Sheets) - C:\Users\Public\Google\Chrome\User Data\Default\Extension\jokneorpjqeokaekkeobljkakcbpapcb\3.6.1._0 [2024-03-17]
CHR Profile: C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-05-24]
CHR Notifications: Profile 2 -> hxxps://calendar.google.com; hxxps://mail.google.com; hxxps://messages.google.com
CHR HomePage: Profile 2 -> hxxp://sindbad.omanair.com/
CHR StartupUrls: Profile 2 -> "chrome://apps/"
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-05-19]
CHR Extension: (Set Character Encoding) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bpojelgakakmcfmjfilgdlmhefphglae [2020-02-03]
CHR Extension: (uBlock Origin) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-05-24]
CHR Extension: (Flip this) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\donljlliiecjcagcenoeohjmabfegkph [2023-05-31]
CHR Extension: (Session Buddy) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2024-04-07]
CHR Extension: (Gfycat Default HD) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ekiieomfkkfmficbgpkhfpcaiglihdif [2022-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-29]
CHR Extension: (Save to Pinterest) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-05-23]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2023-02-23]
CHR Extension: (Memento Time Travel) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jgbfpjledahoajcppakbgilmojkaghgm [2018-12-10]
CHR Extension: (Ivacy VPN - Best Free VPN to Unblock Websites) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lblebdecfhdegbeoejplcpmhibbkbkin [2023-09-03]
CHR Extension: (Disable Extensions Temporarily) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2022-11-22]
CHR Extension: (CNET Shopping) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2024-05-23]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-09-03]
CHR Extension: (Google Maps) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2018-12-10]
CHR Extension: (Fake news debunker by InVID & WeVerify) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mhccpoafgdgbhnjfhkcmgknndkeenfhe [2024-04-07]
CHR Extension: (SConnect) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mjhbkkaddmmnkghdnnmkjcgpphnopnfk [2023-10-27]
CHR Extension: (SingleFile) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mpiodijhokgodhhofbcjdecpffjipkle [2024-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2018-12-10]
CHR Extension: (Nang Ad Blocker) - C:\Users\Alexandra\Desktop\MAK\adblock-extension-nodetect-master [2023-05-13]
CHR Extension: (Bypass Paywalls) - C:\Users\Alexandra\Desktop\MAK\bypass-paywalls-chrome-master [2023-05-13] [UpdateUrl:hxxps://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/src/updates/updates.xml] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extension\lrelecqpiidajleakdinanmefofqikpb\1.9.8._0 [2022-11-06]
CHR Extension: (Google Unlocked) - C:\Users\Alexandra\Desktop\MAK\google-unlocked-master\extension [2022-01-20]
CHR Extension: (Hover - Bypass Paywalls) - C:\Users\Alexandra\Desktop\MAK\hover-paywalls-browser-extension-master\dist [2023-03-25]
CHR Profile: C:\Users\Alexandra\AppData\Local\Google\Chrome\User Data\System Profile [2022-11-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Alexandra\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-03-30] (Apple Inc. -> Apple Inc.)
R2 AtomService; C:\Program Files (x86)\Ivacy\Atom\AtomService\Atom.SDK.WindowsService.exe [175360 2023-07-10] (GZ Systems Limited -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248016 2024-05-19] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458128 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [159632 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481680 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-12-11] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [159664 2023-12-22] (Dell Technologies Inc. -> Dell)
S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S2 GoogleUpdaterService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2018-08-31] (GoPro Media, Inc. -> )
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [126880 2012-09-27] (Hewlett-Packard Company -> HP)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] (Canon Inc. -> )
S2 IvacyService; C:\Program Files (x86)\Ivacy\ProgramFilesAssets\IvacyService.exe [56584 2023-10-20] (PMG PTE. LTD. -> )
S2 McNeelUpdate; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2015-08-10] (Robert McNeel and Associates -> Robert McNeel & Associates)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024 2017-02-07] (Sony Corporation -> Sony Corporation)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.2.11\ProtonVPNService.exe [474824 2024-03-27] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.WireGuardService.exe [474312 2024-02-01] (Proton AG -> ProtonVPN)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink Corp. -> CyberLink)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-09-14] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-09-14] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [159048 2024-04-25] (Dell Technologies Inc. -> Dell Inc.)
S3 ValeVPNService; C:\Program Files\ValeVPN\valevpnservice.exe [2394624 2024-05-18] () [File not signed]
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [794544 2024-05-02] (Oracle America, Inc. -> Oracle and/or its affiliates)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-09-20] () [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 athr; C:\WINDOWS\system32\DRIVERS\athw10x.sys [4301304 2015-05-18] (WDKTestCert qcaswbld,130129545209614653 -> Qualcomm Atheros Communications, Inc.)
R1 avpndriver; C:\WINDOWS\System32\drivers\avpndriver.sys [104424 2023-07-10] (GZ Systems Limited -> Windows ® Win 7 DDK provider)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-05] (Bluestack Systems, Inc -> Bluestack System Inc.)
U5 btwampfl; C:\Windows\System32\Drivers\btwampfl.sys [223040 2019-09-03] (Broadcom Corporation -> Broadcom Corporation.)
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2024-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 fiddrv64; no ImagePath
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [155400 2015-06-15] (Intel Corporation - Client Components Group -> Intel Corporation)
R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2013-02-25] (北京铠信神州科技有限责任公司 -> )
R3 moufiltr; C:\WINDOWS\System32\drivers\moufiltr.sys [24640 2016-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [80192 2019-07-31] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.2.11\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2020-03-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2022-07-04] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2023-10-28] (Microsoft Corporation) [File not signed]
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [254352 2024-05-02] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [265224 2024-05-02] (Oracle Corporation -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1063752 2024-05-02] (Oracle Corporation -> Oracle and/or its affiliates)
R3 vhidmini; C:\WINDOWS\System32\drivers\walvhid.sys [7552 2009-08-26] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21056 2024-05-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601496 2024-05-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-18] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2023-09-30] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
U4 npcap_wifi; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-05-28 20:11 - 2024-05-28 20:13 - 000060886 _____ C:\Users\Alexandra\Desktop\FRST.txt
2024-05-28 20:09 - 2024-05-28 20:12 - 000000000 ____D C:\FRST
2024-05-28 20:05 - 2024-05-28 20:05 - 002395136 _____ (Farbar) C:\Users\Alexandra\Desktop\FRST64.exe
2024-05-28 18:11 - 2024-05-28 18:24 - 000000000 ____D C:\ProgramData\HitmanPro
2024-05-28 18:11 - 2024-05-28 18:11 - 000000000 ____D C:\Program Files\HitmanPro
2024-05-28 18:05 - 2024-05-28 18:06 - 000000000 ____D C:\AdwCleaner
2024-05-28 17:59 - 2024-05-28 18:04 - 000002642 _____ C:\Users\Alexandra\Desktop\Rkill.txt
2024-05-28 17:52 - 2024-05-28 17:52 - 014287912 _____ (Sophos B.V.) C:\Users\Alexandra\Downloads\HitmanPro_x64.exe
2024-05-28 17:51 - 2024-05-28 17:51 - 008790880 _____ (Malwarebytes) C:\Users\Alexandra\Downloads\adwcleaner.exe
2024-05-28 17:51 - 2024-05-28 17:51 - 002589624 _____ (Malwarebytes) C:\Users\Alexandra\Downloads\MBSetup.exe
2024-05-28 17:50 - 2024-05-28 17:50 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Alexandra\Downloads\rkill.exe
2024-05-28 15:57 - 2024-05-28 15:57 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-05-28 15:44 - 2024-05-28 15:44 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-05-27 21:27 - 2024-05-27 21:27 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\com.adobe.dunamis
2024-05-27 21:27 - 2024-05-27 21:27 - 000000000 ____D C:\Users\Alexandra\.ms-ad
2024-05-27 20:11 - 2024-05-27 20:11 - 000002048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-05-27 20:11 - 2024-05-27 20:11 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-05-27 20:11 - 2024-05-27 20:11 - 000002025 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-05-27 20:10 - 2024-05-27 20:10 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-05-27 20:06 - 2024-05-28 19:21 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-05-27 19:08 - 2024-05-27 19:08 - 000000855 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2024-05-27 19:08 - 2024-05-27 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2024-05-27 19:08 - 2024-05-27 19:08 - 000000000 ____D C:\Program Files\qBittorrent
2024-05-25 09:37 - 2024-05-25 09:37 - 000001978 _____ C:\Users\Alexandra\Desktop\regexport.txt
2024-05-24 11:47 - 2024-05-24 12:34 - 000008192 ___SH C:\DumpStack.log.tmp
2024-05-21 16:40 - 2024-05-21 16:40 - 000119781 _____ C:\Users\Alexandra\Downloads\RewardCardOman.pdf
2024-05-21 16:30 - 2024-05-21 16:30 - 001025111 _____ C:\Users\Alexandra\Downloads\PolicyReportsOmanNew-1.pdf
2024-05-21 16:29 - 2024-05-21 16:29 - 001025110 _____ C:\Users\Alexandra\Downloads\PolicyReportsOmanNew.pdf
2024-05-21 16:29 - 2024-05-21 16:29 - 000171384 _____ C:\Users\Alexandra\Downloads\7825166.pdf
2024-05-19 10:24 - 2024-05-19 10:24 - 000000000 ____D C:\Users\Alexandra\Tracing
2024-05-19 04:15 - 2024-05-19 04:15 - 000001094 _____ C:\Users\Public\Desktop\BleachBit.lnk
2024-05-19 04:15 - 2024-05-19 04:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BleachBit
2024-05-19 00:19 - 2024-05-19 00:19 - 000002411 _____ C:\Users\Alexandra\Desktop\Pluralsight Offline Player.lnk
2024-05-19 00:11 - 2024-05-19 00:11 - 000002535 _____ C:\Users\Alexandra\Desktop\Cricut Design Space.lnk
2024-05-18 23:45 - 2024-05-18 23:45 - 000001115 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2024-05-18 23:45 - 2024-05-18 23:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2024-05-18 23:45 - 2024-05-02 03:10 - 001063752 _____ (Oracle and/or its affiliates) C:\WINDOWS\system32\Drivers\VBoxSup.sys
2024-05-18 23:45 - 2024-05-02 03:10 - 000203912 _____ (Oracle and/or its affiliates) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2024-05-18 23:34 - 2024-05-18 23:34 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\hps-install
2024-05-18 22:33 - 2024-05-18 22:33 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Ivacy
2024-05-18 22:31 - 2024-05-18 22:31 - 000000000 ____D C:\Users\Alexandra\Downloads\cewe
2024-05-18 22:19 - 2024-05-18 22:19 - 000001369 _____ C:\Users\Public\Desktop\Ivacy.lnk
2024-05-18 22:18 - 2024-05-18 22:35 - 000000000 ____D C:\ProgramData\Ivacy
2024-05-18 22:14 - 2024-05-18 22:16 - 000000417 _____ C:\WINDOWS\system32\WireGuard_Log_18_05_2024.txt
2024-05-18 22:08 - 2024-05-18 22:08 - 000001022 _____ C:\Users\Public\Desktop\Proton VPN.lnk
2024-05-18 22:03 - 2024-05-19 01:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-05-18 19:14 - 2024-05-24 11:47 - 000909911 ____N C:\WINDOWS\Minidump\052424-13468-01.dmp
2024-05-15 01:59 - 2024-05-15 01:59 - 000000000 ___HD C:\$WinREAgent
2024-05-12 02:05 - 2024-05-12 02:05 - 000203936 _____ (Adobe Systems Inc) C:\WINDOWS\system32\AdobePDF.dll
2024-05-12 02:05 - 2024-05-12 02:05 - 000146592 _____ (Adobe Systems Inc.) C:\WINDOWS\system32\AdobePDFUI.dll
2024-05-09 00:03 - 2024-05-09 00:03 - 000001778 _____ C:\Users\Public\Desktop\iTunes.lnk
2024-05-09 00:03 - 2024-05-09 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2024-05-09 00:03 - 2024-05-09 00:03 - 000000000 ____D C:\Program Files\iTunes
2024-05-06 22:17 - 2024-05-06 22:17 - 000001018 _____ C:\Users\Public\Desktop\Quick Share from Google.lnk
2024-05-02 03:10 - 2024-05-02 03:10 - 000265224 _____ (Oracle and/or its affiliates) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2024-05-02 03:10 - 2024-05-02 03:10 - 000254352 _____ (Oracle and/or its affiliates) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
2024-04-29 20:38 - 2024-04-29 20:38 - 000003952 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-05-28 20:09 - 2019-12-07 13:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-28 20:04 - 2020-06-09 02:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-05-28 20:00 - 2019-09-12 09:44 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\qBittorrent
2024-05-28 19:45 - 2015-05-01 21:54 - 000000000 ___SD C:\Users\Alexandra\AppData\Roaming\Microsoft\Credentials
2024-05-28 19:44 - 2016-02-18 20:59 - 000000000 ____D C:\Users\Alexandra\AppData\Local\CrashDumps
2024-05-28 19:14 - 2015-06-09 21:14 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-05-28 18:28 - 2022-02-09 10:02 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-05-28 17:17 - 2019-12-07 13:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-28 17:17 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-05-28 17:12 - 2020-10-02 23:26 - 000007666 _____ C:\Users\Alexandra\AppData\Local\Resmon.ResmonCfg
2024-05-28 16:14 - 2019-12-07 13:13 - 000000000 ____D C:\WINDOWS\INF
2024-05-28 15:47 - 2023-01-06 18:40 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{61BE3B7B-13F8-4000-8EF2-AF452B96D1B3}
2024-05-28 15:46 - 2020-06-09 03:30 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-28 15:46 - 2020-06-09 03:30 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-28 15:46 - 2015-06-29 16:57 - 000000000 ___RD C:\Users\Alexandra\Google Drive
2024-05-28 15:45 - 2020-02-05 12:20 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\WTablet
2024-05-28 15:44 - 2015-05-01 21:50 - 000000000 __SHD C:\Users\Alexandra\IntelGraphicsProfiles
2024-05-28 01:06 - 2013-08-22 17:25 - 000000091 _____ C:\WINDOWS\win.ini
2024-05-27 21:27 - 2020-06-09 02:43 - 000000000 ____D C:\Users\Alexandra
2024-05-27 20:09 - 2020-01-23 20:28 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Adobe
2024-05-27 20:05 - 2015-05-03 18:17 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-05-27 20:04 - 2020-01-23 21:26 - 000000000 ____D C:\Program Files\Adobe
2024-05-27 20:04 - 2020-01-23 20:26 - 000000000 ____D C:\ProgramData\Adobe
2024-05-27 19:48 - 2017-12-01 21:20 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Packages
2024-05-27 19:08 - 2021-10-23 21:13 - 000000000 ____D C:\Users\Alexandra\Desktop\Test
2024-05-27 16:36 - 2023-10-07 11:03 - 000000000 ____D C:\Program Files\RUXIM
2024-05-26 19:30 - 2023-01-17 11:45 - 000002520 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-05-26 19:30 - 2020-06-08 13:33 - 000002682 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-26 03:15 - 2020-06-09 13:30 - 000750212 _____ C:\WINDOWS\system32\perfh007.dat
2024-05-26 03:15 - 2020-06-09 13:30 - 000155174 _____ C:\WINDOWS\system32\perfc007.dat
2024-05-26 03:15 - 2020-06-09 03:02 - 001732472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-25 09:41 - 2020-01-21 14:49 - 000000000 ____D C:\Users\Alexandra\.dbus-keyrings
2024-05-24 12:49 - 2018-11-16 08:21 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Spotify
2024-05-24 12:49 - 2018-11-16 08:19 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Spotify
2024-05-24 12:45 - 2021-12-16 04:14 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-05-24 12:45 - 2015-05-03 18:32 - 000002601 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-24 12:43 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-05-24 12:34 - 2020-06-09 03:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-05-24 12:33 - 2019-12-07 13:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2024-05-24 12:16 - 2020-02-26 14:46 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2024-05-24 12:07 - 2020-06-07 12:17 - 000000000 ____D C:\Users\Alexandra\AppData\Local\ElevatedDiagnostics
2024-05-24 11:51 - 2020-06-15 18:26 - 000000000 ____D C:\WINDOWS\Minidump
2024-05-23 12:34 - 2015-05-05 23:39 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Microsoft\Word
2024-05-22 00:37 - 2018-06-20 22:13 - 000000000 ____D C:\ProgramData\Packages
2024-05-20 21:21 - 2023-10-01 19:52 - 000001978 _____ C:\Users\Administrator\Desktop\Google Slides.lnk
2024-05-20 21:21 - 2023-10-01 19:52 - 000001978 _____ C:\Users\Administrator\Desktop\Google Sheets.lnk
2024-05-20 21:21 - 2023-10-01 19:52 - 000001966 _____ C:\Users\Administrator\Desktop\Google Docs.lnk
2024-05-20 21:21 - 2021-09-23 19:39 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-05-20 21:21 - 2021-09-23 19:39 - 000001978 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-05-20 21:21 - 2021-09-23 19:39 - 000001978 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-05-20 21:21 - 2021-09-23 19:39 - 000001966 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-05-20 21:21 - 2018-12-11 17:33 - 000002018 _____ C:\Users\Alexandra\Desktop\Google Drive.lnk
2024-05-19 14:24 - 2022-10-10 17:04 - 000010160 _____ C:\Users\Alexandra\Desktop\mycollection (1).zip
2024-05-19 10:41 - 2024-01-20 21:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-05-19 10:41 - 2021-06-23 20:32 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-05-19 10:40 - 2023-09-27 21:23 - 010498456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-19 10:16 - 2019-01-14 13:03 - 000000000 ____D C:\Users\Alexandra\AppData\Local\PlaceholderTileLogoFolder
2024-05-19 09:38 - 2017-12-01 21:55 - 000000000 ___RD C:\Users\Alexandra\3D Objects
2024-05-19 09:35 - 2020-01-23 20:26 - 000000000 ____D C:\Program Files (x86)\Adobe
2024-05-19 04:17 - 2020-01-23 20:28 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Adobe
2024-05-19 04:15 - 2020-01-24 12:48 - 000000000 ____D C:\Program Files (x86)\BleachBit
2024-05-19 01:55 - 2020-01-23 20:47 - 000000000 ____D C:\Users\Alexandra\AppData\LocalLow\Adobe
2024-05-19 01:43 - 2020-05-02 11:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-05-19 00:38 - 2015-05-05 23:31 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-19 00:30 - 2022-08-19 19:29 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Pluralsight
2024-05-19 00:19 - 2022-08-19 19:29 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pluralsight
2024-05-19 00:18 - 2019-11-27 19:58 - 000000000 ____D C:\Users\Alexandra\AppData\Local\SquirrelTemp
2024-05-19 00:14 - 2021-08-31 01:55 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Mendeley Reference Manager
2024-05-19 00:11 - 2023-05-05 13:52 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Cricut Design Space
2024-05-19 00:04 - 2024-01-20 01:21 - 000000949 _____ C:\Users\Alexandra\Desktop\Classic - Shortcut.lnk
2024-05-19 00:03 - 2021-01-31 19:19 - 000000184 _____ C:\Users\Alexandra\.packettracer
2024-05-19 00:01 - 2023-04-12 02:37 - 000000000 ____D C:\Users\Alexandra\AppData\Local\ValeVPN
2024-05-18 23:59 - 2023-11-05 22:33 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\vlc
2024-05-18 23:58 - 2022-08-20 23:41 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Typora
2024-05-18 23:58 - 2022-08-20 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Typora
2024-05-18 23:58 - 2022-08-20 23:40 - 000000000 ____D C:\Program Files\Typora
2024-05-18 23:57 - 2022-07-31 21:14 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\Send Anywhere
2024-05-18 23:56 - 2021-02-21 22:57 - 000000000 ____D C:\Program Files (x86)\PicPick
2024-05-18 23:55 - 2022-07-31 21:10 - 000000000 ____D C:\Program Files (x86)\Send Anywhere
2024-05-18 23:55 - 2022-05-15 03:48 - 000002212 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2024-05-18 23:55 - 2021-12-16 04:21 - 000000000 ____D C:\Program Files (x86)\Samsung
2024-05-18 23:55 - 2015-02-08 00:20 - 000000000 ____D C:\ProgramData\Package Cache
2024-05-18 23:54 - 2022-07-31 21:10 - 000002381 _____ C:\Users\Public\Desktop\Send Anywhere.lnk
2024-05-18 23:52 - 2023-03-27 23:03 - 000001661 _____ C:\Users\Public\Desktop\Recuva.lnk
2024-05-18 23:52 - 2019-03-28 13:48 - 000000000 ____D C:\Program Files\Recuva
2024-05-18 23:47 - 2020-06-16 22:33 - 000000000 ____D C:\Users\Alexandra\.VirtualBox
2024-05-18 23:45 - 2015-02-08 00:25 - 000000000 ____D C:\Temp
2024-05-18 23:44 - 2020-04-13 10:58 - 000000000 ____D C:\Users\Alexandra\AppData\Roaming\obs-studio
2024-05-18 23:40 - 2020-06-16 22:33 - 000000000 ____D C:\ProgramData\VirtualBox
2024-05-18 23:37 - 2019-07-31 23:42 - 000001724 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2024-05-18 23:31 - 2023-04-12 02:36 - 000000000 ____D C:\Program Files\ValeVPN
2024-05-18 22:23 - 2023-04-04 14:05 - 000000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant
2024-05-18 22:23 - 2016-05-08 22:11 - 000001024 ____H C:\AMTAG.BIN
2024-05-18 22:21 - 2022-01-14 02:01 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Airflow
2024-05-18 22:19 - 2023-10-04 08:00 - 000000000 ____D C:\Program Files (x86)\Ivacy
2024-05-18 22:19 - 2021-03-04 19:58 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2024-05-18 22:08 - 2023-05-21 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2024-05-18 22:06 - 2021-02-24 00:03 - 000001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-05-18 19:20 - 2018-02-18 21:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-05-18 19:14 - 2024-04-22 19:38 - 000942171 ____N C:\WINDOWS\Minidump\051824-20984-01.dmp
2024-05-18 19:14 - 2019-12-07 13:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-18 19:14 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-18 19:14 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-18 19:14 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-15 19:33 - 2019-12-07 13:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-15 19:30 - 2020-06-09 02:38 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-05-15 02:09 - 2022-03-30 20:17 - 000000000 ____D C:\Program Files\dotnet
2024-05-15 02:08 - 2015-05-13 13:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-15 02:00 - 2015-05-13 13:13 - 196465576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-05-14 22:06 - 2019-09-22 10:24 - 000000000 ____D C:\Users\Alexandra\Desktop\Manuals
2024-05-08 23:56 - 2019-01-06 06:00 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2024-05-08 23:56 - 2018-12-11 17:25 - 000000000 ____D C:\Program Files\Google
2024-05-08 23:56 - 2018-06-20 21:32 - 000000000 ____D C:\Users\Alexandra\AppData\Local\Google
2024-05-08 23:49 - 2016-05-08 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2024-05-06 22:17 - 2023-08-22 13:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Google
2024-05-03 17:19 - 2019-12-07 13:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-04-29 20:44 - 2015-02-08 00:18 - 000000000 ____D C:\Program Files\Dell
2024-04-29 20:33 - 2015-06-10 12:05 - 000000000 ____D C:\Program Files (x86)\Dell
2024-04-29 00:38 - 2021-12-22 20:15 - 000000000 ____D C:\WINDOWS\system32\11
==================== Files in the root of some directories ========
2019-03-06 20:00 - 2020-01-17 17:12 - 000000132 _____ () C:\Users\Alexandra\AppData\Roaming\Adobe PNG Format CS5 Prefs
2020-12-14 07:21 - 2020-12-14 07:21 - 000000015 _____ () C:\Users\Alexandra\AppData\Roaming\obs-virtualcam.txt
2022-01-11 17:25 - 2022-01-11 17:31 - 000006293 _____ () C:\Users\Alexandra\AppData\Local\HWVendorDetection.log
2019-12-12 16:09 - 2022-10-06 03:02 - 000000205 _____ () C:\Users\Alexandra\AppData\Local\oobelibMkey.log
2022-07-10 14:38 - 2022-07-10 14:38 - 000000218 _____ () C:\Users\Alexandra\AppData\Local\recently-used.xbel
2020-10-02 23:26 - 2024-05-28 17:12 - 000007666 _____ () C:\Users\Alexandra\AppData\Local\Resmon.ResmonCfg
2020-06-29 21:18 - 2022-07-10 14:18 - 000000503 _____ () C:\Users\Alexandra\AppData\Local\zenmap.exe.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22.05.2024 01
Ran by Alexandra (28-05-2024 20:15:24)
Running from C:\Users\Alexandra\Desktop
Microsoft Windows 10 Home Single Language Version 22H2 19045.4412 (X64) (2020-06-08 23:33:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3154358939-2545289201-4114463858-500 - Administrator - Disabled) => C:\Users\Administrator
Alexandra (S-1-5-21-3154358939-2545289201-4114463858-1001 - Administrator - Enabled) => C:\Users\Alexandra
DefaultAccount (S-1-5-21-3154358939-2545289201-4114463858-503 - Limited - Disabled)
Guest (S-1-5-21-3154358939-2545289201-4114463858-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3154358939-2545289201-4114463858-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 24.002.20759 - Adobe)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_0_2) (Version: 24.0.2 - Adobe Systems Incorporated)
Adobe InDesign 2020 (HKLM-x32\...\IDSN_15_0_1) (Version: 15.0.1 - Adobe Systems Incorporated)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_3) (Version: 21.0.3 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Agent Ransack (HKLM\...\{9F35C65C-1112-4255-8384-4898530BC9AE}) (Version: 9.2.3405.1 - Mythicsoft Ltd)
Airflow (64-bit) (HKLM\...\Airflow (64-bit)) (Version: 3.3.3 - BitCave)
AOMEI Partition Assistant 9.15.0 (HKLM-x32\...\{04F850ED-FD0F-4ED1-AE1B-4498165BF3D2}_is1) (Version: 9.15.0 - AOMEI International Network Limited.)
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{336D80E8-E773-4B6F-BCAB-D291F34A6685}) (Version: 17.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
ArtRage 4 (HKLM-x32\...\{FD363FA3-BBFF-4051-AD2B-FBFF5590217F}) (Version: 4.0.2.1 - Ambient Design) Hidden
ArtRage 4 (HKLM-x32\...\ArtRage 4 4.0.2.1) (Version: 4.0.2.1 - Ambient Design)
AtomSDKInstaller (HKLM-x32\...\AtomSDKInstaller_is1) (Version: 4.5.0 - GZ Systems)
BleachBit (HKLM-x32\...\BleachBit) (Version: 4.6.0.2537 - BleachBit)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.280.0.1022 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.03 - Canon Inc.)
Canon MG2400 series On-screen Manual (HKLM-x32\...\Canon MG2400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2400 series User Registration (HKLM-x32\...\Canon MG2400 series User Registration) (Version: - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Clockify (HKLM\...\{6680E46B-2115-4B0B-91CF-1C903E112692}) (Version: 1.3.1 - COING Inc.)
Corel Painter 13 - IPM (HKLM\...\{85E8F7AD-8A82-43BC-827D-6F474C1280C7}) (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (HKLM\...\{BBDEA835-6E15-4B9B-ACEB-4021DBC6CED5}) (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 2015 (HKLM\...\_{DDB3F5F0-2583-426C-A652-8404AFF3A4D0}) (Version: 14.0.0.728 - Corel Corporation)
CPUID CPU-Z 2.09 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.09 - CPUID, Inc.)
Cricut Design Space (HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\{113DD42F-AE80-489B-8F15-FB8499306C48}) (Version: 8.30.64 - Cricut, Inc.)
CrystalDiskMark 8.0.4 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.4 - Crystal Dew World)
CyberLink LabelPrint 2.5 (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.3214 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.3123 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.3126 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3205.55 - CyberLink Corp.) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell SupportAssist (HKLM\...\{A1FC489C-7909-4E08-9685-6C77BA2053DE}) (Version: 4.0.3.61632 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{39BF0E71-7A16-4A80-BBCE-FBDD2D1CC2D5}) (Version: 5.5.9.18923 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{f6a4df94-48f2-459a-8d40-16b1fbed13c5}) (Version: 5.5.9.18923 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.70 - Synaptics Incorporated)
Discord (HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Discord) (Version: 1.0.9025 - Discord Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 7.35.333.0 - Dell Inc.)
FastStone Photo Resizer 3.5 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.5 - FastStone Soft.)
FinePrint (HKLM\...\FinePrint) (Version: 10.03 - FinePrint Software, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.113 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 91.0.2.0 - Google LLC)
Google Earth Pro (HKLM\...\{3470AD08-85F2-4B1D-8487-FC4750732087}) (Version: 7.3.6.9796 - Google)
GoPro Quik (HKLM\...\{AA5F7FCE-311C-46D8-B93A-ABF4DDCAB832}) (Version: 0.1.945 - GoPro, Inc.) Hidden
GoPro Quik (HKLM-x32\...\{a23df978-67ca-4fe3-a740-a7b5ae7ec82f}) (Version: 2.7.0.945 - GoPro, Inc.)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HP DeskJet 2300 series Basic Device Software (HKLM\...\{280AC4A4-F88F-4D14-93C8-F5FF440960A6}) (Version: 51.3.4843.21310 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{854EA376-868A-422C-B7B4-6F9D5B20EC1B}) (Version: 56.0.472.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{801C9376-E9A4-4F07-BFB3-8CC3B8763E24}) (Version: 56.0.472.0 - HP)
HP FTP Plugin (HKLM-x32\...\{050CD6B1-C803-48DE-93EF-6330A97A327A}) (Version: 56.0.472.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{6CC13319-B053-4F02-B17D-38205DA92AF3}) (Version: 56.0.472.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP SFTP Plugin (HKLM-x32\...\{4730D19B-49E2-4671-938E-16C19EEB95F8}) (Version: 56.0.472.0 - HP Inc.)
HP SharePoint Plugin (HKLM-x32\...\{8DBC8390-BCDE-420F-8418-B9AF4C4F6C85}) (Version: 56.0.472.0 - HP)
IconHandler 64 bit (HKLM\...\{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}) (Version: 2.0 - Corel Corporation) Hidden
Intel Processor Identification Utility (HKLM-x32\...\{14f01504-8f44-430e-80e6-ba1ee70f37b3}) (Version: 6.10.34 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM\...\{00C43022-CFDA-4942-9D3F-04199C91C939}) (Version: 10.1.18121.8164 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{37942a92-9e3f-4d70-9b5c-5955cbc54505}) (Version: 10.1.18121.8164 - Intel® Corporation)
Intel® Computing Improvement Program (HKLM\...\{15E71D2B-4046-4B9D-A8BB-EBFC5CC12D86}) (Version: 2.4.10717 - Intel Corporation)
Intel® Graphics Driver Software (HKLM-x32\...\{e549f2da-cbe4-4fb5-b792-c16d25588d06}) (Version: 3.11.1.0 - Intel) Hidden
Intel® ME UninstallLegacy (HKLM\...\{FD37351B-3074-4652-8188-1B3FB784EC4E}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{9503AD68-6198-4081-9F57-1F346D7B58D4}) (Version: 14.8.16.1063 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Serial IO (HKLM\...\{CBD9BDB2-3126-4756-A03A-621CCF87C188}) (Version: 1.1.253.0 - Intel Corporation) Hidden
Intel® SUR QC Software Asset Manager (HKLM\...\{B3804557-9824-4918-AA88-0DFAC94CD3B5}) (Version: 3.5.5033 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00001010-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.10.1.1 - Intel Corporation)
Intel® Processor Identification Utility - Legacy (HKLM-x32\...\{2BE5ADB3-89E4-4726-AAD4-B9892F68A005}) (Version: 6.10.34.1129 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a2caa706-dce2-4c91-8d46-b52a3c260b20}) (Version: 21.10.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{07AC08CE-C63D-4FAE-B215-F53E13EA005F}) (Version: 21.10.1.3139 - Intel Corporation) Hidden
iTunes (HKLM\...\{1A709475-D5E5-4D10-A43D-20581B2BCD72}) (Version: 12.13.2.3 - Apple Inc.)
Ivacy (HKLM-x32\...\{18fb3d5a-066c-4f17-9657-9aca23a1222b}) (Version: 6.5.0.1 - ) Hidden
Ivacy (HKLM-x32\...\{b80f57d3-73b1-435e-9cda-6c7639e8312b}) (Version: 6.5.0.0 - ) Hidden
Ivacy (HKLM-x32\...\Ivacy) (Version: 6.5.0.1 - Ivacy)
Java 8 Update 391 (64-bit) (HKLM\...\{71324AE4-039E-4CA4-87B4-2F64180391F0}) (Version: 8.0.3910.13 - Oracle Corporation)
Java 8 Update 391 (HKLM-x32\...\{71324AE4-039E-4CA4-87B4-2F32180391F0}) (Version: 8.0.3910.13 - Oracle Corporation)
KCP-0.6.0.6 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.6.0.6 - Haruhichan.com)
KeyboardTest V3.2 (HKLM\...\KeyboardTest_is1) (Version: 3.2 - PassMark Software)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Leawo TunesCopy version 1.0.0.0 (HKLM-x32\...\{6B9F4449-3F1B-45C2-B099-5D59DA4AA01A}_is1) (Version: 1.0.0.0 - Leawo Software)
Light Image Resizer 6.0.9.0 (HKLM-x32\...\{4AC2BB90-D86E-4E4A-84E7-62ED7D564488}_is1) (Version: 6.0.9.0 - ObviousIdea)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.70.68 - Logitech)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6331.1 - Waves Audio Ltd.) Hidden
MediaInfo 22.09 (HKLM\...\MediaInfo) (Version: 22.09 - MediaArea.net)
Mendeley Desktop 1.19.6 (HKLM-x32\...\Mendeley Desktop) (Version: 1.19.6 - Mendeley Ltd.)
Mendeley Reference Manager 2.56.1 (HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\b4b58389-01e4-5dfd-9842-aad36733657a) (Version: 2.56.1 - Mendeley)
MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7}) (Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.30 (x64) (HKLM\...\{543852FC-D0E4-481B-B2B2-BEB271DED058}) (Version: 48.120.13561 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.30 (x64) (HKLM\...\{E80165F8-5F40-42C5-82CE-BE934C750771}) (Version: 48.120.13561 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.30 (x64) (HKLM\...\{63F2E1E5-10EC-4F55-B92D-D65A7AA41A15}) (Version: 48.120.13561 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.30 (x64) (HKLM-x32\...\{75cdcf66-5594-438c-9f70-92b73b3be0f5}) (Version: 6.0.30.33615 - Microsoft Corporation)
Microsoft ASP.NET Core 6.0.13 Shared Framework (x64) (HKLM\...\{A6500837-F3BE-357E-9A21-6A78D098659F}) (Version: 6.0.13.22580 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 125.0.2535.67 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2019 - ar-sa (HKLM\...\ProPlus2019Retail - ar-sa) (Version: 16.0.17531.20152 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - ar-sa.proof (HKLM\...\ProPlus2019Retail - ar-sa.proof) (Version: 16.0.17531.20152 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.17531.20152 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.17531.20152 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us.proof (HKLM\...\ProPlus2019Retail - en-us.proof) (Version: 16.0.17531.20152 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3154358939-2545289201-4114463858-500\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33130 (HKLM-x32\...\{2cfeba4a-21f8-4ea7-9927-c5a5c6f13cc9}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33130 (HKLM\...\{C31777DB-51C1-4B19-9F80-38EF5C1D7C89}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33130 (HKLM\...\{1CA7421F-A225-4A9C-B320-A36981A2B789}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33130 (HKLM-x32\...\{5CA9AE7B-2EFC-4F02-81CD-32ABE173C755}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33130 (HKLM-x32\...\{DF1B52DF-C88E-4DDF-956B-6E7A03327F46}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.30 (x64) (HKLM\...\{D624CDFC-3CDA-47F7-9F84-A3CCB8D3396B}) (Version: 48.120.13587 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.30 (x64) (HKLM-x32\...\{b2b66c6f-6c27-49d1-846a-6c27d322b9bb}) (Version: 6.0.30.33617 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 126.0 (x64 en-US)) (Version: 126.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 86.0 - Mozilla)
MyPublisher (HKLM-x32\...\MyPublisher) (Version: - MyPublisher, Inc.)
NitroShare version 0.3.4 (HKLM\...\{174A4547-917E-4BAF-9F25-FCE545CCD487}_is1) (Version: 0.3.4 - Nathan Osman)
Nmap 7.80 (HKLM-x32\...\Nmap) (Version: 7.80 - Nmap Project)
Npcap 0.9982 (HKLM-x32\...\NpcapInst) (Version: 0.9982 - Nmap Project)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.1.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17531.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0401-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenVPN 2.3.12-I602 (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Oracle VM VirtualBox 7.0.18 (HKLM\...\{7431991E-0534-4E1E-89C8-2AF6968C017C}) (Version: 7.0.18 - Oracle and/or its affiliates)
Painter 2015 - Contentx64 (HKLM\...\{E2D71436-E79B-4EF3-9ACB-4622C77CFEF1}) (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - Core (HKLM\...\{313D2845-7967-4ACB-9CF7-CD355F268EEC}) (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - Corex64 (HKLM\...\{8C0965F5-F929-47DF-8785-93E65E3F8E74}) (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - CT (HKLM\...\{D8152135-100D-4F72-8790-81E789198BB5}) (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - DE (HKLM\...\{DFE27B08-651B-42F3-ACC1-769E1E7038DF}) (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - EN (HKLM\...\{53A8611D-EDDB-4943-A4B5-042756ADF10F}) (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - FR (HKLM\...\{83570A31-245C-437D-AF3C-A1558E394C29}) (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - Setup Files (HKLM\...\{DDB3F5F0-2583-426C-A652-8404AFF3A4D0}) (Version: 14.0 - Corel Corporation) Hidden
PatternMaster Boutique v6 (HKLM-x32\...\{D0A10769-91EC-4DB0-90F2-E4A74B3AE308}) (Version: 6.0 - Wild Ginger Software, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PicPick (HKLM-x32\...\PicPick) (Version: 7.2.8 - NGWIN)
PlayMemories Camera Apps Downloader (HKLM-x32\...\{3333CE3B-CDF8-4F5E-A3BC-9ECD60FB7E66}) (Version: 1.2.0.13221 - Sony Corporation)
PlayMemories Home (HKLM-x32\...\{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.3.01.02070 - Sony Corporation)
Pluralsight Offline Player (HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Pluralsight) (Version: 1.1.106 - Pluralsight, LLC)
PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{2CA3C685-339C-4C61-B12C-FAD81A872651}) (Version: 10.3.01 - Sony Corporation) Hidden
Port Forward Network Utilities (HKLM-x32\...\{1499E21B-5E70-404B-95FA-9225A8C514DE}) (Version: 3.0.50 - Portforward, LLC)
Product Improvement Study for HP DeskJet 2300 series (HKLM\...\{E282DFA3-E641-43F5-99E1-0FDF7C121ED4}) (Version: 51.3.4843.21310 - HP Inc.)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 3.2.11 - Proton AG)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.5 - The qBittorrent project)
Quick Share from Google (HKLM\...\{EE3750A8-D98A-420A-9B64-FA47377D2EC3}) (Version: 1.0.1637.0 - Google LLC)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 5.2.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.2.6 - VS Revo Group, Ltd.)
Rhinoceros 5 (64-bit) (HKLM\...\{0F0ABAFB-A710-45CC-B53E-37F1F70F0075}) (Version: 5.12.50810.13095 - Robert McNeel & Associates)
Rhinoceros 5 (HKLM-x32\...\{8586863C-9648-441E-BF3E-1CBD5CEB40D1}) (Version: 5.12.50810.13095 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM-x32\...\{17B822A0-154B-41BB-A049-8586899F1FD6}) (Version: 5.11.50106.18145 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (en-US) (HKLM-x32\...\{3CE4FE5E-D7BE-41EF-9C6A-752290702DAC}) (Version: 5.12.50810.13095 - Robert McNeel & Associates)
RhinoGold 4.0 (HKLM\...\RhinoGold) (Version: 4.0 - TDM Solutions SL)
Samsung DeX (HKLM-x32\...\{01CB0AC1-0B42-41CD-B569-A0485FEFE3CE}) (Version: 2.4.1.18 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{0ee140a4-adcc-4974-ad4c-210d225b488c}) (Version: 2.4.1.18 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.58.0 - Samsung Electronics Co., Ltd.)
SConnect Host (HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\SConnectHost) (Version: 2.12.0.0 - Gemalto)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Send Anywhere 24.3.80853 (HKLM-x32\...\20db1975-fda0-5740-b262-81be26ba22ab) (Version: 24.3.80853 - Estmob Inc.)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.24043.3 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.24043.3 - Samsung Electronics Co., Ltd.)
Spotify (HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\Spotify) (Version: 1.2.38.720.ga4a70a0e - Spotify AB)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Typora (HKLM\...\{37771A20-7167-44C0-B322-FD3E54C56156}_is1) (Version: 1.8.10 - typora.io)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
USB Tablet Manager (HKLM\...\RmTablet) (Version: 5.00 - )
ValeVPN Installation (HKLM-x32\...\{63E0B89E-0BC6-4566-AE2C-C7FC54CC9794}_is1) (Version: 210 - ValeVPN)
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.38-2 - Wacom Technology Corp.)
WhoCrashed 7.06 (HKLM\...\WhoCrashed_is1) (Version: 7.06 - Resplendence Software Projects Sp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.716 - Broadcom Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.1375 - Microsoft Corporation)
Windows 11 Installation Assistant (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.1341 - Microsoft Corporation)
Windows Driver Package - Dell Inc (DellRbtn) HIDClass (05/04/2015 1.4.2) (HKLM\...\70CCEEBCDF8A7D01F9CCA083F90CBABE40EAC5EB) (Version: 05/04/2015 1.4.2 - Dell Inc)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
WordPress.com (HKLM-x32\...\WordPress.com) (Version: - Automattic, Inc.)
Youtube-DLG version 0.4 (HKLM-x32\...\{3C455028-FC99-4846-8E04-4FCD87D85613}_is1) (Version: 0.4 - Sotiris Papadopoulos)
Zoom Workplace (HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\ZoomUMX) (Version: 6.0.4 (38135) - Zoom Video Communications, Inc.)
Chrome apps:
============
Messages (HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\7ad005b8ab216be50a4527afb1f7908f) (Version: 1.0 - Google\Chrome)
Snapdrop (HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\8065a2358761b3051af5779af16a36da) (Version: 1.0 - Google\Chrome)
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-05-24] (Microsoft Corporation)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2781.1.0_x64__kgqvnymyfvs32 [2024-05-24] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-04-23] (Canon Inc.)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.0.16.0_x64__htrsf667h5kn2 [2024-04-29] (Dell Inc)
Duplex Play -> C:\Program Files\WindowsApps\10143CRTVAPS.DuplexPlay_1.51.0.0_x64__jmwdmd6tdstyj [2022-12-29] (CRTVAPS)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Nearby Share -> C:\Program Files\Google\NearbyShare [2024-05-06] (Google LLC)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Corporation)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.155.0_x64__pwbj9vvecjh7j [2024-05-05] (Amazon Development Centre (London) Ltd)
Quick Share -> C:\Program Files\Google\NearbyShare [2024-05-06] (Google LLC)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.18.194.0_x64__43tkc6nmykmb6 [2024-02-17] (Ookla)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2419.11.0_x64__cv1g1gvanyjgm [2024-05-18] (WhatsApp Inc.) [Startup Task]
WinDbg -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe [2024-03-05] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{04d5c66b-d515-61ec-258f-a409f9443e98}\localserver32 -> "C:\Program Files\Proton\VPN\v3.0.7\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{318cc681-4136-d2bd-6204-14d67a05b724}\localserver32 -> "C:\Program Files\Proton\VPN\v3.2.1\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.exe (Proton AG -> )
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net -> MediaArea.net)
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{a04f95c0-6183-7419-2316-954e331d0cbc}\localserver32 -> "C:\Program Files\Proton\VPN\v3.2.2\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{bdf037d5-d1f4-16de-7c00-9c2204d45001}\localserver32 -> "C:\Program Files\Proton\VPN\v3.0.5\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{c17179b4-163d-11eb-ab15-5454d5ccf028}\localserver32 -> C:\Program Files\Clockify\ClockifyWindows.exe (ClockifyWindows) [File not signed]
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001_Classes\CLSID\{ef332f57-6128-39af-c6ef-8a8c89b3c2b7}\localserver32 -> "C:\Program Files\Proton\VPN\v3.1.0\ProtonVPN.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-20] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2014-06-05] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2014-06-05] (SoftThinks -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [NitroShellExt] -> {52A10783-C811-4C45-9A3D-221A962C8640} => C:\Program Files\NitroShare\nitroshell.dll [2017-10-12] () [File not signed]
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-20] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [NitroShellExt] -> {52A10783-C811-4C45-9A3D-221A962C8640} => C:\Program Files\NitroShare\nitroshell.dll [2017-10-12] () [File not signed]
ContextMenuHandlers2_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => -> No File
ContextMenuHandlers4_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => -> No File
ContextMenuHandlers5_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => -> No File
ContextMenuHandlers6_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} => -> No File
ContextMenuHandlers2_S-1-5-21-3154358939-2545289201-4114463858-1001: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2023-07-05] (MYTHICSOFT LIMITED -> Mythicsoft Ltd)
ContextMenuHandlers4_S-1-5-21-3154358939-2545289201-4114463858-1001: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2023-07-05] (MYTHICSOFT LIMITED -> Mythicsoft Ltd)
ContextMenuHandlers5_S-1-5-21-3154358939-2545289201-4114463858-1001: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2023-07-05] (MYTHICSOFT LIMITED -> Mythicsoft Ltd)
ContextMenuHandlers6_S-1-5-21-3154358939-2545289201-4114463858-1001: [AgentRansack] -> {2AE9D6D8-E348-4853-B266-C78844D31B97} => C:\Program Files\Mythicsoft\Agent Ransack\ShellExt.dll [2023-07-05] (MYTHICSOFT LIMITED -> Mythicsoft Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Alexandra\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
ShortcutWithArgument: C:\Users\Alexandra\Desktop\Mohammed (MaK) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Public\Google\Chrome\User Data\Default\Extension\jokneorpjqeokaekkeobljkakcbpapcb\3.6.1._0" --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Alexandra\Desktop\Snapdrop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=ikpmlgdcejalmjnfbahhijemkcgljabf
ShortcutWithArgument: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hulu.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=epffkfffophpagfbbklffindaiconkmc
ShortcutWithArgument: C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Snapdrop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=ikpmlgdcejalmjnfbahhijemkcgljabf
ShortcutWithArgument: C:\Users\Alexandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Public\Google\Chrome\User Data\Default\Extension\ejabmpocmercijejkcnpmodqkqlkbfrd\1.5.2._0"
ShortcutWithArgument: C:\Users\Alexandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Public\Microsoft\Edge\User Data\Default\Extension\pkpeodmemjbrerecnkmrmcccknciopjq\2.7.4._0"
ShortcutWithArgument: C:\Users\Alexandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Alexandra - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Public\Google\Chrome\User Data\Default\Extension\rmkocqkickfaorefmfprckjmokdkmdkq\2.7.1._0" --profile-directory="Default"
ShortcutWithArgument: C:\Users\Alexandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Alexandra (Work) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Public\Google\Chrome\User Data\Default\Extension\neqprcjrqjkmomeqmrckekeqciboombi\2.8.4._0" --profile-directory="Profile 1"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\Users\Public\Google\Chrome\User Data\Default\Extension\qpmkrerlplciqdedmrafjdiolrmnefce\4.6.7._0" --profile-directory="Default"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Public\Microsoft\Edge\User Data\Default\Extension\afbdlkpcoioffleencfaknpndpbfcnkr\3.3.4._0"
ShortcutWithArgument: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Public\Microsoft\Edge\User Data\Default\Extension\ofpkbldppprdijeolpemjfpmfjkarrmm\8.1.2._0"
==================== Loaded Modules (Whitelisted) =============
2022-07-31 21:10 - 2022-06-13 04:45 - 000147968 _____ () [File not signed] C:\Program Files (x86)\Send Anywhere\context_handler\x64\snda_context_handler.dll
2022-09-26 23:02 - 2017-10-12 14:52 - 000045056 _____ () [File not signed] C:\Program Files\NitroShare\nitroshell.dll
2020-02-05 12:41 - 2019-02-21 20:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-03-14 02:42 - 2021-03-14 02:42 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2021-03-14 02:42 - 2021-03-14 02:42 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2024-01-05 17:19 - 2024-01-05 17:19 - 001626624 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2015-08-15 13:12 - 2008-08-08 02:09 - 000108032 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMCRE.DLL
2024-01-05 17:19 - 2024-01-05 17:19 - 002973696 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001 -> {8327F0EE-4EBD-4B54-A033-F2AFBDFBDC69} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Incorporated)
DPF: HKLM-x32 {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} hxxps://browsercheck.qualys.com/qbc_ax.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\qualys.com -> hxxps://browsercheck.qualys.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 13:14 - 2019-12-07 13:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-11-20 12:46 - 2020-06-07 12:00 - 000000555 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 Alex.mshome.net # 2025 4 4 3 22 42 4 65
192.168.137.104 localhost.mshome.net # 2020 4 6 11 22 42 4 65
192.168.137.37 OnePlus6.mshome.net # 2020 4 6 11 22 33 42 399
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\PHYSX\COMMON;C:\PROGRAM FILES (X86)\OPENVPN\BIN;C:\USERS\ALEXANDRA\APPDATA\LOCAL\MICROSOFT\WINDOWSAPPS;C:\PROGRAM FILES (X86)\QUICKTIME\QTSYSTEM\;C:\WINDOWS\SYSTEM32\OPENSSH\;C:\WINDOWS\system32;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Windows\System32;C:\Program Files\dotnet\;C:\Program Files (x86)\HP\Common\HPDestPlgIn\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\OnePlus\platform-tools;C:\Android;
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexandra\Desktop\DSC00060.JPG
HKU\S-1-5-21-3154358939-2545289201-4114463858-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Local Area Connection 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Local Area Connection 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Npcap Loopback Adapter: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Local Area Connection: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Local Area Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DellProdRegManager => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McNeelUpdate => 2
MSCONFIG\Services: PSI_SVC_2_x64 => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: WsAppService => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AtwtusbIcon"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run: => "Nearby Share"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\StartupFolder: => "Accountable2You.appref-ms"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_99F61B3BC587B8744BBFA7D9D524B720"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "31189E638F1DDF5F5610FE033AD84FA898743FD3._service_run"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "Kies3PDLR.exe"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_BF8F2EA0426A481DEAE7168D29A75B4B"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "Samsung DeX"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"
HKU\S-1-5-21-3154358939-2545289201-4114463858-1001\...\StartupApproved\Run: => "µTorrent"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4CE451E1-FC23-47D5-A134-73E02CFC688E}] => (Allow) C:\Users\Alexandra\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3626FA97-41EA-416A-803E-73EA8A0B9567}] => (Allow) C:\Program Files\Airflow\Airflow.transcoder.exe (InMethod s.r.o. -> )
FirewallRules: [{D8F150C4-122D-49F3-B943-770B3F2B03F0}] => (Allow) C:\Program Files\Airflow\Airflow.transcoder.exe (InMethod s.r.o. -> )
FirewallRules: [{B4FEFB51-6162-46B4-B442-4C7AE955F956}] => (Allow) C:\Program Files\Airflow\Airflow.server.exe (InMethod s.r.o. -> )
FirewallRules: [{4AD0B36C-C8D8-4FF8-971B-5E63C441782E}] => (Allow) C:\Program Files\Airflow\Airflow.server.exe (InMethod s.r.o. -> )
FirewallRules: [{38519861-0EB1-4A3B-AC34-5770B0395DA3}] => (Allow) C:\Program Files\Airflow\Airflow.analyzer.exe (InMethod s.r.o. -> )
FirewallRules: [{95AF03B7-CC5A-48B0-82ED-27965E5E3069}] => (Allow) C:\Program Files\Airflow\Airflow.analyzer.exe (InMethod s.r.o. -> )
FirewallRules: [{EC08762A-AFB0-4BDC-95AF-354D5DA69B3F}] => (Allow) C:\Program Files\Airflow\Airflow.exe (InMethod s.r.o. -> inMethod)
FirewallRules: [{50F8C364-14F7-4C1B-AF05-C9E774D2846D}] => (Allow) C:\Program Files\Airflow\Airflow.exe (InMethod s.r.o. -> inMethod)
FirewallRules: [{0DD8B900-FEDD-4421-A0A7-C0A232E34DF6}] => (Allow) LPort=5557
FirewallRules: [{2C90A88B-B66C-46DD-B711-57889B32D470}] => (Allow) LPort=5556
FirewallRules: [{84D6406B-93F6-48A5-88CC-2C8DE4D7A205}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{72331B18-B413-42BC-816E-8DAB140A4E8B}C:\users\alexandra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexandra\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D1D303CB-DB5E-437C-81D8-9F2F8CD63628}C:\users\alexandra\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexandra\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{29E59E62-21FA-42BB-B4F2-08AFEE3BCABE}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{49EAC9A5-B4A8-4463-BA4D-3F150C8B6297}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{23A301E3-4755-4A65-AB83-0B169FE98DB8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2933F0C1-650C-4F2A-9171-3FBC4CAB3187}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BF294036-727C-4BA2-B275-1C2B90C2E227}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{062D1A18-8471-4346-A6D9-CFEE85A09631}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{4788FBC1-634E-4324-86D7-816B6F87A706}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{B45CEFAD-D373-414C-9B19-B3285CAE0B34}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{AB006AC0-27E7-44B4-AC6F-FA96D5F52830}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B88778A6-E01E-44C5-BB0F-9F3B0C494083}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6E93EF9C-9AA9-43DB-A7AE-0A93488C00FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A8796F8E-322E-498C-8D3E-63D88AFD6DF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{752B7808-5087-4D3A-91F3-22220075B4E1}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [UDP Query User{5483CED8-0E12-4A3E-9952-6C22B876AE07}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [TCP Query User{5CD56BA9-D6A8-4B5E-9CA6-490423BC44E8}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe (Insecure.Com LLC -> Insecure.Org)
FirewallRules: [UDP Query User{BF9DEC52-E02F-42E2-82C8-3BCFCCDFCCAF}C:\program files (x86)\nmap\nmap.exe] => (Allow) C:\program files (x86)\nmap\nmap.exe (Insecure.Com LLC -> Insecure.Org)
FirewallRules: [{B7605272-C2F5-4B7F-98F7-6BD29ECDB0F9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6BF744F1-4B66-48F7-9703-A062A1CBABD5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1CF2D80E-A6F6-491B-8863-BC99199D8351}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe (GoPro Media, Inc. -> )
FirewallRules: [{4BBEF9A4-88E6-402B-97A4-244EF86D1F90}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro Media, Inc. -> )
FirewallRules: [{C3A81AA2-B934-45E1-A3BB-C8713D289C32}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro Media, Inc. -> )
FirewallRules: [{8A72B481-3216-4851-A8F0-CC97E89DF092}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro Media, Inc. -> )
FirewallRules: [{F78300DE-EB84-4A1C-BDD4-C8A97053925B}] => (Allow) C:\Users\Alexandra\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{46B239CD-277F-4DF1-A46B-41284087E81D}] => (Allow) C:\Users\Alexandra\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8F0F8E6D-47B7-45C6-BC9E-E820DE5ACDE4}] => (Allow) C:\Users\Alexandra\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{345676C9-40ED-4EFA-8E75-DEDD3D081E32}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{95033F2A-7CF1-4C7D-86D9-83B4BE3FFEE1}C:\program files (x86)\send anywhere\send anywhere.exe] => (Allow) C:\program files (x86)\send anywhere\send anywhere.exe (Rakuten Symphony Korea, Inc. -> Estmob Inc.)
FirewallRules: [UDP Query User{7FEB45D6-E17E-4F70-9F60-895C7B7E20BD}C:\program files (x86)\send anywhere\send anywhere.exe] => (Allow) C:\program files (x86)\send anywhere\send anywhere.exe (Rakuten Symphony Korea, Inc. -> Estmob Inc.)
FirewallRules: [{DB6ACADB-C8CA-451D-985C-DC19349528D2}] => (Allow) C:\Program Files\NitroShare\nitroshare.exe () [File not signed]
FirewallRules: [{D34422FB-6C5E-45F9-8528-41D0195F5F44}] => (Allow) C:\Program Files\NitroShare\nitroshare.exe () [File not signed]
FirewallRules: [TCP Query User{81481D04-AB14-4B71-B1F0-4CEA3AC7CCEB}C:\program files\nitroshare\nitroshare.exe] => (Allow) C:\program files\nitroshare\nitroshare.exe () [File not signed]
FirewallRules: [UDP Query User{0CE35FAE-FC0F-4CDD-BC52-E298453A5311}C:\program files\nitroshare\nitroshare.exe] => (Allow) C:\program files\nitroshare\nitroshare.exe () [File not signed]
FirewallRules: [TCP Query User{9D7F395E-210B-4DCD-B5B0-092D89D142D3}C:\users\alexandra\desktop\mak\anydesk.exe] => (Allow) C:\users\alexandra\desktop\mak\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{B427C681-ED7C-46BD-9618-EDF7552F99C4}C:\users\alexandra\desktop\mak\anydesk.exe] => (Allow) C:\users\alexandra\desktop\mak\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{52A49326-3349-45E0-BE0C-7E007F7F1A99}] => (Allow) C:\Program Files\HP\HP DeskJet 2300 series\Bin\USBSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{64A4C371-CD29-4635-AB30-F92CFE0B85F4}] => (Allow) C:\Program Files\HP\HP DeskJet 2300 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{1A53A429-D64B-4CD6-8FFF-2D349E2A9978}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [TCP Query User{9D2460E5-E310-4CFB-A5C4-0EAA71ED6D99}C:\users\alexandra\appdata\local\programs\mendeley reference manager\mendeley reference manager.exe] => (Allow) C:\users\alexandra\appdata\local\programs\mendeley reference manager\mendeley reference manager.exe (Elsevier Ltd -> Mendeley)
FirewallRules: [UDP Query User{34806402-FEF9-410F-9591-15FF663FFC2D}C:\users\alexandra\appdata\local\programs\mendeley reference manager\mendeley reference manager.exe] => (Allow) C:\users\alexandra\appdata\local\programs\mendeley reference manager\mendeley reference manager.exe (Elsevier Ltd -> Mendeley)
FirewallRules: [{3B9D2841-576A-4816-A839-6830BA326B54}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{5334A0C3-4512-412B-AF7F-4D1257412461}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{AC7186E9-0B74-4D93-9AEF-87CDE40F5355}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E58E1E8F-B20A-4A44-8DF3-DBDBCF0DD226}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{6EEA61DF-E192-45B2-A428-7A77EF900B72}C:\program files (x86)\ivacy\programfilesassets\ivacy.exe] => (Allow) C:\program files (x86)\ivacy\programfilesassets\ivacy.exe (PMG PTE. LTD. -> )
FirewallRules: [UDP Query User{006C5F9E-C04E-41B6-A053-3EA05BBA523A}C:\program files (x86)\ivacy\programfilesassets\ivacy.exe] => (Allow) C:\program files (x86)\ivacy\programfilesassets\ivacy.exe (PMG PTE. LTD. -> )
FirewallRules: [{E5E295A2-1A27-40ED-9D9C-6BADC83B88CF}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{16161D5D-7BF7-4E75-8CEA-E39A0F798823}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{B9B19D6E-FE32-487B-B89F-A7C35AC3438F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DC903FBB-A503-4FE8-B198-28E268D89D32}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{206A99BA-73AF-4324-B72C-D6693E37ADC3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D396705D-4375-4CAB-B046-59E0636256E6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{172FB4C9-E281-4482-9917-4E33D506C52C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DF37A1EF-50FF-4F1E-A57A-959CBB970B48}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2402.24001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{64FED013-5ED1-4ACF-B6D4-57975BCFBD9A}] => (Allow) C:\Program Files\Google\NearbyShare\nearby_share.exe (Google LLC -> Google)
FirewallRules: [{DFC5EDDD-2A66-4BBB-8F2C-D365FD064729}] => (Allow) C:\Program Files\Google\NearbyShare\nearby_share.exe (Google LLC -> Google)
FirewallRules: [{03A3C131-5AA3-4C18-9267-DAA1B6A3E2CE}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{980D7835-7493-4C5C-9703-102420212E04}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1584D5F8-1289-4ADB-8D96-C1C2CE5B507D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{553AC6F9-8245-49C6-8FD7-4A6B36968512}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{72461507-FF05-4E66-99B8-B9E7FA4B88A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{31AF9ACC-A7D0-4F96-9EDA-2B51951A4AEF}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{0112A76E-2AF3-46AC-BDF0-9E6D18072A65}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{67A05641-9020-44A6-91DD-3EBBDFA6CEF9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3CD5A187-C56A-46DB-B076-7439AB264F46}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71F3F224-DB61-4C1E-BEE9-CAA4ED3C52F9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{FF3AF150-7BF5-47B2-BC0D-54B067C3FA23}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
==================== Restore Points =========================
18-05-2024 23:43:53 Installed Oracle VM VirtualBox 7.0.18
19-05-2024 04:49:57 Removed Adobe Acrobat.
28-05-2024 16:20:31 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: TAP-ProtonVPN Windows Adapter V9
Description: TAP-ProtonVPN Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-ProtonVPN Windows Provider V9
Service: tapprotonvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel® Wireless Bluetooth®
Description: Intel® Wireless Bluetooth®
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: ========================
Application errors:
==================
Error: (05/28/2024 07:44:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0xe07647a2
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x3708
Faulting application start time: 0x01dab0f47457c559
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: dd555313-5205-469a-a9fe-f66103a43901
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (05/28/2024 03:44:38 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Alex)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (05/27/2024 11:59:08 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E016
Partial Pkey=HCC7K
ACID=?
Detailed Error[?]
Error: (05/27/2024 10:03:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdobeGenP.exe version 3.3.16.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 34c4
Start Time: 01dab056ea8de7e0
Termination Time: 4294967295
Application Path: C:\Users\Alexandra\Videos\Adobe Acrobat Pro DC 2024.002.20759 (x64)\Adobe Acrobat Pro DC 2024.002.20759 (x64)\Patch\Patch\Release\AdobeGenP.exe
Report Id: 15b3638e-9bed-4637-be6f-09cf30ee8f57
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (05/27/2024 09:27:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.4355, time stamp: 0xa9087fae
Faulting module name: SHELL32.dll, version: 10.0.19041.4412, time stamp: 0x0867964d
Exception code: 0xc0000005
Fault offset: 0x00000000000487fc
Faulting process id: 0x1f44
Faulting application start time: 0x01daadd39efca476
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\System32\SHELL32.dll
Report Id: 08f4ed08-b7a3-4cea-a5ff-9389a36f6652
Faulting package full name:
Faulting package-relative application ID:
Error: (05/27/2024 09:27:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00007FFB94E387FC
Stack:
Error: (05/27/2024 09:24:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0xe07647a2
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x4e90
Faulting application start time: 0x01dab04e4ad79cc4
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 25eb23f2-18d7-493d-981d-107014ffe66b
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (05/27/2024 07:55:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0xe07647a2
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x160c
Faulting application start time: 0x01dab04c32fd7c23
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 752ce02d-7da1-4235-9b8f-3ec126837e51
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
System errors:
=============
Error: (05/28/2024 07:49:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the Intel® SUR QC Software Asset Manager service to connect.
Error: (05/28/2024 07:37:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 3 time(s).
Error: (05/28/2024 07:12:16 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
Error: (05/28/2024 07:10:29 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
Error: (05/28/2024 07:10:23 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
Error: (05/28/2024 06:00:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WTService service terminated unexpectedly. It has done this 1 time(s).
Error: (05/28/2024 03:47:23 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (05/28/2024 03:46:19 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: The driver detected an internal driver error on \Device\VBoxNetLwf.
Windows Defender:
================
Date: 2024-05-28 19:53:11
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-05-28 15:47:37
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:PowerShell/Malgent&threatid=2147772337&enterprise=0
Name: Trojan:PowerShell/Malgent
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\d2d98be8-2eae-44fe-9634-fed9f3edf78d.ps1; file:_C:\WINDOWS\System32\Tasks\Microsoft\Windows\Management\Provisioning\User->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{756D8387-4F23-4636-B427-F88C11760F41}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Provisioning\User; taskscheduler:_C:\WINDOWS\System32\Tasks\Microsoft\Windows\Management\Provisioning\User
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.411.400.0, AS: 1.411.400.0, NIS: 1.411.400.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1
Date: 2024-05-28 15:45:39
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:PowerShell/Malgent&threatid=2147772337&enterprise=0
Name: Trojan:PowerShell/Malgent
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\d2d98be8-2eae-44fe-9634-fed9f3edf78d.ps1
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.411.400.0, AS: 1.411.400.0, NIS: 1.411.400.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1
Date: 2024-05-27 20:01:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2024-05-26 20:35:05
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2024-05-23 10:50:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.411.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24040.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-05-23 10:50:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.411.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24040.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-05-23 10:50:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.411.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24040.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-05-23 10:50:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.411.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24040.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-05-23 10:50:44
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.411.274.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24040.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2023-12-05 06:02:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-11-01 20:43:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-10-04 08:26:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A13 09/02/2020
Motherboard: Dell Inc. 04XW3R
Processor: Intel® Core i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 73%
Total physical RAM: 8106.98 MB
Available physical RAM: 2147.59 MB
Total Virtual: 18858.98 MB
Available Virtual: 9596.3 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1859.6 GB) (Free:628.06 GB) (Model: WDC WDS200T2B0A-00SM50) NTFS
Drive g: (Google Drive) (Fixed) (Total:1859.6 GB) (Free:596.65 GB) (Model: WDC WDS200T2B0A-00SM50) FAT32
\\?\Volume{5dca6ff8-ea49-4789-b583-455ddfd9ab48}\ (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.66 GB) NTFS
\\?\Volume{d4544a57-4a6b-40ce-b380-a9303f5c6df2}\ () (Fixed) (Total:0.8 GB) (Free:0.1 GB) NTFS
\\?\Volume{9b48acd8-c16c-4688-b35f-c589d1ad3903}\ (ESP) (Fixed) (Total:0.49 GB) (Free:0.44 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 379EAA68)
Partition: GPT.
==================== End of Addition.txt =======================
Attached Files
- Task Manager PowerShell.jpg 11.3KB0 downloads
- Win Defender.jpg 33.92KB0 downloads
- Win Defender 2.jpg 55.69KB0 downloads
- Event Viewer.jpg 56.85KB0 downloads
Edited by iMacg3, 08 June 2024 - 11:19 PM.
Removed entries triggering AV/web protection software
