Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

endnotes click is added to microsoft edge. i cannot find it. the microsoft edge

Started by arian80 , Yesterday, 05:56 PM

  • Please log in to reply
2 replies to this topic

#1 arian80

arian80

  • Avatar image
  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:05:30 AM

Posted Yesterday, 05:56 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by yibra (administrator) on MSI (Micro-Star International Co., Ltd. GS66 Stealth 10SE) (23-04-2024 23:40:40)
Running from C:\Users\yibra\Downloads\FRST64.exe
Loaded Profiles: yibra
Platform: Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\AppService.exe
() [File not signed] C:\Users\yibra\AppData\Local\yzsx_zsync_1712421264\zsync_desktop.exe
(A225F3B5-240D-4EE9-BCF4-697A07F5E93E -> Micro-Star INT'L CO., LTD.) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.145.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(A225F3B5-240D-4EE9-BCF4-697A07F5E93E -> Micro-Star INT'L CO., LTD.) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.34.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files\Autodesk\AdskIdentityManager\1.11.9.11\AdskIdentityManager.exe
(A-Volute SAS -> A-Volute) C:\Users\yibra\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe ->) (Autodesk, Inc. -> Autodesk, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe
(C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe ->) (Shenzhen iMyFone Technology Co., Ltd -> ) C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Nahimic\NahimicMonitorX64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\MSI.CentralServer.exe
(C:\Program Files\Autodesk\AdskIdentityManager\1.11.9.11\AdskIdentityManager.exe ->) (Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files\Autodesk\AdskIdentityManager\1.11.9.11\ADP\ADPClientService.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\yibra\AppData\Local\yzsx_zsync_1712421264\zsync_desktop.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <51>
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(drivers\RivetNetworks\Killer\KSPSService.exe ->) (Intel Corporation -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\KSPS.exe
(drivers\RivetNetworks\Killer\xTendSoftAPService.exe ->) (Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendSoftAP.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_ba5b1813656e5c27\igfxCUIService.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ba5b1813656e5c27\igfxEM.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\14.1.0.10619\AdskLicensingService\AdskLicensingService.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe
(services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe <2>
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Intel Corporation -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KSPSService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ba5b1813656e5c27\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_af5df92252aaf9f0\IntelCpHDCPSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe
(services.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe
(services.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming Center\GamingCenter_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmiig.inf_amd64_31b6b410a25ec0b8\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a9e9122da4b4db5b\RtkAudUService64.exe <2>
(services.exe ->) (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe
(services.exe ->) (Shenzhen iMyFone Technology Co., Ltd -> ) C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe
(services.exe ->) (TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe
(sihost.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(svchost.exe ->) (21E1B422-257A-44A2-9C8F-379165856473 -> ) C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.22.0_x64__w2gh52qy24etm\Nahimic3.exe
(svchost.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(svchost.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI Companion\Gamebar_Connect.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright ?2020 Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Companion\MSI_TraceFPS.exe
(svchost.exe ->) (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\True Color\New\MSI.True Color.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\One Dragon Center\Sound Tune\SoundTune.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_a9e9122da4b4db5b\RtkAudUService64.exe [1938888 2024-02-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [201288 2022-02-02] (Autodesk, Inc. -> Autodesk)
HKLM\...\Run: [Autodesk Access] => C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe [20689696 2024-02-07] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-28] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [6471968 2024-01-31] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
HKLM\...\Run: [MSI TrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [6471968 2024-01-31] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [15447376 2024-04-09] (SteelSeries ApS -> SteelSeries ApS)
HKLM-x32\...\Run: [FoneDog Toolkit - iOS Data RecoveryAppService] => C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\AppService.exe [94208 2022-10-28] () [File not signed]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe [60206368 2024-04-03] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe [60206368 2024-04-03] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [Norton Download ManagerCCT_CERT_EXPIRY_MITIGATION] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui (No File)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\89.0.2.0\GoogleDriveFS.exe [60206368 2024-04-03] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\CPCA Language Monitor3: C:\Windows\system32\CNAS0MMK.DLL [66048 2007-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Canon Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\Users\yibra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chat.lnk [2024-03-26]
ShortcutTarget: Google Chat.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {DFE7B984-2BB0-4601-ABFE-1880854BEFA9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {024E44B8-EAEB-4B18-9021-2D9FEEA94565} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {1F9C6A2E-E1B1-43FD-8D40-C78805D4C428} - System32\Tasks\Duet Updater => C:\Program Files\Kairos\Duet Display\duet.exe [14305768 2023-12-08] (Duet, Inc. -> Duet, Inc.)
Task: {02D11294-80C3-4466-8554-43953829D7AA} - System32\Tasks\EsConfigDriverMonitor => C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\ScreenShareUtilsBox.exe [3476064 2023-11-03] (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
Task: {571612DF-4570-4F11-8F1A-2C93EC938626} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2023-08-03] (Google LLC -> Google LLC)
Task: {1222643A-118B-4B9D-81ED-09CDE09CB728} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2023-08-03] (Google LLC -> Google LLC)
Task: {C8E62817-90E0-4A96-90AF-329DDD984EA2} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-1125619000-792953389-3520311326-1001 => C:\Users\yibra\AppData\Local\Programs\Messenger\MessengerHelper.exe [2171640 2024-03-23] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {70E1EC5E-1391-4B84-B26A-B972C8BB83D6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499160 2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {444465F6-EF32-46DF-8A53-A593C0A58BB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28499160 2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FAB3E98B-2471-4A87-BD15-F0FCD46993A2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309912 2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9594BC8E-A1F8-409A-B5CB-4583E2F6A728} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309912 2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D49FBFCB-CB05-41A4-AA9F-3C78F4DA78D8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169112 2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {45CF73C8-9A94-47C5-8E45-347738A58FC5} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {F149D228-3BEF-4677-BDC7-0B4B070D99FF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {2F33F965-4C0E-41CF-AA74-20C7D344AE97} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {15B80782-03FC-4027-B12D-74BDD71C4060} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {85B60A64-E9F0-45E3-8752-A47793501866} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {60DEC681-F882-4EC4-B42E-1DD81F214278} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {20B0A9D4-D7FA-4364-B3DE-8319236ED2F7} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-23] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {99203BAE-0420-467E-8A39-B42B9B3CFF93} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1125619000-792953389-3520311326-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-04-23] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {F9CB8314-E4A2-44E0-A0DC-BB761ED86B43} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34208 2024-04-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {D25F05E7-960C-4103-9483-7662A78CC0AE} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [104552 2023-08-08] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {43DB06CD-198B-4313-8653-0B76328ADF50} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe [104552 2023-08-08] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {D1388F80-9948-45B0-9693-44B922BD0202} - System32\Tasks\MSI Task Host - Duet => "C:\Program Files (x86)\MSI\One Dragon Center\Duet\MSI_Duet.exe"  (No File)
Task: {95FB488B-33AC-4D36-B7FE-654C64EAB40C} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [2728552 2024-03-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {C56C2B1A-A073-42E9-8476-3CE4886C75A9} - System32\Tasks\MSI_GamebarConnect => C:\Program Files (x86)\MSI\MSI Companion\Gamebar_Connect.exe [110696 2024-03-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {6A36683C-7118-4193-AFD7-7B8E4D89FF1D} - System32\Tasks\MSI_GamebarTool => C:\Program Files (x86)\MSI\MSI Companion\MSI_GamebarTool.exe [120424 2024-03-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {9F3DC63E-542E-446C-A304-24E522329B7F} - System32\Tasks\MSI_TraceFPS => C:\Program Files (x86)\MSI\MSI Companion\MSI_TraceFPS.exe [2196064 2024-03-01] (MICRO-STAR INTERNATIONAL CO., LTD. -> Copyright ?2020 Micro-Star INT'L CO., LTD.)
Task: {9D244F6A-FE15-430E-95D7-ACE78CA7D2B3} - System32\Tasks\NahimicTask32 => C:\Windows\System32\..\SysWOW64\NahimicSvc32.exe [1117352 ] (A-Volute SAS -> Nahimic)
Task: {06124304-EEF0-4A80-8544-7F56615F3896} - System32\Tasks\NahimicTask64 => C:\Windows\System32\.\NahimicSvc64.exe [1437352 ] (A-Volute SAS -> Nahimic)
Task: {5880F88E-DB95-48E0-9F2C-FBE240CFCFA5} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {FF2BF182-474F-4CEF-8D2B-9C045CFA59C5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6CC94EB4-49AC-477B-B4EA-B81E1EB2210E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3293168 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F6C2DFC-454E-48A1-BA8F-125DDEE7AFD2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {9D4F5037-F221-4FD6-89BB-638FF4E73BC3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5FEF6DC1-A3ED-408A-968C-49C5F1C336F4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B7D514DB-D84F-43C1-96CC-EE0623A25426} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9FFD27EB-3737-4ADE-848D-375CF8F825E1} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31FCDC79-36B5-4A62-902F-8A343FA60CD7} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0DF33103-645C-4FF7-B563-96B4DA24A390} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-05-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {53A020C1-F1A7-4121-B759-7B6E8544BF5D} - System32\Tasks\OmApSvcBroker => C:\Program Files (x86)\MSI\MSI NBFoundation Service\OmApSvcBroker.exe [871568 2023-12-22] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
Task: {ED7E6D32-82D1-4F85-8F82-C650D650B280} - System32\Tasks\OneDC_Updater => C:\Users\yibra\OneDrive\Documents\temp\OneDC_Updater\OneDC_Updater.exe [5315312 2023-05-16] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
Task: {25FE0670-524D-4263-81CA-27EFB478399D} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe  (No File)
Task: {B6575A07-4EE6-4AD8-9D5E-708D53DE8F1B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1125619000-792953389-3520311326-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File)
Task: {ECB56964-5B77-4D85-966B-4CBA5BB604EA} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2644488 2024-04-10] (Overwolf Ltd -> Overwolf LTD) -> C:\Program Files (x86)\Overwolf\/RunningFrom Schedule
Task: {32B92C13-471A-4735-BD1A-E2422352471A} - System32\Tasks\RNIdle Task => C:\Windows\System32\drivers\RivetNetworks\Killer\RNIdleTask.exe [31648 2023-09-01] (Intel Corporation -> )
Task: {ABFA469B-849C-4B2D-8FBB-5ED5F5E93CD4} - System32\Tasks\ScreenShareClientUpdate => C:\Users\yibra\AppData\Local\Temp\ScreenShareClientUpdate.exe  Install (No File) <==== ATTENTION
Task: {FF43FB4E-7D63-45B5-99D8-4745A1FE68FD} - System32\Tasks\WDNA => C:\Users\yibra\AppData\Local\NutCelar\rhc.exe [1536 2023-07-26] () [File not signed] -> C:\Users\yibra\AppData\Local\NutCelar\php.exe index.php
Task: {9869AD6F-57D2-4C6A-A887-E6E56C49D00F} - System32\Tasks\WDNA_LG => Command(1): rhc.exe -> C:\Users\yibra\AppData\Local\NutCelar\php.exe include.php <==== ATTENTION
Task: {9869AD6F-57D2-4C6A-A887-E6E56C49D00F} - System32\Tasks\WDNA_LG => Command(2): rhc.exe -> C:\Users\yibra\AppData\Local\NutCelar\php.exe index.php <==== ATTENTION
Task: {541A52B5-D1A6-4231-9EFF-CEFC6575770E} - System32\Tasks\YT ZSync Logon => C:\Users\yibra\AppData\Local\yzsx_zsync_1712421264\rhc.exe [1536 2024-04-06] () [File not signed] -> C:\Users\yibra\AppData\Local\yzsx_zsync_1712421264\zsync_desktop.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{35fa594f-b5b8-45c5-a358-cb6fbf77e9ea}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{35fa594f-b5b8-45c5-a358-cb6fbf77e9ea}\65E266: [DhcpNameServer] 192.168.247.168
Tcpip\..\Interfaces\{35fa594f-b5b8-45c5-a358-cb6fbf77e9ea}\84551475549402053303020527F6: [DhcpNameServer] 192.168.43.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\yibra\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-23]
Edge HomePage: Default -> hxxp://www.google.co.uk/
Edge StartupUrls: Default -> "hxxp://www.google.co.uk/"
Edge Extension: (TeraBox Download Assistant) - C:\Users\yibra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dpadflhmiohjfhhaehelneimpllfbpcg [2024-03-27]
Edge Extension: (Google Chat My Favorites) - C:\Users\yibra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jamfmodpfjlcoemkkphkpmldidhkkogd [2024-03-26]
Edge Extension: (Edge relevant text changes) - C:\Users\yibra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (ZenMate Free VPN – Best VPN for Edge) - C:\Users\yibra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kepdippgcikacmcdaijnponnfgljfbea [2023-05-26]
Edge Extension: (Free VPN For Edge - Haven VPN) - C:\Users\yibra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kgolencpojjflaephecojhpplkkdconb [2023-10-01]
Edge Extension: (Zotero Connector) - C:\Users\yibra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nmhdhpibnnopknkmonacoephklnflpho [2024-03-22]
Edge HKU\S-1-5-21-1125619000-792953389-3520311326-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [dpadflhmiohjfhhaehelneimpllfbpcg] - C:\Users\yibra\AppData\Roaming\TeraBox\terabox_ext_chrome.crx [2024-01-04]
Edge HKLM-x32\...\Edge\Extension: [jaleebmaoohbjjohjlfmihkkopgfibne]
 
FireFox:
========
FF DefaultProfile: 6ww80q84.default
FF DefaultProfile: xnjivibb.default
FF ProfilePath: C:\Users\yibra\AppData\Roaming\Zotero\Zotero\Profiles\6ww80q84.default [2024-01-20]
FF ProfilePath: C:\Users\yibra\AppData\Roaming\Mozilla\Firefox\Profiles\xnjivibb.default [2024-01-25]
FF ProfilePath: C:\Users\yibra\AppData\Roaming\Mozilla\Firefox\Profiles\w1z36abg.default-release [2024-04-23]
FF Homepage: Mozilla\Firefox\Profiles\w1z36abg.default-release -> www.google.co.uk
FF Extension: (To Google Translate) - C:\Users\yibra\AppData\Roaming\Mozilla\Firefox\Profiles\w1z36abg.default-release\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2024-03-07]
FF Extension: (AdBlock — best ad blocker) - C:\Users\yibra\AppData\Roaming\Mozilla\Firefox\Profiles\w1z36abg.default-release\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2024-04-18]
FF Extension: (Simple Translate) - C:\Users\yibra\AppData\Roaming\Mozilla\Firefox\Profiles\w1z36abg.default-release\Extensions\simple-translate@sienori.xpi [2024-03-07]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2023-02-08] [Legacy]
FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2023-02-08]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx [2023-02-08]
CHR HKU\S-1-5-21-1125619000-792953389-3520311326-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dpadflhmiohjfhhaehelneimpllfbpcg] - C:\Users\yibra\AppData\Roaming\TeraBox\terabox_ext_chrome.crx [2024-01-04]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\ChromeAddin\ChromeAddin.crx [2023-02-08]
CHR HKLM-x32\...\Chrome\Extension: [dpadflhmiohjfhhaehelneimpllfbpcg] - C:\Users\yibra\AppData\Roaming\TeraBox\terabox_ext_chrome.crx [2024-01-04]
CHR HKLM-x32\...\Chrome\Extension: [fjgncogppolhfdpijihbpfmeohpaadpc] - hxxps://click.endnote.com/extensions/chrome/update-manifest.xml
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [17243936 2024-02-15] (Autodesk, Inc. -> Autodesk)
R2 AdskNLM; C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe [1127760 2019-01-15] (Flexera Software LLC -> Flexera)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-08-22] (Apple Inc. -> Apple Inc.)
R2 Autodesk Access Service Host; C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe [11630368 2024-02-07] (Autodesk, Inc. -> Autodesk, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14008504 2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
S3 DuetDisplaySL; C:\Program Files\Kairos\Duet Display\DuetDisplaySL.exe [92136 2023-09-07] (Duet, Inc. -> Duet, Inc.)
S3 DuetUpdater; C:\Program Files\Kairos\Duet Display\DuetUpdater.exe [11288552 2023-12-08] (Duet, Inc. -> Kairos)
R2 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Editor\FoxitPDFEditorUpdateService.exe [2433008 2024-02-01] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [78240 2023-09-01] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2378144 2023-09-01] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2662816 2023-09-01] (Intel Corporation -> Intel)
R2 KillerSmartphoneSleepService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KSPSService.exe [77728 2023-09-01] (Intel Corporation -> Rivet Networks, LLC.)
R3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [78240 2023-09-01] (Intel Corporation -> Intel® Corporation)
R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [92768 2023-05-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-04-23] (Malwarebytes Inc. -> Malwarebytes)
R2 MFLocalService; C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe [56128 2022-06-30] (Shenzhen iMyFone Technology Co., Ltd -> )
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [171248 2023-05-16] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI NBFoundation Service\MSIAPService.exe [92912 2023-05-16] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 MSI Sendevsvc; C:\Program Files (x86)\MSI\MSI NBFoundation Service\Sendevsvc.exe [311536 2023-05-16] (Micro-Star International CO., LTD. -> )
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [203552 2024-01-31] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
R2 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [149608 2024-01-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_Central_Service; C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe [147696 2022-05-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_Companion_Service; C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe [143160 2021-03-31] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_GamingCenter_Service; C:\Program Files (x86)\MSI\Gaming Center\GamingCenter_Service.exe [104120 2017-12-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [44648 2024-02-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1909416 2024-01-01] (A-Volute SAS -> Nahimic)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2644488 2024-04-10] (Overwolf Ltd -> Overwolf LTD)
S3 SteelSeriesGGUpdateServiceProxy; C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe [1500608 2023-09-18] (SteelSeries ApS -> )
S3 TeraBoxUtility; C:\Users\yibra\AppData\Roaming\TeraBox\YunUtilityService.exe [113776 2024-03-12] (FLEXTECH INC. -> Flextech Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [73744 2020-04-24] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [73736 2020-04-24] (Rivet Networks LLC -> Rivet Networks, LLC.)
S2 cphs; %SystemRoot%\System32\IntelCpHeciSvc.exe [X]
S2 Killer Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\Killer\KillerProviderDataHelperService.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmiig.inf_amd64_31b6b410a25ec0b8\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmiig.inf_amd64_31b6b410a25ec0b8\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BlueStacksDrv_msi2; C:\Program Files\BlueStacks_msi2\BstkDrv_msi2.sys [315768 2019-12-12] (Bluestack Systems, Inc -> Bluestack System Inc.)
R2 BlueStacksDrv_msi5; C:\Program Files\BlueStacks_msi5\BstkDrv_msi5.sys [310288 2022-10-27] (Bluestack Systems, Inc -> Bluestack System Inc.)
R3 duetbus; C:\WINDOWS\System32\DriverStore\FileRepository\duetbus.inf_amd64_66e44262fc0dd065\duetbus.sys [41736 2020-11-17] (Duet, Inc. -> Duet, Inc.)
S3 DuetWPDFilter; C:\WINDOWS\System32\drivers\DuetWPDFilter.sys [21992 2021-02-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 EXCEED_VAC; C:\WINDOWS\system32\drivers\csvad_amd64.sys [47120 2023-11-03] (GUANGZHOU SHIRUI ELECTRONICS CO., LTD -> )
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 IGO_VSD; C:\WINDOWS\system32\drivers\igovsd.sys [42312 2022-01-25] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelli-go)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [254880 2023-09-01] (Intel Corporation -> Rivet Networks, LLC.)
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [52832 2023-02-17] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 MpKsle2ae0a2e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84BCF4B7-360F-4566-8F5F-28C9DE9863E7}\MpKslDrv.sys [301336 2024-04-23] (Microsoft Windows -> Microsoft Corporation)
R3 msihid; C:\WINDOWS\System32\drivers\msihid.sys [43456 2024-03-01] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [19672 2023-12-11] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 NahimicBTLink; C:\WINDOWS\System32\drivers\NahimicBTLink.sys [86200 2022-08-19] (A-Volute SAS -> Windows ® Win 7 DDK provider)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [94784 2022-06-03] (A-Volute SAS -> Windows ® Win 7 DDK provider)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [43568 2024-03-01] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [47824 2019-12-23] (SteelSeries ApS -> SteelSeries ApS)
R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [38968 2024-03-01] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
R3 SteelSeries_Sonar_VAD; C:\WINDOWS\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys [95440 2023-03-17] (SteelSeries ApS -> Windows ® Win 7 DDK provider)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-03-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 Virtual Monitor; C:\WINDOWS\System32\drivers\VMonitorBus_amd64.sys [57304 2023-11-03] (GUANGZHOU SHIRUI ELECTRONICS CO., LTD -> Guangzhou Shirui Electronics)
R2 VIRTUALCAMERA; C:\WINDOWS\System32\DRIVERS\VirtualCamera_amd64.sys [51736 2023-11-03] (GUANGZHOU SHIRUI ELECTRONICS CO., LTD -> Guangzhou Shirui Electronics)
R3 vmultia; C:\WINDOWS\System32\drivers\vmultia.sys [30184 2023-11-03] (GUANGZHOU SHIRUI ELECTRONICS CO., LTD -> )
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\MSI NBFoundation Service\KernCoreLib64.sys [25656 2018-11-15] (Micro-Star International CO., LTD. -> )
S3 GENERICDRV; \??\C:\Users\yibra\Desktop\RMA-AUTO5.5\SOFT\CHK\amifldrv64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-23 23:37 - 2024-04-23 23:37 - 002394112 _____ (Farbar) C:\Users\yibra\Downloads\FRST64.exe
2024-04-23 23:10 - 2024-04-23 23:16 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-04-23 23:09 - 2024-04-23 23:09 - 000000000 ____D C:\WINDOWS\pss
2024-04-23 22:55 - 2024-04-23 22:55 - 002589624 _____ (Malwarebytes) C:\Users\yibra\Downloads\MBSetup (2).exe
2024-04-23 22:47 - 2024-04-23 23:07 - 000000000 ____D C:\Users\yibra\AppData\Local\Malwarebytes
2024-04-23 22:47 - 2024-04-23 22:57 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-04-23 22:46 - 2024-04-23 22:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-04-23 22:46 - 2024-04-23 22:56 - 000000000 ____D C:\Program Files\Malwarebytes
2024-04-23 22:45 - 2024-04-23 22:45 - 002589624 _____ (Malwarebytes) C:\Users\yibra\Downloads\MBSetup (1).exe
2024-04-23 22:42 - 2024-04-23 22:43 - 000103123 _____ C:\Users\yibra\Downloads\Addition.txt
2024-04-23 22:41 - 2024-04-23 23:41 - 000047171 _____ C:\Users\yibra\Downloads\FRST.txt
2024-04-23 22:23 - 2024-04-23 22:23 - 002215442 _____ C:\Users\yibra\Downloads\mbst-grab-results.zip
2024-04-23 22:20 - 2024-04-23 23:41 - 000000000 ____D C:\FRST
2024-04-23 22:19 - 2024-04-23 22:19 - 002394112 _____ (Farbar) C:\Users\yibra\Downloads\FRSTEnglish.exe
2024-04-23 22:17 - 2024-04-23 22:18 - 014209528 _____ C:\Users\yibra\Downloads\mb-support-1.9.10.1005.exe
2024-04-23 22:11 - 2024-04-23 22:12 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-04-23 21:31 - 2024-04-23 21:31 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-23 20:25 - 2024-04-23 23:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-23 19:36 - 2024-04-23 19:36 - 000478263 _____ C:\Users\yibra\Desktop\STRUCTURAL_BEHAVIOUR_OF_WELDED_STEEL_BEA.pdf
2024-04-23 19:29 - 2024-04-23 19:29 - 001675035 _____ C:\Users\yibra\Downloads\KSCE-D-24-00753 (4).pdf
2024-04-23 19:28 - 2024-04-23 19:28 - 001675035 _____ C:\Users\yibra\Downloads\KSCE-D-24-00753 (3).pdf
2024-04-23 17:34 - 2024-04-23 17:34 - 001757455 _____ C:\Users\yibra\Downloads\12205_KSCE Journal of Civil Engineering Manuscript Submission Regulation and Guidelines (3).pdf
2024-04-22 23:37 - 2024-04-22 23:37 - 006345704 _____ C:\Users\yibra\Desktop\4-Nano Materials in Construction.pptx
2024-04-22 22:42 - 2024-04-22 22:42 - 008850138 _____ C:\Users\yibra\Desktop\3-Nano Materials in Construction.pptx
2024-04-22 00:28 - 2024-04-22 00:28 - 000002355 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-04-21 11:50 - 2024-04-21 11:50 - 000000056 _____ C:\Users\yibra\Downloads\scholar (21).enw
2024-04-21 11:17 - 2024-04-21 11:17 - 000000132 _____ C:\Users\yibra\Downloads\scholar (20).enw
2024-04-21 11:14 - 2024-04-21 11:14 - 017821840 _____ C:\Users\yibra\Downloads\Innovacionnaya_podgotovka.pdf
2024-04-21 01:03 - 2024-04-21 01:03 - 000001033 _____ C:\Users\yibra\Downloads\ris.ris
2024-04-21 00:47 - 2024-04-21 00:47 - 001168326 _____ C:\Users\yibra\Downloads\bae8e3e763afce70 (1).pdf
2024-04-21 00:46 - 2024-04-21 00:46 - 001168326 _____ C:\Users\yibra\Downloads\bae8e3e763afce70.pdf
2024-04-21 00:37 - 2024-04-21 00:37 - 000646623 _____ C:\Users\yibra\Downloads\103820160202.pdf
2024-04-21 00:21 - 2024-04-21 00:28 - 000000000 ____D C:\Users\yibra\Downloads\styles
2024-04-20 23:52 - 2024-04-20 23:52 - 000001726 _____ C:\Users\yibra\Downloads\3748435.ris
2024-04-20 23:19 - 2024-04-20 23:19 - 000480810 _____ C:\Users\yibra\Downloads\1652619_Guideline for Authors_2021.pdf
2024-04-19 10:00 - 2024-04-19 10:01 - 001659743 _____ C:\Users\yibra\Downloads\KSCE-D-24-00753 (2).pdf
2024-04-18 23:11 - 2024-04-18 23:11 - 000000281 _____ C:\Users\yibra\Downloads\scholar (19).enw
2024-04-18 23:10 - 2024-04-18 23:10 - 000000176 _____ C:\Users\yibra\Downloads\scholar (18).enw
2024-04-18 23:09 - 2024-04-18 23:09 - 000000218 _____ C:\Users\yibra\Downloads\scholar (17).enw
2024-04-18 23:08 - 2024-04-18 23:08 - 000000223 _____ C:\Users\yibra\Downloads\scholar (16).enw
2024-04-18 23:07 - 2024-04-18 23:07 - 000000188 _____ C:\Users\yibra\Downloads\scholar (15).enw
2024-04-18 22:55 - 2024-04-18 22:55 - 000000248 _____ C:\Users\yibra\Downloads\scholar (14).enw
2024-04-18 22:54 - 2024-04-18 22:54 - 000000140 _____ C:\Users\yibra\Downloads\scholar (13).enw
2024-04-18 22:13 - 2024-04-18 22:13 - 000000248 _____ C:\Users\yibra\Downloads\scholar (12).enw
2024-04-18 22:11 - 2024-04-18 22:11 - 000000140 _____ C:\Users\yibra\Downloads\scholar (11).enw
2024-04-15 16:09 - 2024-04-15 16:09 - 001659743 _____ C:\Users\yibra\Downloads\KSCE-D-24-00753 (1).pdf
2024-04-14 23:31 - 2024-04-14 23:31 - 001659743 _____ C:\Users\yibra\Downloads\KSCE-D-24-00753.pdf
2024-04-14 23:29 - 2024-04-14 23:29 - 001658885 _____ C:\Users\yibra\Downloads\KSCE-S-24-00864 (2).pdf
2024-04-14 23:20 - 2024-04-14 23:20 - 001658887 _____ C:\Users\yibra\Downloads\KSCE-S-24-00864 (1).pdf
2024-04-14 22:34 - 2024-04-14 22:34 - 001658928 _____ C:\Users\yibra\Downloads\KSCE-S-24-00864.pdf
2024-04-09 11:25 - 2024-04-09 11:25 - 000111830 _____ C:\Users\yibra\Downloads\nanomaterial-and-their-application-7-2048.webp
2024-04-06 17:34 - 2024-04-06 17:34 - 000003588 _____ C:\WINDOWS\system32\Tasks\YT ZSync Logon
2024-04-06 17:34 - 2024-04-06 17:34 - 000000000 ____D C:\Users\yibra\AppData\Local\yzsx_zsync_1712421264
2024-04-04 16:10 - 2024-04-04 16:10 - 001757455 _____ C:\Users\yibra\Downloads\12205_KSCE Journal of Civil Engineering Manuscript Submission Regulation and Guidelines (2).pdf
2024-04-03 21:38 - 2024-04-03 21:38 - 000463403 _____ C:\Users\yibra\Downloads\fib-Stijn-Matthys.pdf
2024-04-03 17:11 - 2024-04-03 17:11 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-04-03 10:08 - 2024-04-03 10:08 - 000043413 _____ C:\Users\yibra\Downloads\References Table.xlsx
2024-04-03 10:07 - 2024-04-03 10:07 - 000046066 _____ C:\Users\yibra\Downloads\References Table 2_1.xlsx
2024-04-03 10:06 - 2024-04-03 10:06 - 002948175 _____ C:\Users\yibra\Downloads\OXFORD English Grammar OXFORD.pdf
2024-04-03 01:37 - 2024-04-23 23:24 - 000003768 _____ C:\WINDOWS\system32\Tasks\WDNA
2024-04-03 01:37 - 2024-04-03 01:37 - 000003730 _____ C:\WINDOWS\system32\Tasks\WDNA_LG
2024-04-03 01:36 - 2024-04-06 17:34 - 000000000 ____D C:\Users\yibra\AppData\Local\NutCelar
2024-04-03 01:36 - 2024-04-03 01:36 - 000000000 ____D C:\Users\yibra\Downloads\Awesome_Themes
2024-04-03 01:10 - 2024-04-03 01:10 - 011497409 _____ C:\Users\yibra\Downloads\Awesome_Themes.zip
2024-04-02 23:15 - 2024-04-02 23:15 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2024-04-02 23:15 - 2024-04-02 23:15 - 000000000 ____D C:\WINDOWS\system32\ar
2024-04-02 22:56 - 2024-04-02 22:56 - 001653248 _____ C:\Users\yibra\Downloads\woow.pps
2024-04-02 22:56 - 2024-04-02 22:56 - 000972881 _____ C:\Users\yibra\Downloads\JJDD.pdf
2024-04-02 22:56 - 2024-04-02 22:56 - 000854870 _____ C:\Users\yibra\Downloads\DDJJ.pdf
2024-04-02 22:21 - 2024-04-02 22:21 - 000003404 _____ C:\Users\yibra\Downloads\invite (3).ics
2024-03-31 21:49 - 2024-03-31 21:50 - 000446785 _____ C:\Users\yibra\Downloads\13495360.ppt
2024-03-31 21:47 - 2024-03-31 21:47 - 001160798 _____ C:\Users\yibra\Downloads\13331396.ppt
2024-03-31 21:44 - 2024-03-31 21:44 - 006130176 _____ C:\Users\yibra\Downloads\13732573.ppt
2024-03-28 09:35 - 2024-03-28 09:35 - 002376366 _____ C:\Users\yibra\Downloads\STRENGTHENINGOFREINFORCEDCONCRETEONE-WAYSLABSUSINGCFRPINFLEXURAL.pdf
2024-03-27 20:02 - 2024-03-27 20:03 - 000000000 ____D C:\WINDOWS\SysWOW64\DDFs
2024-03-27 19:42 - 2024-03-27 19:42 - 000024320 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-27 19:42 - 2024-03-27 19:42 - 000024320 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-27 19:16 - 2024-03-27 19:16 - 001378816 _____ C:\Users\yibra\Downloads\5_2019_01_17!10_37_41_PM.ppt
2024-03-26 21:07 - 2024-03-27 20:05 - 000002986 _____ C:\Users\yibra\Desktop\Google Chat.lnk
2024-03-26 17:27 - 2024-04-21 12:41 - 000000000 ____D C:\Users\yibra\AppData\Roaming\steelseries-gg-client
2024-03-26 17:26 - 2024-03-26 17:26 - 000000000 ____D C:\ProgramData\obs-studio-hook
2024-03-25 22:22 - 2024-04-01 23:47 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Loom
2024-03-25 22:22 - 2024-04-01 20:15 - 000000000 ____D C:\Users\yibra\AppData\Local\loom-updater
2024-03-25 22:22 - 2024-03-25 22:22 - 000002252 _____ C:\Users\yibra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Loom.lnk
2024-03-25 22:22 - 2024-03-25 22:22 - 000002244 _____ C:\Users\yibra\Desktop\Loom.lnk
2024-03-25 20:33 - 2024-03-25 20:33 - 000000683 _____ C:\WINDOWS\ST6UNST.000
2024-03-25 20:33 - 2024-03-25 20:33 - 000000000 _____ C:\WINDOWS\SETUP.LST
2024-03-25 20:30 - 2024-03-25 20:35 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Microsoft\Access
2024-03-24 22:04 - 2023-09-27 11:33 - 000025824 _____ C:\WINDOWS\system32\license.lic
2024-03-24 22:04 - 2023-09-27 11:33 - 000000256 _____ C:\WINDOWS\system32\license.sig
2024-03-24 22:02 - 2024-03-24 22:02 - 000003174 _____ C:\WINDOWS\system32\Tasks\MSI Task Host - LEDKeeper2_Host
2024-03-24 22:02 - 2024-03-24 22:02 - 000000000 ____D C:\Program Files\ENE
2024-03-24 21:31 - 2024-04-23 00:01 - 000000000 ____D C:\ProgramData\OmApSvcBroker
2024-03-24 21:31 - 2024-03-24 21:31 - 000003660 _____ C:\WINDOWS\system32\Tasks\OneDC_Updater
2024-03-24 21:31 - 2024-03-24 21:31 - 000000000 ____D C:\Users\yibra\OneDrive\Documents\temp
2024-03-24 21:29 - 2024-03-24 21:29 - 000002976 _____ C:\WINDOWS\system32\Tasks\OmApSvcBroker
2024-03-24 21:29 - 2023-05-16 10:41 - 001608944 _____ (Micro-Star International Co., Ltd.) C:\WINDOWS\SysWOW64\MSIWmiAcpi.dll
2024-03-24 21:29 - 2023-05-16 10:41 - 000171248 _____ (Micro-Star International Co., Ltd.) C:\WINDOWS\SysWOW64\MSIService.exe
2024-03-24 21:29 - 2023-05-16 10:41 - 000016624 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\msiapcfg.dll
2024-03-24 19:01 - 2024-03-24 19:01 - 001499313 _____ C:\Users\yibra\Downloads\6.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-23 23:38 - 2023-01-02 22:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-23 23:34 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-23 23:32 - 2023-01-03 06:45 - 000852208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-23 23:32 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\INF
2024-04-23 23:26 - 2023-08-03 18:29 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-23 23:26 - 2023-01-03 06:40 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-23 23:25 - 2023-01-02 22:33 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-23 23:25 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-23 23:24 - 2024-02-20 17:05 - 000003108 _____ C:\WINDOWS\system32\Tasks\NahimicTask32
2024-04-23 23:24 - 2024-02-20 17:05 - 000003088 _____ C:\WINDOWS\system32\Tasks\NahimicTask64
2024-04-23 23:24 - 2023-01-13 08:20 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-04-23 23:24 - 2023-01-03 06:56 - 000000000 __SHD C:\Users\yibra\IntelGraphicsProfiles
2024-04-23 23:24 - 2023-01-03 06:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-23 23:24 - 2023-01-03 06:39 - 000012288 ___SH C:\DumpStack.log.tmp
2024-04-23 23:24 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-04-23 23:24 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\ServiceState
2024-04-23 23:24 - 2023-01-02 22:31 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-04-23 23:16 - 2023-01-03 06:57 - 000000000 ___RD C:\Users\yibra\OneDrive
2024-04-23 23:10 - 2023-01-03 06:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-23 22:47 - 2023-01-02 22:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-04-23 22:39 - 2020-06-02 20:52 - 000000000 ____D C:\ProgramData\Common
2024-04-23 22:03 - 2024-01-25 19:46 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-04-23 22:03 - 2024-01-25 19:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-23 21:30 - 2019-11-13 22:01 - 000000000 ____D C:\Program Files\Microsoft Office
2024-04-23 21:26 - 2023-01-03 06:56 - 000000000 ____D C:\Users\yibra\AppData\Local\Packages
2024-04-23 21:04 - 2023-01-12 11:30 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-04-23 21:04 - 2023-01-03 06:57 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1125619000-792953389-3520311326-1001
2024-04-23 20:59 - 2023-01-10 15:11 - 000000000 ____D C:\Users\yibra\Downloads\Telegram Desktop
2024-04-23 20:39 - 2023-01-03 06:50 - 000000000 ___SD C:\Users\yibra\AppData\Roaming\Microsoft\Credentials
2024-04-23 20:30 - 2023-01-10 22:12 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-04-23 20:26 - 2024-01-25 19:46 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-04-23 17:29 - 2023-01-03 07:01 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Microsoft\Word
2024-04-23 08:11 - 2024-02-27 06:32 - 000000000 ____D C:\Users\yibra\AppData\Roaming\ExceedShare
2024-04-23 07:27 - 2024-02-27 06:30 - 000000000 ____D C:\Users\yibra\AppData\Roaming\ScreenShareClientUpdate
2024-04-22 19:27 - 2023-01-03 13:23 - 000000000 ____D C:\Users\yibra\AppData\Roaming\ViberPC
2024-04-22 12:00 - 2024-02-23 19:26 - 000000000 ____D C:\Users\yibra\Desktop\3d concrete
2024-04-22 00:28 - 2023-01-03 06:39 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-21 22:49 - 2023-01-13 10:15 - 000000000 ____D C:\Users\yibra\AppData\Local\ElevatedDiagnostics
2024-04-21 22:24 - 2019-11-13 21:30 - 000000000 ____D C:\ProgramData\Packages
2024-04-21 19:20 - 2023-01-03 06:56 - 000000000 ____D C:\Users\yibra\AppData\Local\D3DSCache
2024-04-21 17:58 - 2023-02-17 06:40 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Microsoft\Excel
2024-04-21 12:24 - 2024-01-25 22:50 - 000020480 _____ C:\Users\yibra\OneDrive\Documents\My EndNote Library.enl
2024-04-21 11:11 - 2023-01-28 09:05 - 000000000 ____D C:\Program Files (x86)\Overwolf
2024-04-21 02:11 - 2024-03-08 22:28 - 000000000 ____D C:\Users\yibra\AppData\Local\Messenger
2024-04-21 02:10 - 2024-03-08 22:28 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Messenger
2024-04-18 09:00 - 2024-02-19 18:39 - 000000000 ____D C:\Users\yibra\OneDrive\Documents\Research Proposal
2024-04-18 08:19 - 2023-01-03 06:58 - 000000000 ____D C:\Users\yibra\OneDrive\Documents\ViberDownloads
2024-04-15 18:34 - 2023-01-12 10:29 - 000000000 ____D C:\Users\yibra\AppData\Roaming\utorrent
2024-04-14 23:45 - 2023-01-03 06:58 - 000000000 ____D C:\Users\yibra\OneDrive\Documents\Researches
2024-04-14 23:36 - 2023-01-03 07:01 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Microsoft\Office
2024-04-14 18:15 - 2023-05-20 10:18 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-14 18:15 - 2023-05-20 10:18 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-04-13 21:46 - 2023-01-27 09:24 - 002708984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-04-13 21:46 - 2023-01-27 09:24 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-04-13 21:46 - 2023-01-27 09:24 - 000108136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-04-13 21:46 - 2023-01-27 09:24 - 000075368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-04-13 21:45 - 2024-02-19 15:06 - 000263784 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_4.dll
2024-04-13 21:45 - 2023-01-27 09:24 - 000710248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-04-13 21:45 - 2023-01-27 09:24 - 000218616 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-04-13 21:45 - 2023-01-27 09:24 - 000206440 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-04-12 18:52 - 2023-01-11 09:49 - 000000000 ____D C:\Users\yibra\AppData\Local\CrashDumps
2024-04-11 22:48 - 2023-01-02 22:33 - 000000000 ____D C:\ProgramData\USOPrivate
2024-04-11 22:33 - 2023-01-03 06:39 - 000656960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-11 22:32 - 2023-10-01 17:48 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-04-11 22:32 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-11 22:32 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-04-11 22:32 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-11 22:32 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-10 23:01 - 2023-01-03 14:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-10 22:59 - 2023-01-03 14:04 - 192651728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-10 22:51 - 2023-01-02 22:31 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-10 22:49 - 2023-01-03 06:41 - 003213824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-10 22:12 - 2019-11-13 21:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-06 17:49 - 2023-01-03 13:23 - 000000000 ____D C:\Users\yibra\AppData\Local\Viber
2024-04-06 17:45 - 2023-01-03 06:50 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Microsoft\Spelling
2024-04-06 17:41 - 2023-01-13 11:41 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Microsoft\PowerPoint
2024-04-04 10:17 - 2023-01-03 06:46 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{2C59E1F9-0F6C-4D7F-AD93-DE6CCD54203D}
2024-04-04 10:17 - 2023-01-03 06:46 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{91836747-C294-454A-81A2-C47774334C26}
2024-04-03 22:48 - 2023-08-03 18:29 - 000002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-04-03 22:48 - 2023-08-03 18:29 - 000002087 _____ C:\Users\yibra\Desktop\Google Slides.lnk
2024-04-03 22:48 - 2023-08-03 18:29 - 000002087 _____ C:\Users\yibra\Desktop\Google Sheets.lnk
2024-04-03 22:48 - 2023-08-03 18:29 - 000002075 _____ C:\Users\yibra\Desktop\Google Docs.lnk
2024-04-03 20:40 - 2023-04-30 18:25 - 000000000 ____D C:\Users\yibra\OneDrive\Documents\Zoom
2024-04-03 17:11 - 2023-04-30 18:23 - 000000000 ____D C:\Users\yibra\AppData\Roaming\Zoom
2024-04-02 23:15 - 2023-01-02 22:34 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-04-02 23:15 - 2023-01-02 22:34 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\MUI
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\IME
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\Program Files\Windows Defender
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\Program Files\Common Files\System
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-04-02 23:15 - 2023-01-02 22:33 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-04-02 23:15 - 2023-01-02 22:31 - 000000000 ____D C:\WINDOWS\servicing
2024-04-02 23:09 - 2023-01-03 06:57 - 000000000 ____D C:\Users\yibra\AppData\Local\PlaceholderTileLogoFolder
2024-03-28 00:52 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2024-03-27 22:56 - 2024-03-23 21:43 - 000000000 ____D C:\Users\yibra\Desktop\New folder
2024-03-27 20:03 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-03-27 20:02 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-03-27 20:02 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-03-27 20:02 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-03-27 20:02 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-03-27 20:02 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-03-27 20:02 - 2023-01-02 22:33 - 000000000 ____D C:\WINDOWS\Provisioning
2024-03-25 21:49 - 2024-03-08 22:28 - 000002332 _____ C:\Users\yibra\Desktop\Messenger.lnk
2024-03-24 23:01 - 2024-03-08 12:53 - 000000000 ____D C:\ProgramData\BlueStacks_msi5
2024-03-24 22:56 - 2023-02-13 16:52 - 000000000 ____D C:\Users\yibra\AppData\Roaming\duet
2024-03-24 22:45 - 2020-06-02 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteelSeries
2024-03-24 22:44 - 2020-06-02 19:29 - 000000000 ____D C:\Program Files\SteelSeries
2024-03-24 22:14 - 2020-06-02 19:48 - 000000000 ____D C:\MSI
2024-03-24 22:08 - 2023-01-13 10:06 - 000000000 ____D C:\Program Files\IGO_VAC
2024-03-24 22:02 - 2020-06-02 19:08 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-24 21:31 - 2024-03-16 12:11 - 000000000 ____D C:\WINDOWS\Minidump
2024-03-24 21:29 - 2023-01-13 09:31 - 000000000 ____D C:\F3_Upgrade
2024-03-24 21:29 - 2020-06-02 19:48 - 000000000 ____D C:\Program Files (x86)\MSI
2024-03-24 21:22 - 2020-06-02 19:13 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-03-24 20:21 - 2020-06-02 19:25 - 000000000 ____D C:\ProgramData\Intel
2024-03-24 20:21 - 2020-06-02 19:08 - 000000000 ____D C:\Program Files\Intel
 
==================== Files in the root of some directories ========
 
2023-02-21 18:43 - 2023-02-21 18:43 - 000000017 _____ () C:\Users\yibra\AppData\Local\resmon.resmoncfg
2023-02-16 23:06 - 2023-02-17 07:02 - 000087040 _____ () C:\Users\yibra\AppData\Local\WebpageIcons.db
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by yibra (23-04-2024 23:41:56)
Running from C:\Users\yibra\Downloads
Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) (2023-01-03 05:44:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1125619000-792953389-3520311326-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1125619000-792953389-3520311326-503 - Limited - Disabled)
Guest (S-1-5-21-1125619000-792953389-3520311326-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1125619000-792953389-3520311326-504 - Limited - Disabled)
yibra (S-1-5-21-1125619000-792953389-3520311326-1001 - Administrator - Enabled) => C:\Users\yibra
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20687 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Substance 3D for 3ds Max 2023 (HKLM\...\{896EDC13-76D3-4FC6-A741-A5B14D62A140}) (Version: 2.4.8 - Adobe)
Ant Download Manager (HKLM-x32\...\{754CB6A3-3FE2-40DA-9FE5-2864909BD1CC}_is1) (Version: 2.10.2 - AntGROUP, Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D76F9829-A6F3-48D3-A0B6-BC1522CB9F49}) (Version: 17.0.0.21 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
AutoCAD 2023 Shared (HKLM\...\{28B89EEF-6101-0000-4102-CF3F3A09B77D}) (Version: 24.2.53.0 - Autodesk) Hidden
AutoCAD 2023 Shared Language Pack - English (HKLM\...\{28B89EEF-6101-0409-5102-CF3F3A09B77D}) (Version: 24.2.53.0 - Autodesk) Hidden
AutoCAD Open in Desktop (HKLM\...\{2B8E195A-0082-4B8F-9284-0FCCB6017C23}) (Version: 1.0.26.0 - Autodesk)
Autodesk 3ds Max 2023 (HKLM\...\{289FB1F1-6328-4987-80DA-763B0563C6EB}) (Version: 25.2.2.3312 - Autodesk) Hidden
Autodesk 3ds Max 2023 (HKLM\...\{A3D6F389-91FB-394A-94CC-BFA9C8096A85}) (Version: 25.2.2.3312 - Autodesk, Inc.)
Autodesk 3ds Max 2023 CivilView 1.2.0.0 (HKLM\...\{CB41F6A0-9517-418C-82B3-E9096834F5E2}) (Version: 1.2.0.0 - Autodesk) Hidden
Autodesk Advanced Material Library Base Resolution Image Library 2023 (HKLM-x32\...\{C90A4CC0-0862-4FC3-A07F-31F903659946}) (Version: 21.0.1.1 - Autodesk)
Autodesk Advanced Material Library Low Resolution Image Library 2023 (HKLM-x32\...\{93A8D797-F224-4238-8E87-EE673E0BAC8A}) (Version: 21.0.1.1 - Autodesk)
Autodesk Advanced Material Library Medium Resolution Image Library 2023 (HKLM-x32\...\{489B5559-69A0-4165-A044-CEB510C6CBBF}) (Version: 21.0.1.1 - Autodesk)
Autodesk Advanced Modeling Tools for 3ds Max 2023 1.0.0.268 (HKLM\...\{1E73E0EF-EC23-4D93-9FF4-B0FF6C899E72}) (Version: 1.0.0.268 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{4EF1F1D4-E74F-45A8-AF89-95907847D484}) (Version: 3.3.0 - Autodesk)
Autodesk AutoCAD 2023 - English (HKLM\...\{73A78CE1-E03A-3415-826E-91A699E39B17}) (Version: 24.2.53.0 - Autodesk, Inc.)
Autodesk AutoCAD Performance Feedback Tool 1.3.12 (HKLM-x32\...\{293C8AB2-59FA-4C6E-A707-EE7457D8F567}) (Version: 1.3.12.0 - Autodesk)
Autodesk Cloud Models for Revit 2023 (HKLM\...\{AA384BE4-2303-0010-0000-97E7D7D02300}) (Version: 23.0.20.21 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{DE8DA5A8-C311-4F2B-B1C3-27A8BC154154}) (Version: 3.3.0 - Autodesk)
Autodesk Identity Manager (HKLM\...\Autodesk Identity Manager) (Version: 1.11.9.11 - Autodesk)
Autodesk Interoperability Engine Manager (HKLM\...\{C4EFAB73-D98A-3676-A3F8-142FC78E0EF3}) (Version: 1.0.0.11 - Autodesk.com) Hidden
Autodesk Inventor Interoperability 2023 (HKLM\...\{E2B54F9E-FF26-47AE-9AE1-D7AFBC32DE0C}) (Version: 27.0.13400.0000 - Autodesk) Hidden
Autodesk Material Library 2023 (HKLM-x32\...\{8E133591-B0FD-4DB0-B60E-FB593CAF72B0}) (Version: 21.0.1.1 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2023 (HKLM-x32\...\{3B564A94-BA47-4E42-ACD6-B5C35291210B}) (Version: 21.0.1.1 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2023 (HKLM-x32\...\{9E728FC7-CC88-4CBD-A1A2-094E27F05EF1}) (Version: 21.0.1.1 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2023 (HKLM-x32\...\{2ED470F3-3989-458D-AF24-8B2C4364A8CC}) (Version: 21.0.1.1 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.16.2.0 - Autodesk, Inc.)
Autodesk Revit 2023 (HKLM\...\{B4E35F04-D559-35E9-AB70-E0131AF7AB5B}) (Version: 23.0.11.19 - Autodesk, Inc.)
Autodesk Revit Content Core 2023 (HKLM\...\{AA384BE4-2023-0410-0000-9241AD002DA5}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Core-RVT 2023 (HKLM\...\{CC7D1ED0-2023-0410-0000-1CC925969102}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-CHS 2023 (HKLM\...\{848BACE1-2023-2052-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-CHT 2023 (HKLM\...\{848BACE1-2023-1028-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-CSY 2023 (HKLM\...\{848BACE1-2023-1029-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-DEU 2023 (HKLM\...\{848BACE1-2023-1031-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-ENG 2023 (HKLM\...\{848BACE1-2023-2057-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-ENU 2023 (HKLM\...\{848BACE1-2023-1033-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-ESP 2023 (HKLM\...\{848BACE1-2023-1034-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-FRA 2023 (HKLM\...\{848BACE1-2023-1036-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-ITA 2023 (HKLM\...\{848BACE1-2023-1040-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-JPN 2023 (HKLM\...\{848BACE1-2023-1041-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-KOR 2023 (HKLM\...\{848BACE1-2023-1042-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-PLK 2023 (HKLM\...\{848BACE1-2023-1045-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-PTB 2023 (HKLM\...\{848BACE1-2023-1046-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Content Essential-RUS 2023 (HKLM\...\{848BACE1-2023-1049-A981-1A6F0898E5BC}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Engine 2023 (HKLM\...\{DA6E3B72-3088-2023-9993-45D9FF1AD8D0}) (Version: 23.0.0.296 - Autodesk, Inc.)
Autodesk Revit MEP Imperial Content 2023 (HKLM\...\{94A3167C-9403-4421-8F25-434591B7D16D}) (Version: 2.4 - Autodesk) Hidden
Autodesk Revit MEP Metric Content 2023 (HKLM\...\{2D1156AE-553B-4387-A423-32E89A18620E}) (Version: 2.3 - Autodesk) Hidden
Autodesk Revit Product Feedback 2023 (HKLM\...\{D0AA00F5-2023-4900-BB7C-21929DC2B241}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk Revit Unit Schemas 2023 (HKLM\...\{CDCC6F31-2023-4903-8E9B-D562B70697B6}) (Version: 23.0.20.21 - Autodesk, Inc.)
Autodesk Russian Content for Revit 2023 (HKLM\...\{205C6D76-2023-1049-B227-DC6376F702DC}) (Version: 23.0.1.318 - Autodesk) Hidden
Autodesk Save to Web and Mobile (HKLM\...\{5AB49421-ADA1-4512-9E47-0AE9906F6A28}) (Version: 3.0.30 - Autodesk)
Autodesk Steel Connections Core Content for Revit 2023 (HKLM\...\{C430585C-2023-4514-A253-D0C70D33ADD5}) (Version: 23.0.11.19 - Autodesk) Hidden
Autodesk US English Content for Revit 2023 (HKLM\...\{205C6D76-2023-1033-B227-DC6376F702DC}) (Version: 23.0.1.318 - Autodesk) Hidden
Batch Print for Autodesk Revit 2023 (HKLM\...\{82AF00E4-2301-0010-0000-FCE0F8702300}) (Version: 23.0.11.19 - Autodesk) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Coohom (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\coohom-descktop-client) (Version: 1.0.5 - ExaCloud)
Discord (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\Discord) (Version: 1.0.9035 - Discord Inc.)
Duet Display (HKLM\...\{D3A7B8F3-9940-4AD6-A0BF-A2BA9512637C}) (Version: 2.6.8.1 - Kairos) Hidden
Duet Display (HKLM\...\Duet Display 2.6.8.1) (Version: 2.6.8.1 - Kairos)
EndNote 21 (HKLM-x32\...\{86B3F2D6-AC2B-0021-8AE1-F2F77F781B0C}) (Version: 21.0.1.17232 - Clarivate Analytics)
ENE Video Capture Box HAL (HKLM\...\{A096611D-BA11-4A1A-8D09-0A0462D7C8F2}) (Version: 1.0.5.15 - Ene Tech.) Hidden
ENE Video Capture Box HAL (HKLM-x32\...\{974259bf-3ed1-4cd6-9ed1-40c7f601a786}) (Version: 1.0.5.15 - Ene Tech.) Hidden
ENE_External_Device_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_External_Device_HAL (HKLM-x32\...\{bb9d349f-b87b-4026-b336-1604708bd09c}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.6.3 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM-x32\...\{c662a481-d76a-4188-95d2-6eb4ffd55542}) (Version: 1.0.6.3 - ENE TECHNOLOGY INC.) Hidden
ETABS 20 (HKLM\...\{110e9b22-e6cd-42d6-876f-0fb162d724e1}) (Version: 20.3.0 - Computers and Structures, Inc.)
eTransmit for Autodesk Revit 2023 (HKLM\...\{4477F08B-2301-0010-0000-9A09D8342300}) (Version: 23.0.11.19 - Autodesk) Hidden
Exceed Share (HKLM-x32\...\{31AEEDBC-4FE9-4C52-ADDC-2A18FE73C575}) (Version: 5.9.33.583 - ExceedShare)
FoneDog Toolkit for iOS 2.1.78 (HKLM-x32\...\{9B53745B-7332-4BBF-ABFD-83CECBD748AA}_is1) (Version: 2.1.78 - FoneDog)
FormIt Converter for Revit 2023 (HKLM\...\{64CDE5FF-7A65-4833-9906-374EA946C68F}) (Version: 23.0.20.21 - Autodesk) Hidden
Foxit PDF Editor (HKLM-x32\...\{1CB9D2BA-C551-11EE-A4F4-54BF64A63C26}) (Version: 2024.1.0.23997 - Foxit Software Inc.) Hidden
Foxit PDF Editor (HKLM-x32\...\{9ce4292c-c6b1-4efe-bc69-c0013c55cfaa}) (Version: 2024.1.0.23997 - Foxit Software Inc.)
FreeCAD 0.21.2 (HKLM\...\FreeCAD0212) (Version: 0.21.2 - FreeCAD Team)
Game Capture (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\Overwolf_lnhebboianabbebhnpoodokcdcnmikacoeijpjfe) (Version: 1.0.0.0 - Overwolf app)
Generative Design For Revit (HKLM\...\{52CF681B-DCB0-4DB7-B9BF-DA5BE3ABF624}) (Version: 23.2.23.0 - Autodesk) Hidden
Google Chat (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\7fac5b23fbfa8a087637be3b9d32250c) (Version: 1.0 - Google Chat)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 89.0.2.0 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
iCareFone 8.6.5.14 (HKLM-x32\...\{Tenorshare iCareFone}_is1) (Version: 8.6.5.14 - Tenorshare, Inc.)
iMyFone Fixppo 8.9.2.2 (HKLM-x32\...\{FD27E638-0609-44D4-B4E0-8F238FACC75C}_is1) (Version: 8.9.2.2 - iMyFone. All rights reserved.)
iMyFone Fixppo for Android 2.3.0.3 (HKLM-x32\...\{3E37CFC3-3CF3-40BC-A735-FE1D6F0C9AA9}_is1) (Version: 2.3.0.3 - Shenzhen iMyFone Technology Co., Ltd.)
iMyFone LockWiper 7.6.2.3 (HKLM-x32\...\{DD52596D-78A1-4101-ABFA-FDED8EBFAFE3}_is1) (Version: 7.6.2.3 - Shenzhen iMyFone Technology Co., Ltd.)
Intel® Chipset Device Software (HKLM\...\{B4BF76D4-C8E0-4341-A8C5-A33D1C506DED}) (Version: 10.1.18263.8193 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{66879245-162d-47f5-bac4-840156a7c01e}) (Version: 10.1.18263.8193 - Intel® Corporation)
Intel® Serial IO (HKLM\...\{7EB7E1A5-7771-481E-A2AC-8734A9BC3B4F}) (Version: 30.100.1915.1 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1915.1 - Intel Corporation)
iTunes (HKLM\...\{C9B64EBB-D631-4331-8B4F-C4231964080C}) (Version: 12.13.1.3 - Apple Inc.)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{F9B9A5A4-D66B-411A-B28F-D7A8863B432E}) (Version: 2.2.1457 - Rivet Networks)
Killer Wireless Driver UWD (HKLM\...\{B10DC0D5-964E-45F2-8068-67B8FCD393F8}) (Version: 2.2.1446 - Rivet Networks)
Loom 0.214.6 (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.214.6 - Loom, Inc.)
MAXtoA for 3ds Max 2023 (HKLM\...\{68E8B18F-6D24-4642-B42F-2AC6D9612441}) (Version: 5.4.0.37 - Autodesk)
Messenger (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 208.0.580469446 - Facebook, Inc.)
Microsoft .NET Core Host - 3.1.10 (x64) (HKLM\...\{52B42932-15C1-45D4-8904-FC3117EEE69B}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.10 (x64) (HKLM\...\{752B4412-A129-4CB2-AD96-B6D97EAD3090}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM\...\{396D7BC8-E3C8-4B3E-8C60-D50D94FDF09D}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM-x32\...\{4714dd0a-ebab-4f59-a708-f8d7a793b3f5}) (Version: 3.1.10.29419 - Microsoft Corporation)
Microsoft .NET Host - 6.0.23 (x64) (HKLM\...\{1870DD0E-1583-44FF-8265-A9D1692CD89C}) (Version: 48.92.2594 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.23 (x64) (HKLM\...\{995CC82C-E3E8-4BB5-9AB8-2B95C611D59D}) (Version: 48.92.2594 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.23 (x64) (HKLM\...\{7C0437DA-6703-47F1-A116-CD138B0768AD}) (Version: 48.92.2594 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft 365 - en-us.proof (HKLM\...\O365HomePremRetail - en-us.proof) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 - Shared Framework (HKLM-x32\...\{6efe3294-03d8-4977-9c67-9f57ab075130}) (Version: 3.1.10.20520 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 Shared Framework (x64) (HKLM\...\{7BEAA207-E3EB-3948-BBB3-336B04D8A2F1}) (Version: 3.1.10.20520 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.51 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2024 - en-us (HKLM\...\ProPlus2024Volume - en-us) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2024 - en-us.proof (HKLM\...\ProPlus2024Volume - en-us.proof) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Office LTSC Standard 2021 - en-us (HKLM\...\Standard2021Volume - en-us) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Office LTSC Standard 2021 - en-us.proof (HKLM\...\Standard2021Volume - en-us.proof) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Project Professional 2021 - en-us (HKLM\...\ProjectPro2021Volume - en-us) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Project Professional 2021 - en-us.proof (HKLM\...\ProjectPro2021Volume - en-us.proof) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Project Professional 2024 - en-us (HKLM\...\ProjectPro2024Volume - en-us) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Project Professional 2024 - en-us.proof (HKLM\...\ProjectPro2024Volume - en-us.proof) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{BAF67399-85CD-4555-9B49-1F80EB921C35}) (Version: 12.3.6024.0 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.09203 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visio LTSC Professional 2021 - en-us (HKLM\...\VisioPro2021Volume - en-us) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Visio LTSC Professional 2021 - en-us.proof (HKLM\...\VisioPro2021Volume - en-us.proof) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Visio LTSC Professional 2024 - en-us (HKLM\...\VisioPro2024Volume - en-us) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Visio LTSC Professional 2024 - en-us.proof (HKLM\...\VisioPro2024Volume - en-us.proof) (Version: 16.0.17622.20002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{8e24fb65-31aa-446d-9c3e-35c5e11cb367}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.23 (x64) (HKLM\...\{AA393199-374C-4AD1-9245-6CBB254D8146}) (Version: 48.92.2594 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.23 (x64) (HKLM-x32\...\{fbe8ac13-7063-40e6-81dd-7ddcc3781ecd}) (Version: 6.0.23.32930 - Microsoft Corporation)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 125.0.2 (x64 en-GB)) (Version: 125.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 122.0 - Mozilla)
MSI App Player (HKLM\...\BlueStacks_msi2) (Version: 4.150.10.6302 - BlueStack Systems, Inc.)
MSI App Player 5 (HKLM\...\BlueStacks_msi5) (Version: 5.9.300.6315 - BlueStack Systems, Inc.)
MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2024.0318.01 - MSI)
MSI companion (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\Overwolf_ddlhcmnbjcondncokaaocnpbhbmhchohknbhpnbd) (Version: 2.0.39 - Overwolf app)
MSI Gaming Center (HKLM-x32\...\{218D79E7-1F9C-4D7F-9650-024429BF5305}}_is1) (Version: 1.0.0.59 - MSI)
MSI NBFoundation Service (HKLM-x32\...\{A6EE9BF4-E6A6-4C63-8EA1-606C37E3618D}}_is1) (Version: 1.0.2312.2201 - MSI)
MSI SDK (HKLM-x32\...\{EE7D557C-3AE7-4348-8DCA-3A89790D0002}}_is1) (Version: 2.2024.0205.01 - MSI)
MSI Sound Tune (HKLM\...\IGO_VAC) (Version: 2.0.2.3 - Micro-Star INT'L CO., LTD.)
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 4.10.31.0 - Portrait Displays, Inc.)
NVIDIA GeForce Experience 3.20.3.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.3.63 - NVIDIA Corporation)
NVIDIA Graphics Driver 442.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.80 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17622.20002 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17622.20002 - Microsoft Corporation) Hidden
OpenStudio CLI For Revit 2023 (HKLM\...\{49E88835-0902-4C30-A4A8-6AE9D663AF81}) (Version: 1.0.4 - NREL)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.248.120.19 - Overwolf Ltd.)
Personal Accelerator for Revit (HKLM\...\{59340884-4135-469A-954A-D08186F6B1DB}) (Version: 23.1.2.0 - Autodesk) Hidden
Personal Accelerator for Revit (HKLM\...\Personal Accelerator for Revit) (Version: 23.1.2.0 - Autodesk)
Plagiarism Checker X (HKLM-x32\...\{3F4AED67-C1AD-471E-AA6D-FD002683F2D5}) (Version: 9.0.2 - Plagiarism Checker X, LLC)
Poe (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\Poe) (Version: 1.1.17 - Quora, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 8.7 - Power Software Ltd)
Primavera P6 Professional (x64) (HKLM\...\{5D2D315A-7E59-4BC7-AA41-303101D0884C}) (Version: 22.12.0.45756 - Oracle Corporation)
Prokon (HKLM-x32\...\Prokon5.0) (Version: 5.0 - Prokon Software Limited)
PuTTY release 0.80 (64-bit) (HKLM\...\{98B86AF9-EC3E-49F8-8B34-B48837CC5719}) (Version: 0.80.0.0 - Simon Tatham)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8907.1 - Realtek Semiconductor Corp.)
REF-N-WRITE (HKLM-x32\...\{93AAFDD8-DC0B-44FA-B922-765A10A35E61}) (Version: 6.0.0 - Astute Digital Solutions Ltd)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: 1.0.21.3540 - Clarivate Analytics)
Results Explorer Manager (HKLM\...\{60C0209C-4E50-48BD-970C-C60FFDC8E8D9}) (Version: 23.0.0.4949 - Autodesk, Inc.) Hidden
Retopology Tools for 3ds Max 2023 (HKLM\...\{8B64FC5A-8A21-4A4B-8D1C-5A3BE7D13660}) (Version: 1.2.0.589 - Autodesk, Inc.)
Revit 2023 (HKLM\...\{7346B4A0-2300-0510-0000-705C0D862004}) (Version: 23.0.11.19 - Autodesk) Hidden
REX Revit (HKLM\...\{68279641-03C3-465E-A81C-C6F3B426C115}) (Version: 23.0.0.4949 - Autodesk, Inc.) Hidden
RSA COM (HKLM\...\{41169307-8761-4130-9D94-07CB8EC41EC9}) (Version: 23.0.0.9223 - Autodesk, Inc.) Hidden
RSA CommonData (HKLM\...\{B890A922-9161-414E-A3D1-48704296DEAA}) (Version: 23.0.0.9223 - Autodesk, Inc.) Hidden
RSA Interop (HKLM\...\{8ECAAE12-419B-4CDE-A735-19870F980322}) (Version: 23.0.0.9223 - Autodesk, Inc.) Hidden
RSA RoReinf (HKLM\...\{79F02AA3-6296-4D12-8CB7-303BE4AECDE2}) (Version: 23.0.0.9223 - Autodesk, Inc.) Hidden
SAFE 20 (HKLM\...\{5f56596d-0c22-41b1-9f5e-c9c10c7dc376}) (Version: 20.3.0 - Computers and Structures, Inc.)
SAP2000 24 (HKLM\...\{c4144f98-30f7-4f09-ad2d-9edb4e079441}) (Version: 24.1.0 - Computers and Structures, Inc.)
SteelSeries GG 60.1.0 (HKLM\...\SteelSeries GG) (Version: 60.1.0 - SteelSeries ApS)
Telegram Desktop (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.15.2 - Telegram FZ-LLC)
Tenorshare ReiBoot 8.2.12.7 (HKLM-x32\...\{Tenorshare ReiBoot}_is1) (Version: 8.2.12.7 - Tenorshare, Inc.)
TeraBox (HKLM-x32\...\TeraBox) (Version: 1.28.0 - Flextech Inc.)
Viber (HKLM-x32\...\{14894022-10E9-4D8B-93AF-CA1397589001}) (Version: 19.1.0.0 - 2010-2022 Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\{06de94a7-6983-40aa-bf44-b07c2d0f809b}) (Version: 19.1.0.0 - 2010-2022 Viber Media S.a.r.l)
webOS Dev Manager (HKLM\...\{3F41569D-2C7C-49AD-9826-87DA7178D869}) (Version: 1.9.10 - webosbrew)
Windows Driver Package - Apple, Inc. (USBAAPL) USB  (05/19/2017 6.0.9999.69) (HKLM\...\7771A0176A543725D7BBF70A546C096A4EE2DD40) (Version: 05/19/2017 6.0.9999.69 - Apple, Inc.)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (WinUSB) AndroidUsbDeviceClass  (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Worksharing Monitor for Autodesk Revit 2023 (HKLM\...\{5063E738-2301-0010-0000-7B7B9AB02300}) (Version: 23.0.11.19 - Autodesk) Hidden
ZD Screen Recorder 11.7.0 (HKLM-x32\...\{A9CD196E-FABB-4822-B57E-ACC769666E6A}) (Version: 11.7.0.0 - ZD Soft)
Zoom (HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
Zotero (HKLM-x32\...\Zotero 6.0.30 (x86 en-US)) (Version: 6.0.30 - Corporation for Digital Scholarship)
 
Packages:
=========
 
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-03-15] ()
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5435.0_x64__8j3eq9eme6ctt [2024-04-14] (INTEL CORP) [Startup Task]
AppUp.IntelNUCSoftwareStudioforLaptops -> C:\Program Files\WindowsApps\AppUp.IntelNUCSoftwareStudioforLaptops_1.13.27416.0_x64__8j3eq9eme6ctt [2024-02-20] (INTEL CORP) [Startup Task]
AppUp.ThunderboltControlCenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2023-11-20] (INTEL CORP)
BusinessCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.BusinessCenter_2.1.35.0_x64__kzh8wxbdkxb8p [2024-03-29] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
Control Center 3.0 -> C:\Program Files\WindowsApps\CLEVOCO.ControlCenter3.0_6.33.3.0_x64__6h6z29zh29qx0 [2024-03-29] (CLEVO CO.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2024-04-16] (Disney)
DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.145.0_x64__kzh8wxbdkxb8p [2024-03-24] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
Google Chat -> C:\Program Files\WindowsApps\mail.google.com-8E394CDE_1.0.0.10_neutral__vq8mrer2vmnwe [2024-04-23] (mail.google.com)
Ink.Handwriting.en-GB.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-GB.1.0_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-20] (Microsoft Corporation)
Ink.Handwriting.en-GB.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-GB.1.0_0.237.110.0_x86__8wekyb3d8bbwe [2023-11-20] (Microsoft Corporation)
Ink.Handwriting.Main.en-GB.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-GB.1.0.1_0.237.110.0_x64__8wekyb3d8bbwe [2023-11-20] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-04-16] (Instagram)
Instagram -> C:\Program Files\WindowsApps\www.instagram.com-E4B7766F_42.0.23.1_neutral__ysfa6mcnwr1rw [2024-04-16] (www.instagram.com)
Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1523.831.0_x64__rh07ty8m5nkag [2023-11-20] (INTEL CORP) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-10-10] (Microsoft Corp.)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_24074.2321.2810.3500_x64__8wekyb3d8bbwe [2024-04-19] (Microsoft) [Startup Task]
Microsoft.Windows.Ai.Copilot.Provider -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-04-02] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24041.33.0_x64__cw5n1h2txyewy [2024-04-23] (Microsoft Windows) [Startup Task]
MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.34.0_x64__kzh8wxbdkxb8p [2024-03-31] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
MSI Driver & App Center -> C:\Program Files\WindowsApps\msiappadm.MSIDriverAppCenter_1.2009.1001.0_x64__7f61qv3vk9gn2 [2024-02-20] (msiappadm)
MSI Game Bar -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSIGameBar_2.0.18.0_x64__kzh8wxbdkxb8p [2024-03-01] (MICRO-STAR INTERNATIONAL CO., LTD)
MSI Help Desk -> C:\Program Files\WindowsApps\msiappadm.MSIHelpDesk_2.2103.3101.0_x64__7f61qv3vk9gn2 [2024-02-20] (msiappadm)
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.9.22.0_x64__w2gh52qy24etm [2024-02-20] (A-Volute)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj [2024-03-27] (NVIDIA Corp.)
Padlet -> C:\Program Files\WindowsApps\padlet.com-99EA826A_1.0.0.10_neutral__32g1nwx259fcc [2024-04-23] (padlet.com)
Power Automate -> C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_11.2403.237.0_x64__8wekyb3d8bbwe [2024-03-14] (Microsoft Corporation) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.50.323.0_x64__dt26b99r8h8gj [2024-04-16] (Realtek Semiconductor Corp)
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2024-04-16] (Bytedance Pte. Ltd.)
TikTok -> C:\Program Files\WindowsApps\www.tiktok.com-4C63E479_1.0.5.1_neutral__s5gx0acfdhdxa [2024-04-16] (www.tiktok.com)
Wakelet -> C:\Program Files\WindowsApps\wakelet.com-2DC8F5C3_1.0.0.10_neutral__p8zfs0k5k9jk8 [2024-04-23] (wakelet.com)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2414.8.0_x64__cv1g1gvanyjgm [2024-04-14] (WhatsApp Inc.) [Startup Task]
Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-04-11] (Microsoft Windows)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-03-01] (Microsoft Corporation)
Windows Package Manager Source (platform) -> C:\Program Files\WindowsApps\Microsoft.Winget.Platform.Source_2024.105.1947.899_neutral__8wekyb3d8bbwe [2024-02-27] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-01-10] (win.rar GmbH)
X -> C:\Program Files\WindowsApps\twitter.com-135FFC0D_1.0.0.10_neutral__9wdrbcd1pw7ja [2024-04-23] (twitter.com)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{0B16A0C3-05F0-4876-86AD-2E69E912F388}\InprocServer32 -> C:\Prokon\bin\ppreview.dll (Prokon Software Consultants (Pty) Ltd. -> )
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{169B5B8E-E315-41C7-9574-66FC7E530D10}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\yibra\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.09203\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{2C1145A1-DD84-3137-A6E2-6DEFE61B6053}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\REF_N_WRITE_AddIn.DLL (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{2F2A6D09-29FB-37A4-AB4F-04955910AAFF}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\REF_N_WRITE_AddIn.DLL (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{35C8B701-B985-39D1-808B-60EF25CB562F}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\REF_N_WRITE_AddIn.DLL (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{4AE728C4-795D-4261-B978-A65BBC02F211}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\adxloader64.dll (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{56589DAD-D12C-3BA5-BE99-9FC631AFCE87}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\REF_N_WRITE_AddIn.DLL (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{653883D1-9C7E-3685-8EF1-EFA284338C86}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\REF_N_WRITE_AddIn.DLL (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\Shell\Open\Command -> C:\Users\yibra\AppData\Roaming\TeraBox\TeraBox.exe (FLEXTECH INC. -> Flextech Inc.)
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64} -> [TeraBox] => C:\Users\yibra\AppData\Roaming\TeraBox\ [0000-00-00 00:00]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{71978E71-29DE-3621-AD44-E87C429FA18F}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\REF_N_WRITE_AddIn.DLL (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{7818E9A1-8A52-3FFB-846D-B5962FC94AD5}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\REF_N_WRITE_AddIn.DLL (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\yibra\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{9445D29B-0B12-3764-947D-2A0B95E8971F}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\REF_N_WRITE_AddIn.DLL (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{AEDA8174-99AE-3C5B-AD77-948F4C69B546}\InprocServer32 -> C:\Users\yibra\AppData\Local\Astute Digital Solutions Ltd\REF-N-WRITE\REF_N_WRITE_AddIn.DLL (Astute Digital Solutions Ltd) [File not signed]
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2023\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1125619000-792953389-3520311326-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [      .WorkspaceExt0] -> {C568C78A-652C-425B-8E6B-FFA73043302D} =>  -> No File
ShellIconOverlayIdentifiers: [      .WorkspaceExt1] -> {2A6FE247-5DA3-4732-9626-77820518FD77} =>  -> No File
ShellIconOverlayIdentifiers: [      .WorkspaceExt2] -> {FF895810-293B-464A-93F2-82D11E07EEC8} =>  -> No File
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-03] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-03] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-03] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-03] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2022-01-31] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2022-01-31] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-03] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\ConvertToPDFShellExtension_x64.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2023-12-05] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\yibra\AppData\Roaming\TeraBox\YunShellExt64.dll [2024-03-12] (FLEXTECH INC. -> )
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-03] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2023-12-05] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers4: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\yibra\AppData\Roaming\TeraBox\YunShellExt64.dll [2024-03-12] (FLEXTECH INC. -> )
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\89.0.2.0\drivefsext.dll [2024-04-03] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmiig.inf_amd64_31b6b410a25ec0b8\nvshext.dll [2022-12-06] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\ConvertToPDFShellExtension_x64.dll [2024-02-04] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2023-12-05] (Power Software Limited -> Power Software Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\yibra\Desktop\Google Chat.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=mdpkiolbdkhdjpekfbkbmhigcaggjagi --app-url=hxxps://mail.google.com/chat/ --app-run-on-os-login-mode=windowed --app-launch-source=19
ShortcutWithArgument: C:\Users\yibra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chat.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=mdpkiolbdkhdjpekfbkbmhigcaggjagi --app-url=hxxps://mail.google.com/chat/ --app-run-on-os-login-mode=windowed --app-launch-source=19
 
==================== Loaded Modules (Whitelisted) =============
 
2023-02-16 23:15 - 2022-11-22 07:32 - 001391104 _____ () [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\Framework.dll
2023-02-16 23:15 - 2022-12-07 09:12 - 002934784 _____ () [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\iosdevice.dll
2023-02-16 23:15 - 2022-03-11 11:43 - 000013312 _____ () [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\Utility.dll
2023-02-16 23:15 - 2021-12-24 09:43 - 000093720 _____ () [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\zlib1.dll
2024-03-24 21:28 - 2022-03-29 17:31 - 001125888 _____ () [File not signed] C:\Program Files (x86)\MSI\One Dragon Center\Sound Tune\gna2_runner.dll
2024-03-24 21:28 - 2022-03-29 17:31 - 046184448 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\MSI\One Dragon Center\Sound Tune\dnnl.dll
2023-02-16 23:15 - 2021-12-24 09:44 - 001902080 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\SQLite3.dll
2023-02-16 23:15 - 2022-11-22 06:40 - 000310784 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\libcurl.dll
2023-02-16 23:15 - 2022-11-22 06:40 - 003029912 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\LIBEAY32.dll
2023-02-16 23:15 - 2022-11-22 06:40 - 000820901 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\ssleay32.dll
2023-02-16 23:15 - 2022-11-22 06:40 - 003647977 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\libcrypto-1_1-x64.dll
2023-02-16 23:15 - 2022-11-22 06:40 - 001007178 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\libssl-1_1-x64.dll
2023-02-16 20:53 - 2017-09-14 07:46 - 001012224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\platforms\qwindows.dll
2023-02-16 20:53 - 2022-06-30 03:45 - 004694016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Core.dll
2023-02-16 20:53 - 2022-06-30 03:45 - 005032960 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Gui.dll
2023-02-16 20:53 - 2022-06-30 03:45 - 000856064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Network.dll
2023-02-16 20:53 - 2022-06-30 03:45 - 004483072 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\Qt5Widgets.dll
2023-02-16 23:15 - 2016-09-25 08:12 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\imageformats\qgif.dll
2023-02-16 23:15 - 2016-09-25 10:37 - 000036864 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\imageformats\qicns.dll
2023-02-16 23:15 - 2016-09-25 08:12 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\imageformats\qico.dll
2023-02-16 23:15 - 2016-09-25 08:12 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\imageformats\qjpeg.dll
2023-02-16 23:15 - 2016-09-25 10:38 - 000353792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\imageformats\qtiff.dll
2023-02-16 23:15 - 2016-09-25 10:38 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\imageformats\qwbmp.dll
2023-02-16 23:15 - 2016-09-25 10:38 - 000375296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\imageformats\qwebp.dll
2023-02-16 23:15 - 2016-09-25 08:12 - 001236992 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\platforms\qwindows.dll
2023-02-16 23:15 - 2017-11-21 06:49 - 005568512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\Qt5Core.dll
2023-02-16 23:15 - 2016-09-25 08:05 - 006011904 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\Qt5Gui.dll
2023-02-16 23:15 - 2016-09-25 08:02 - 001074176 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\Qt5Network.dll
2023-02-16 23:15 - 2021-05-20 05:56 - 005526528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\Qt5Widgets.dll
2023-02-16 23:15 - 2016-09-25 08:00 - 000196096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\FoneDog\FoneDog Toolkit - iOS Data Recovery\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\yibra\Downloads\MBSetup (2).exe:MBAM.Zone.Identifier [174]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1125619000-792953389-3520311326-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO: Foxit PDF Editor Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\IEAddin\IEAddin_x64.dll [2024-02-04] (FOXIT SOFTWARE INC. -> )
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-03-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Foxit PDF Editor Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\IEAddin\IEAddin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> )
Toolbar: HKLM - Foxit PDF Editor Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\IEAddin\IEAddin_x64.dll [2024-02-04] (FOXIT SOFTWARE INC. -> )
Toolbar: HKLM-x32 - Foxit PDF Editor Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\Creator\IEAddin\IEAddin.dll [2024-02-04] (FOXIT SOFTWARE INC. -> )
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-23] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1125619000-792953389-3520311326-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\yibra\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\11976560451377334161\133583702384596239.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: edgeupdate => 2
MSCONFIG\Services: edgeupdatem => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\Run: => "MsiTrueColor"
HKLM\...\StartupApproved\Run: => "Autodesk Access"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "SteelSeriesGG"
HKLM\...\StartupApproved\Run: => "MSI TrueColor"
HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\StartupApproved\StartupFolder: => "Google Chat.lnk"
HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\StartupApproved\Run: => "com.squirrel.Poe.Poe"
HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\StartupApproved\Run: => "Duet Display"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C3787E34-CE0C-4892-9441-14301ACEB0E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BF797411-C5ED-46A3-8CEC-8565E98EFCCD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{809B676C-93B6-4660-A647-EE4C7B55AAA7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F4126153-C8C5-4365-B6FF-3AE89F0CD1E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{566311CE-A096-4794-A6A8-A5970033FFC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3AFBD78D-7BF4-4725-85AE-86259C2F7B28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25FF037C-DFB9-4FD7-A5D7-D6992EC7F8A2}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe (Autodesk, Inc. -> Autodesk, Inc.) [File not signed]
FirewallRules: [{C783A4C8-2766-44F4-A7F4-71670BF957BB}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe (Flexera Software LLC -> Flexera)
FirewallRules: [{25E63BDF-A2DD-42B7-B33D-71FE67CDEC36}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe (Autodesk, Inc. -> Autodesk, Inc.) [File not signed]
FirewallRules: [{860EE645-915E-4285-8ABA-B78DBC72B52E}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe (Flexera Software LLC -> Flexera)
FirewallRules: [{7433FA92-1686-4E19-ADBA-4D51BE755D06}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe (Autodesk, Inc. -> Autodesk, Inc.) [File not signed]
FirewallRules: [{39AFC5C5-5D8F-4331-8747-ED82D2BF8B2B}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe (Flexera Software LLC -> Flexera)
FirewallRules: [{6A9C36D1-A138-49A4-AD8E-E1512C70F31D}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe (Autodesk, Inc. -> Autodesk, Inc.) [File not signed]
FirewallRules: [{064085DC-F55D-4056-95B6-06BCFDDDC682}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe (Flexera Software LLC -> Flexera)
FirewallRules: [{031ECCAE-C670-4E70-9119-A99823FF6D1E}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\uninstall.exe (Autodesk, Inc. -> Autodesk, Inc.)
FirewallRules: [{088AD58A-0015-4791-BC6D-C4458B8245A2}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\uninstall.exe (Autodesk, Inc. -> Autodesk, Inc.)
FirewallRules: [{DD81E958-A823-413A-984F-14D4E4752252}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingAgent\AdskLicensingAgent.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{398738CC-3C50-4F5C-B995-7CDF572ECD04}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingAgent\AdskLicensingAgent.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{96A9291F-2428-4A08-933B-D36F9B6F9DCD}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingAgent\CER\senddmp.exe (Autodesk, Inc. -> Autodesk, Inc.)
FirewallRules: [{1BB49138-0DB0-4847-9DF5-CC17BE3EA7F1}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingAgent\CER\senddmp.exe (Autodesk, Inc. -> Autodesk, Inc.)
FirewallRules: [{737EAB9A-A99D-4DA2-B27F-1021F4927DF2}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingAnalyticsClient\ADPClientService.exe (Autodesk, Inc. -> Autodesk, Inc.)
FirewallRules: [{081A5FA6-4E09-4258-A697-1C55CF6335ED}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingAnalyticsClient\ADPClientService.exe (Autodesk, Inc. -> Autodesk, Inc.)
FirewallRules: [{CA0A8E77-DDA8-461A-94B6-CDFB4F0D166B}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingAnalyticsClient\AdskLicensingAnalyticsClient.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{81441DCD-BEEB-463C-A2D1-808107788424}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingAnalyticsClient\AdskLicensingAnalyticsClient.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{AAC89F53-4E27-4051-9B48-E8F4D92A7008}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingService\AdskLicensingService.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{70446570-1D1B-4A86-AB68-93CEF156CBE5}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingService\AdskLicensingService.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{B1B819DC-78DB-4676-97E6-53CF4E89BB2A}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\helper\AdskLicensingInstHelper.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{63819E50-E5F4-445E-B619-40AFFBCB8D6C}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\helper\AdskLicensingInstHelper.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{9005F211-29B2-49BC-916D-FBD4320A971F}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\AdskLicensingAgent.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{D54D094F-2775-43B9-BD56-9491B5A6993F}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\AdskLicensingAgent.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{82C8764A-3068-409A-86D3-41E98910BF8F}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\CER\senddmp.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{842A9A6A-F09E-4B62-A048-4443427B645A}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\CER\senddmp.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{D97E4994-C100-4E21-BADF-850094EE533B}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAnalyticsClient\ADPClientService.exe (Autodesk, Inc. -> Autodesk, Inc.)
FirewallRules: [{54EF3089-D95C-4B7E-8AB1-C86EBEC62C56}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAnalyticsClient\ADPClientService.exe (Autodesk, Inc. -> Autodesk, Inc.)
FirewallRules: [{62F981CD-101C-46AE-93F5-F1B2DEF5E384}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAnalyticsClient\AdskLicensingAnalyticsClient.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{5361ADA4-8F38-4C37-904B-097B1B60BAA3}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAnalyticsClient\AdskLicensingAnalyticsClient.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{A54241B7-8BEB-4FD9-B05E-A688B02A56E6}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{27C5EA57-54F5-44B3-97D9-42BEF5742849}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{CB516790-220B-49CC-8AC3-4C6F032AE18F}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\helper\AdskLicensingInstHelper.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{9AD8E191-C21E-4797-A51F-5555874206FC}] => (Block) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\helper\AdskLicensingInstHelper.exe (Autodesk, Inc. -> Autodesk)
FirewallRules: [{91239F7E-80B4-496D-84D9-0A69F848BE2F}] => (Allow) C:\Users\yibra\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{69321657-A7BD-4358-9187-BC8676BDCAF1}] => (Allow) C:\Users\yibra\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{BD8F920E-6459-46CD-B5F7-853F03945819}] => (Allow) C:\Program Files\Computers and Structures\ETABS 20\CSiAPIService.exe (Computers and Structures, Inc. -> Computers and Structures, Inc.)
FirewallRules: [{E50E8739-58FC-4123-9F0C-87190A1680A6}] => (Allow) C:\Program Files\Computers and Structures\SAP2000 24\CSiAPIService.exe (Computers and Structures, Inc. -> Computers and Structures, Inc.)
FirewallRules: [{D0D1D03D-0C0C-4FCD-8D79-EF579A352F31}] => (Allow) C:\Program Files\Computers and Structures\SAFE 20\CSiAPIService.exe (Computers and Structures, Inc. -> Computers and Structures, Inc.)
FirewallRules: [{6D44A1DF-61B8-4B78-B376-D765F0B8ADCE}] => (Allow) C:\Program Files\Kairos\Duet Display\duet.exe (Duet, Inc. -> Duet, Inc.)
FirewallRules: [{3F48B3C3-3B8A-4DF1-9B9C-24C07969585D}] => (Allow) C:\Program Files\Kairos\Duet Display\duet.exe (Duet, Inc. -> Duet, Inc.)
FirewallRules: [{4A01E1EE-61AB-41A9-B115-007C85E5F26E}] => (Allow) C:\Users\yibra\Downloads\reiboot.exe => No File
FirewallRules: [{3E8F3176-BF40-4753-B8B3-077AE169BB2B}] => (Allow) C:\Users\yibra\Downloads\reiboot.exe => No File
FirewallRules: [{7C1025E6-C61F-4714-A238-A578CE52297D}] => (Allow) C:\Users\yibra\Downloads\reiboot (1).exe => No File
FirewallRules: [{D1B23D95-5DA9-47E0-9F13-D90A3A15F4E5}] => (Allow) C:\Users\yibra\Downloads\reiboot (1).exe => No File
FirewallRules: [{69A5337D-C8E3-4B30-AEE7-9EC8D5FB2D1E}] => (Allow) C:\Users\yibra\Downloads\icarefone.exe => No File
FirewallRules: [{69E8A764-4411-4BB6-86CB-43CC5D01C0B7}] => (Allow) C:\Users\yibra\Downloads\icarefone.exe => No File
FirewallRules: [{53BD8F29-90C8-45F5-B3AA-2B69A0696129}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe (Tenorshare Co., Ltd. -> Tenorshare)
FirewallRules: [{48BCA51C-12FD-42D8-B2EE-2A64EFB0B652}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe (Tenorshare Co., Ltd. -> Tenorshare)
FirewallRules: [{52142D18-5362-4CDF-AB42-185CED6E1F87}] => (Allow) C:\Users\yibra\Downloads\reiboot (2).exe => No File
FirewallRules: [{41498FEA-F32F-44B3-9517-311CB146277D}] => (Allow) C:\Users\yibra\Downloads\reiboot (2).exe => No File
FirewallRules: [{8F1F35DF-D1FE-4B1F-882D-720C713AA9FA}] => (Allow) C:\Program Files (x86)\i4Tools7\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{20887472-1EBA-48E4-9C9A-6DB2FAD76F43}] => (Allow) C:\Program Files (x86)\i4Tools7\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{9F227A5C-B711-4DE9-BE4C-10B7BB2B3A9F}] => (Allow) LPort=80
FirewallRules: [{EC803710-94E9-4073-A353-A825480AC42E}] => (Allow) C:\Program Files (x86)\i4Tools7\extrastools\i4AirPlayer\i4AirPlayer.exe => No File
FirewallRules: [{BB8826F2-268C-4F9A-A898-9B0FF1390256}] => (Allow) C:\Program Files (x86)\i4Tools7\extrastools\i4AirPlayer\airplayer_dlna\DlnaService.exe => No File
FirewallRules: [{2561FD33-6C63-40EA-A44F-A6CAFBF47534}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DDCDF01D-76F5-4F62-AB45-AED90819CE49}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AECAA47E-5002-4579-94F1-F2A8BFBE9129}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D98DCCE5-7351-4DF7-9663-DC9CEC0E9F0D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{84E660BB-ACEE-4EE4-B0C9-B4EE9F32F8F5}] => (Allow) C:\Users\yibra\Downloads\reiboot (3).exe => No File
FirewallRules: [{730BFE5C-DB43-4581-AB33-CA2B8947032B}] => (Allow) C:\Users\yibra\Downloads\reiboot (3).exe => No File
FirewallRules: [{4312E5F8-A2FE-46A5-B6F6-95142EF6015A}] => (Allow) C:\Users\yibra\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A96B422D-C9E6-49FB-B17A-BF749C4C1A92}] => (Allow) C:\Users\yibra\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F657577B-CC04-4D8A-868F-B5FAF7A9926B}] => (Allow) C:\Users\yibra\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{4F4EADDA-7F97-42BE-A485-5E5FE1E65CEE}C:\users\yibra\appdata\local\viber\viber.exe] => (Allow) C:\users\yibra\appdata\local\viber\viber.exe (Viber Media S.a r.l. -> Viber Media S.à r.l.)
FirewallRules: [UDP Query User{B0A98B3C-1DD8-4F87-A95B-F539CF769C9C}C:\users\yibra\appdata\local\viber\viber.exe] => (Allow) C:\users\yibra\appdata\local\viber\viber.exe (Viber Media S.a r.l. -> Viber Media S.à r.l.)
FirewallRules: [{89EFEFF8-A593-4BF9-89F3-48C0B9639D5C}] => (Allow) C:\Program Files\Kairos\Duet Display\duet.exe (Duet, Inc. -> Duet, Inc.)
FirewallRules: [{A5B86ACD-391A-4CA8-905D-5A32F69ED7B0}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7982297E-A402-4571-800D-FBADC411BA77}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{54AC8F7D-F6FE-42E1-8624-33FEF7D738FA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E3B1D775-C5E5-4332-8801-F70DC457C6DE}C:\users\yibra\appdata\roaming\terabox\teraboxrender.exe] => (Allow) C:\users\yibra\appdata\roaming\terabox\teraboxrender.exe (FLEXTECH INC. -> Flextech Inc.)
FirewallRules: [UDP Query User{819CECD2-79BD-4075-B19E-178417F050EA}C:\users\yibra\appdata\roaming\terabox\teraboxrender.exe] => (Allow) C:\users\yibra\appdata\roaming\terabox\teraboxrender.exe (FLEXTECH INC. -> Flextech Inc.)
FirewallRules: [TCP Query User{0B4F8FB7-EBC2-4FD5-8359-F86DD209CCB5}C:\users\yibra\appdata\roaming\terabox\teraboxhost.exe] => (Allow) C:\users\yibra\appdata\roaming\terabox\teraboxhost.exe (FLEXTECH INC. -> Flextech Inc.)
FirewallRules: [UDP Query User{B9F83FFA-DD35-421B-9B4A-655996DA92ED}C:\users\yibra\appdata\roaming\terabox\teraboxhost.exe] => (Allow) C:\users\yibra\appdata\roaming\terabox\teraboxhost.exe (FLEXTECH INC. -> Flextech Inc.)
FirewallRules: [{87E6E1BE-914D-4FC4-8140-FBE1AAECCE0C}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\crashpad_handler.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{3168AD8D-1078-4C8E-B2B7-A8ED29589F95}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\crashpad_handler.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{CDC9CB8B-5402-4CB1-B137-E2C4AAFF857A}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\crashpad_handler.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{A41DADD2-B854-4768-93AD-C93A5E11791E}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\crashpad_handler.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{591014EF-B832-4065-A2ED-8F47BFFEEF64}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\certmgr.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{26C7450D-228F-4194-A697-E2CC4D9BEB61}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\certmgr.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{7B3FB2B4-1A7D-4F57-9698-FE3E2A58F958}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\devcon.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{4499FEED-302E-47F3-A7C3-92529BD71C5F}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\certmgr.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{1EB94D2D-C553-4AA3-9134-254E5E154A03}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\devcon.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{655752B7-AE0C-4E0E-8808-682379D8046F}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\devcon.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{0BF98C73-598E-4D2B-8463-34F0A4245E63}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\devtool.exe (Guangzhou Shirui Electronics) [File not signed]
FirewallRules: [{6A23D9A0-296B-43A7-B289-E73F1217E9F3}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\devtool.exe (Guangzhou Shirui Electronics) [File not signed]
FirewallRules: [{BA1DE886-4909-4B74-8D2A-380AB9BBDBE2}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\certmgr.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{49A6BCED-27BA-41BE-837F-BFD71D2B5ACC}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\devcon.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{74A95540-9F0C-4DD4-9F7D-8A5FDFCD7C86}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\pnputil.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{D17B271E-958A-4AEC-BD88-84C11C747870}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\pnputil.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{6F7A5D87-5E72-4F01-8C71-7864A8A20422}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\ScreenShareUtilsBox.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{B686DFCA-5DC0-4AB7-B394-4171BBC7453C}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\ScreenShareUtilsBox.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{1D3D3CA2-01A2-414B-A57A-231F0D550FD6}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\devtool.exe (Guangzhou Shirui Electronics) [File not signed]
FirewallRules: [{0EEDB342-51B5-4A87-9B47-597002AD47EF}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\devtool.exe (Guangzhou Shirui Electronics) [File not signed]
FirewallRules: [{5781E482-DE07-44C2-B253-75720C61050F}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\certmgr.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{714E0BBD-5365-46BC-9EA7-B1243F0776B5}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\pnputil.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{FD6054A8-BB0D-4C8C-98FB-F4AF108A67C5}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\ScreenShareUtilsBox.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{1587BD73-7A04-4336-AB26-A0B04CB69FF0}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\ScreenShareUtilsBox.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{10D68E13-8F05-4895-AD38-199610743B1A}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\amd64\pnputil.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{BD10008B-711A-459B-99C8-6ECF7FDFAAEE}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\certmgr.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{D7401988-6507-4EB7-98C2-20779A4C8071}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\certmgr.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{4486C9F7-B93B-46EA-BE69-75D2B28C578F}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\devcon.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{E0CAAB39-7BFF-4A7C-BE92-79D552C7DCDB}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\certmgr.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{EB7CA857-1A4F-4BA4-9520-3324479483DE}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\devcon.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{7A99A1D1-905B-4D5A-8DE6-FBE06690344F}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\devcon.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{3AB74D72-B9E8-4FB7-8BC5-A2E6A8C47298}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\devcon.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{063EDDFB-AC41-4003-855D-5E6EF3B88495}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\pnputil.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{23DBCF45-4852-4C8D-B558-B34902099B41}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\devtool.exe (Guangzhou Shirui Electronics) [File not signed]
FirewallRules: [{B931EB1C-F129-44CE-8E99-90CAADBE4E2D}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\devtool.exe (Guangzhou Shirui Electronics) [File not signed]
FirewallRules: [{D65B3EBB-17D9-44A0-AD3B-A37950D2B81A}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\devtool.exe (Guangzhou Shirui Electronics) [File not signed]
FirewallRules: [{77B91BD9-5807-42C2-B87D-D35412561521}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\windows-kill.exe () [File not signed]
FirewallRules: [{789CF2F0-0B29-418F-BBA5-5A4FD2D33062}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\pnputil.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{B8FEEC16-C2B7-42A5-B117-7BAFEC96CB8B}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\pnputil.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{E184E4A5-100A-4344-B9D2-7F643C390BE2}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\pnputil.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{3A1CCCD2-B141-4F7E-947F-128D86FA4609}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\windows-kill.exe () [File not signed]
FirewallRules: [{CD0082C3-5942-48CF-B1BB-D83BF9FEEECC}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\windows-kill.exe () [File not signed]
FirewallRules: [{D66AB6FE-739F-4304-B667-2D52F7C594B2}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\devtool.exe (Guangzhou Shirui Electronics) [File not signed]
FirewallRules: [{9885D921-8B0D-4315-81AE-07A794FC6AB1}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\ScreenShareClientUpdate.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{69673D8D-956C-49DD-977C-6D4AA6872052}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\ScreenShareClientUpdate.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{E9832E53-2C25-416C-8387-22E189E80D0E}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\ExceedShare.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{F79BE79B-D9F5-4AD3-9CE5-3D9A426C1873}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\vc_redist.x86.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E111E9C9-4642-420E-914B-E42AA1739C30}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\ScreenShareClientUpdate.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{D9F092B3-662A-40D6-B9E2-D8A55C1A56C3}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\ExceedShare.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{99AC116C-F02D-42B1-BB5E-397E214A0E52}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\drivers\tools\x86\windows-kill.exe () [File not signed]
FirewallRules: [{E8DF35E1-13DE-4D5D-96EE-511377D9FE63}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\ExceedShare.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{AC3E5857-61D4-405A-B29A-61674C0ABD31}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\vc_redist.x86.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4800506B-733E-4120-8718-A9EC0FF9FAFF}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\vc_redist.x86.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{30F74284-C61E-4BDA-BBF6-D8638F0C7F8E}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\ExceedShare.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [{361B72D6-9B4F-4276-8538-81D1BC5B230E}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\vc_redist.x86.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{15F9CEE7-687C-4A02-81FF-63D64A151A76}] => (Allow) C:\Program Files (x86)\ExceedShare\ExceedShare\ScreenShareClientUpdate.exe (Guangzhou Shizhen Information Technology Co.,Ltd. -> )
FirewallRules: [TCP Query User{910125A0-7746-4793-953C-47E2C3BC936C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{EA2601A0-B2B4-480D-BE37-07A4FF25761E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E5622E59-D9F5-4A70-9525-312EEF9F4BD9}] => (Allow) C:\Program Files\BlueStacks_msi5\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems)
FirewallRules: [{DF61496A-3C01-48B0-9B72-A968F4E429C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5AFE5332-FE0A-4EAD-93DC-7B2950D03F32}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5A7C906B-9002-468D-8042-DF573C35DC7E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07C66AA5-8FEF-4C73-8DC0-AE73778EE9E3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA339964-D5A9-4614-95C7-1B3E1339AEF1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{359153DF-385B-411D-9AE8-4162548F85E6}] => (Allow) C:\Users\yibra\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{686A7D2D-0044-4A95-BA41-23D79FF44918}] => (Allow) C:\Users\yibra\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{BF4E9C4A-4A42-48AB-9EFE-6B742CF3A797}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2EFE746C-492F-4969-8B03-2D8C4D42A5C7}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24060.3102.2733.5911_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9BAD9D54-5C25-4268-BF9A-E0F1DFA26173}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{51163A2F-7FAA-4076-ACD2-C71EF60C2B1E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{391E3459-817C-4282-AD74-7658C4FC99C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5A86BCED-CC4C-4EE2-BE5C-B0EB94F0E4E9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.117.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AA8FF777-D6EE-4559-9837-5575DD08914E}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{2DBC48BD-BF49-4AC6-86D3-84ECFD06AB10}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{26E9748E-88BB-423A-A1A6-48CF655D19E3}] => (Block) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{AB08BB41-8AAB-4E48-9EA6-C7C32BF64D27}] => (Block) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{E3CB77C7-04EC-4F4E-B6B0-29A95D050833}] => (Allow) C:\Program Files (x86)\Overwolf\0.248.120.19\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{FCE73A10-7546-42A1-98E6-1D90629B08C1}] => (Allow) C:\Program Files (x86)\Overwolf\0.248.120.19\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0F5D4A77-1EE2-41CD-8771-E9E067E4F189}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24074.2321.2810.3500_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D76FCEC-9CA1-4713-A028-E364DBC888EE}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24074.2321.2810.3500_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AA484C68-69AB-4FD7-9241-955B483C0408}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.51\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8196431E-6A4A-4554-B317-63F771DB204B}] => (Allow) LPort=32683
FirewallRules: [{A3196067-8CA4-4A67-BBE3-C6C1CC0950FE}] => (Allow) LPort=32682
FirewallRules: [{6A9D8444-AE76-40AA-A8D5-AF3EA0EBBFE5}] => (Allow) LPort=26822
 
==================== Restore Points =========================
 
23-04-2024 21:25:30 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: Sharing-Media
Description: Sharing-Media
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: CVTE
Service: VIRTUALCAMERA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Nahimic mirroring device
Description: Nahimic mirroring device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Nahimic
Service: Nahimic_Mirroring
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Sharing-Media
Description: Sharing-Media
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: EXCEED
Service: EXCEED_VAC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/23/2024 11:24:36 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: xTendUtility.exe, version: 2.0.11.0, time stamp: 0x5ea1cb6a
Faulting module name: xTendUtility.exe, version: 2.0.11.0, time stamp: 0x5ea1cb6a
Exception code: 0xc0000409
Fault offset: 0x000000000004b79d
Faulting process ID: 0x0x1dac
Faulting application start time: 0x0x1da95cd049923e0
Faulting application path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
Faulting module path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
Report ID: 40110c4f-312e-45f7-9109-fb87de9af727
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/23/2024 09:21:08 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
 
Error: (04/23/2024 09:19:09 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: xTendUtility.exe, version: 2.0.11.0, time stamp: 0x5ea1cb6a
Faulting module name: xTendUtility.exe, version: 2.0.11.0, time stamp: 0x5ea1cb6a
Exception code: 0xc0000409
Fault offset: 0x000000000004b79d
Faulting process ID: 0x0x1db0
Faulting application start time: 0x0x1da95bb7e3536b9
Faulting application path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
Faulting module path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
Report ID: 018afd2f-e891-4a11-afb0-09f4487f4576
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/23/2024 09:11:00 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: KillerNetworkService.exe, version: 3.1523.831.1, time stamp: 0x64f09c37
Faulting module name: Windows.Networking.Connectivity_unloaded, version: 10.0.22621.3235, time stamp: 0xb5bed58d
Exception code: 0xc0000005
Fault offset: 0x0000000000033cc0
Faulting process ID: 0x0x180c
Faulting application start time: 0x0x1da8c57e4a3f60a
Faulting application path: C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
Faulting module path: Windows.Networking.Connectivity
Report ID: 64a44450-3bd8-4958-8337-ed91ddcba125
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/23/2024 08:12:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname MSI.local already in use; will try MSI-2.local instead
 
Error: (04/23/2024 08:12:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 MSI.local. Addr 10.5.50.225
 
Error: (04/23/2024 08:12:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.5.50.203:5353   16 MSI.local. AAAA FE80:0000:0000:0000:ED80:78AF:4ED8:EA5D
 
Error: (04/23/2024 08:12:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 MSI.local. AAAA FE80:0000:0000:0000:39FD:88E9:2572:3AF8
 
 
System errors:
=============
Error: (04/23/2024 11:24:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 6 time(s).
 
Error: (04/23/2024 11:24:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error: 
The compound file GameInput Service was produced with a newer version of storage.
 
Error: (04/23/2024 11:24:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The xTendUtilityService service terminated unexpectedly. It has done this 1 time(s).
 
Error: (04/23/2024 11:24:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (04/23/2024 11:24:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error: 
The compound file GameInput Service was produced with a newer version of storage.
 
Error: (04/23/2024 11:24:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (04/23/2024 11:24:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error: 
The compound file GameInput Service was produced with a newer version of storage.
 
Error: (04/23/2024 11:24:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
Windows Defender:
================
Date: 2024-04-23 21:06:24
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Custom Scan
 
Date: 2024-04-22 19:27:35
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-04-22 18:42:25
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2024-04-22 18:42:25
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Backdoor:Win32/Bladabindi!ml
Severity: Severe
Category: Backdoor
Path: containerfile:_C:\Users\yibra\Downloads\Telegram Desktop\TechSmith Camtasia- STUDIO.rar; file:_C:\Users\yibra\Downloads\Telegram Desktop\TechSmith Camtasia- STUDIO.rar->TechSmith Camtasia- STUDIO\patch.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.409.441.0, AS: 1.409.441.0, NIS: 1.409.441.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4 
 
Date: 2024-04-22 18:42:25
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: containerfile:_C:\Users\yibra\Downloads\Telegram Desktop\Adobe_Acrobat_Pro_DC_2022_003_20263_Update_Only_x64_Downloadly_ir.rar; file:_C:\Users\yibra\Downloads\Telegram Desktop\Adobe_Acrobat_Pro_DC_2022_003_20263_Update_Only_x64_Downloadly_ir.rar->Adobe Acrobat Pro DC 2022.003.20263 Update Only x64\Crack\Patch.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.409.441.0, AS: 1.409.441.0, NIS: 1.409.441.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4 
Event[0]
 
Date: 2024-04-23 23:10:23
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. 
 
Date: 2023-06-14 08:46:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.389.2739.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20300.3
Error code: 0x80072efd
Error description: A connection with the server could not be established  
 
Date: 2023-06-14 08:46:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.389.2739.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20300.3
Error code: 0x80072efd
Error description: A connection with the server could not be established  
 
Date: 2023-06-14 08:46:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.389.2739.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20300.3
Error code: 0x80072efd
Error description: A connection with the server could not be established  
 
Date: 2023-06-14 08:46:40
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.389.2739.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.20300.3
Error code: 0x80072efd
Error description: A connection with the server could not be established  
 
CodeIntegrity:
===============
Date: 2024-04-23 23:42:06
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. 
 
Date: 2024-04-23 23:34:45
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. 
 
Date: 2024-04-23 23:31:24
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.51\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\AudioDevProps2.dll that did not meet the Microsoft signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. E16V1IMS.112 11/19/2020
Motherboard: Micro-Star International Co., Ltd. MS-16V1
Processor: Intel® Core™ i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 51%
Total physical RAM: 16202.04 MB
Available physical RAM: 7936.22 MB
Total Virtual: 18634.04 MB
Available Virtual: 7765.11 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:337.08 GB) (Free:140.82 GB) (Model: WDC PC SN730 SDBPNTY-512G-1032) NTFS
Drive d: (Recovery) (Fixed) (Total:18.3 GB) (Free:15.12 GB) (Model: WDC PC SN730 SDBPNTY-512G-1032) NTFS
 
\\?\Volume{8b8a5266-7546-402e-928d-74b6e4f21c9b}\ (MSI) (Fixed) (Total:100 GB) (Free:82.31 GB) NTFS
\\?\Volume{d7d9bff4-de64-419c-a07d-3430625d8299}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.09 GB) NTFS
\\?\Volume{5468bb6e-274f-405f-99c6-e50d10772f78}\ (BIOS_RVY) (Fixed) (Total:20.26 GB) (Free:0.69 GB) NTFS
\\?\Volume{471a9725-85ba-4e36-ace7-299e92125732}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 92F82C29)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


BC AdBot (Login to Remove)

 

#2 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,348 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:05:30 AM

Posted Today, 01:19 AM

Hi arian80,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

  • Back up any important data, as a precaution, before starting this process.
  • If you are unsure about anything then please ask. This makes the task much easier in the long run.
  • Do not run any other tools or make changes to your system during the removal process.
  • Please do not start a new topic and keep all replies in this thread.
  • Follow the instructions in the sequence advised.
  • Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
  • Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
  • Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
  • Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.

Please give me some time to examine your logs and I will get back to you as soon as possible.

Dennis


#3 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,348 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:05:30 AM

Posted Today, 05:31 AM

There is some clean up that we can do, as well as removing an Edge/Chrome extension, to hopefully resolve the problem
Firstly though could you please check your Downloads folder and remove anything that you do not recognise or are unsure about.
The following open firewall ports were listed.

FirewallRules: [{9F227A5C-B711-4DE9-BE4C-10B7BB2B3A9F}] => (Allow) LPort=80
FirewallRules: [{8196431E-6A4A-4554-B317-63F771DB204B}] => (Allow) LPort=32683
FirewallRules: [{A3196067-8CA4-4A67-BBE3-C6C1CC0950FE}] => (Allow) LPort=32682
FirewallRules: [{6A9D8444-AE76-40AA-A8D5-AF3EA0EBBFE5}] => (Allow) LPort=26822

These may be related to AutoCAD/Autodesk or other genuine programs, so we will not take any action with these, unless you wish to close them on a precautionary basis.

-------------------------------------------------------------------------------------
Could you please run this FRST script next.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

  • Right click on the FRST icon and select Run as administrator.
  • Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
  • It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\yibra\AppData\Local\yzsx_zsync_1712421264\zsync_desktop.exe
File: C:\WINDOWS\system32\license.lic
File: C:\WINDOWS\system32\license.sig
Folder: C:\WINDOWS\SysWOW64\XPSViewer
Folder: C:\WINDOWS\system32\ar
Folder: C:\ProgramData\Common
HKU\S-1-5-21-1125619000-792953389-3520311326-1001\...\Policies\Explorer: []
Edge HKLM-x32\...\Edge\Extension: [jaleebmaoohbjjohjlfmihkkopgfibne]
CHR HKLM-x32\...\Chrome\Extension: [fjgncogppolhfdpijihbpfmeohpaadpc] - hxxps://click.endnote.com/extensions/chrome/update-manifest.xml
Task: {FF43FB4E-7D63-45B5-99D8-4745A1FE68FD} - System32\Tasks\WDNA => C:\Users\yibra\AppData\Local\NutCelar\rhc.exe [1536 2023-07-26] () [File not signed] -> C:\Users\yibra\AppData\Local\NutCelar\php.exe index.php
Task: {9869AD6F-57D2-4C6A-A887-E6E56C49D00F} - System32\Tasks\WDNA_LG => Command(1): rhc.exe -> C:\Users\yibra\AppData\Local\NutCelar\php.exe include.php <==== ATTENTION
Task: {9869AD6F-57D2-4C6A-A887-E6E56C49D00F} - System32\Tasks\WDNA_LG => Command(2): rhc.exe -> C:\Users\yibra\AppData\Local\NutCelar\php.exe index.php <==== ATTENTION
2024-04-03 01:36 - 2024-04-06 17:34 - 000000000 ____D C:\Users\yibra\AppData\Local\NutCelar
Task: {ABFA469B-849C-4B2D-8FBB-5ED5F5E93CD4} - System32\Tasks\ScreenShareClientUpdate => C:\Users\yibra\AppData\Local\Temp\ScreenShareClientUpdate.exe  Install (No File) <==== ATTENTION
HKU\S-1-5-18\...\Run: [Norton Download ManagerCCT_CERT_EXPIRY_MITIGATION] => C:\PROGRA~3\Norton\{0C55C~1\NORTON~1.EXE /m /noui (No File)
Task: {45CF73C8-9A94-47C5-8E45-347738A58FC5} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {F149D228-3BEF-4677-BDC7-0B4B070D99FF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {D1388F80-9948-45B0-9693-44B922BD0202} - System32\Tasks\MSI Task Host - Duet => "C:\Program Files (x86)\MSI\One Dragon Center\Duet\MSI_Duet.exe"  (No File)
Task: {25FE0670-524D-4263-81CA-27EFB478399D} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe  (No File)
Task: {B6575A07-4EE6-4AD8-9D5E-708D53DE8F1B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1125619000-792953389-3520311326-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File)
ShellIconOverlayIdentifiers: [      .WorkspaceExt0] -> {C568C78A-652C-425B-8E6B-FFA73043302D} =>  -> No File
ShellIconOverlayIdentifiers: [      .WorkspaceExt1] -> {2A6FE247-5DA3-4732-9626-77820518FD77} =>  -> No File
ShellIconOverlayIdentifiers: [      .WorkspaceExt2] -> {FF895810-293B-464A-93F2-82D11E07EEC8} =>  -> No File
FirewallRules: [{91239F7E-80B4-496D-84D9-0A69F848BE2F}] => (Allow) C:\Users\yibra\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{69321657-A7BD-4358-9187-BC8676BDCAF1}] => (Allow) C:\Users\yibra\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{4A01E1EE-61AB-41A9-B115-007C85E5F26E}] => (Allow) C:\Users\yibra\Downloads\reiboot.exe => No File
FirewallRules: [{3E8F3176-BF40-4753-B8B3-077AE169BB2B}] => (Allow) C:\Users\yibra\Downloads\reiboot.exe => No File
FirewallRules: [{7C1025E6-C61F-4714-A238-A578CE52297D}] => (Allow) C:\Users\yibra\Downloads\reiboot (1).exe => No File
FirewallRules: [{D1B23D95-5DA9-47E0-9F13-D90A3A15F4E5}] => (Allow) C:\Users\yibra\Downloads\reiboot (1).exe => No File
FirewallRules: [{69A5337D-C8E3-4B30-AEE7-9EC8D5FB2D1E}] => (Allow) C:\Users\yibra\Downloads\icarefone.exe => No File
FirewallRules: [{69E8A764-4411-4BB6-86CB-43CC5D01C0B7}] => (Allow) C:\Users\yibra\Downloads\icarefone.exe => No File
FirewallRules: [{52142D18-5362-4CDF-AB42-185CED6E1F87}] => (Allow) C:\Users\yibra\Downloads\reiboot (2).exe => No File
FirewallRules: [{41498FEA-F32F-44B3-9517-311CB146277D}] => (Allow) C:\Users\yibra\Downloads\reiboot (2).exe => No File
FirewallRules: [{8F1F35DF-D1FE-4B1F-882D-720C713AA9FA}] => (Allow) C:\Program Files (x86)\i4Tools7\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{20887472-1EBA-48E4-9C9A-6DB2FAD76F43}] => (Allow) C:\Program Files (x86)\i4Tools7\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{EC803710-94E9-4073-A353-A825480AC42E}] => (Allow) C:\Program Files (x86)\i4Tools7\extrastools\i4AirPlayer\i4AirPlayer.exe => No File
FirewallRules: [{BB8826F2-268C-4F9A-A898-9B0FF1390256}] => (Allow) C:\Program Files (x86)\i4Tools7\extrastools\i4AirPlayer\airplayer_dlna\DlnaService.exe => No File
FirewallRules: [{84E660BB-ACEE-4EE4-B0C9-B4EE9F32F8F5}] => (Allow) C:\Users\yibra\Downloads\reiboot (3).exe => No File
FirewallRules: [{730BFE5C-DB43-4581-AB33-CA2B8947032B}] => (Allow) C:\Users\yibra\Downloads\reiboot (3).exe => No File
FirewallRules: [{359153DF-385B-411D-9AE8-4162548F85E6}] => (Allow) C:\Users\yibra\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{686A7D2D-0044-4A95-BA41-23D79FF44918}] => (Allow) C:\Users\yibra\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{AA8FF777-D6EE-4559-9837-5575DD08914E}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{2DBC48BD-BF49-4AC6-86D3-84ECFD06AB10}] => (Allow) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{26E9748E-88BB-423A-A1A6-48CF655D19E3}] => (Block) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe => No File
FirewallRules: [{AB08BB41-8AAB-4E48-9EA6-C7C32BF64D27}] => (Block) C:\Program Files (x86)\Overwolf\0.243.1.1\OverwolfBrowser.exe => No File
HKU\S-1-5-18\...\Run: [] => [X]
S2 cphs; %SystemRoot%\System32\IntelCpHeciSvc.exe [X]
S2 Killer Provider Data Helper Service; %SystemRoot%\System32\drivers\Intel\Killer\KillerProviderDataHelperService.exe [X]
S3 GENERICDRV; \??\C:\Users\yibra\Desktop\RMA-AUTO5.5\SOFT\CHK\amifldrv64.sys [X]
End::
  • Click on the Fix button just once and wait.
  • Please make sure you let the system restart normally. After that let the tool complete its run.
  • When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also please advise how your computer is running now.


Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·