Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by Geofish (administrator) on ACER (Acer Aspire VN7-593G) (11-04-2024 23:39:57)
Running from D:\Downloads\FRST64.exe
Loaded Profiles: Geofish
Platform: Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) Language: German (Germany) -> English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe ->) (Autodesk, Inc. -> Autodesk, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe
(C:\Program Files\Acer\Acer Quick Access\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(C:\Program Files\Acer\Acer Quick Access\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) () [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <19>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Mark of the Unicorn, Inc -> MOTU) C:\Program Files (x86)\MOTU\CoreUAC\MOTUMSeries.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) () [File not signed] C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\14.1.0.10619\AdskLicensingService\AdskLicensingService.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (F5 Networks Inc -> F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe
(services.exe ->) (F5 Networks Inc -> F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
(services.exe ->) (F5 Networks Inc -> F5 Networks, Inc.) C:\Windows\SysWOW64\F5TrafficSrv.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe <2>
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe <2>
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\IntelCpHeciSvc.exe
(services.exe ->) (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Mark of the Unicorn, Inc -> ) C:\Program Files (x86)\MOTU\CoreUAC\Service\MOTUCoreUACAudioPolicyMediator.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_e96375d8421bb873\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(services.exe ->) (StagWare) [File not signed] [File is in use] C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2413.1.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(svchost.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\igfxext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (TechPowerUp LLC -> uWebb Software) D:\ThrottleStop_8.70.6\ThrottleStop.exe
(TeamViewer Germany GmbH -> ) C:\Windows\Temp\nspCD2F.tmp\TvUpdateInfo.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [176472 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SGDawNodeService] => C:\WINDOWS\SysWOW64\SGDawNodeService.exe [5624320 2019-08-19] (Waves Audio Ltd.) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [MOTUMSeries.exe] => C:\Program Files (x86)\MOTU\CoreUAC\MOTUMSeries.exe [2773144 2022-10-31] (Mark of the Unicorn, Inc -> MOTU)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1792256 2023-06-23] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384864 2017-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492960 2017-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Autodesk Access] => C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe [20689696 2024-02-07] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusrite\Drivers\Focusrite Notifier.exe [906840 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering, Ltd.)
HKLM-x32\...\Run: [F5_SAM_Client] => C:\Program Files (x86)\F5 VPN\f5fpclientW.exe [5020560 2023-07-18] (F5 Networks Inc -> F5 Networks, Inc.)
HKLM-x32\...\Run: [Launch 0 FwCustom] => C:\Program Files\SPC_Gear\GK550.exe [3572224 2018-11-30] (0) [File not signed]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1129440 2023-08-08] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Genshin Impact_launcher_mihoyo_1_0] => [X]
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller* <==== ATTENTION
HKLM Group Policy restriction on software: protected <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\SysWOW64\FxsTmp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\SysWOW64\Com\dmp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\FxsTmp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\debug\WIA <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\Registration\CRMLog <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\spool\drivers\color <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\Com\dmp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\Tasks <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\tracing <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\Tasks <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\Temp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\spool\PRINTERS <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\SysWOW64\Tasks <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\Microsoft\Crypto\RSA\MachineKeys <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\spool\SERVERS <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\Tasks_Migrated <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\servicing\Packages <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\servicing\Sessions <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\Hard_Configurator\Tools <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group1\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group2\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group3\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\OneDrive\Desktop\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\OneDrive\Desktop\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\Public\Desktop\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: *.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.tmp <==== ATTENTION
HKLM Group Policy restriction on software: *.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramW6432Dir% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group1\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group2\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group3\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop%*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\OneDrive\Desktop\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\Public\Desktop\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\ProductAppDataPath% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM\...\Policies\Explorer: [HideRunAsVerb] 0
HKLM\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1286322575-3200454710-2639170948-1000\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3306400 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-12-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [Lync] => "C:\Program Files\Microsoft Office\root\Office16\lync.exe" /fromrunkey (No File)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [org.whispersystems.signal-desktop] => C:\Users\Geofish\AppData\Local\Programs\signal-desktop\Signal.exe [157760376 2023-02-16] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [MicrosoftEdgeAutoLaunch_91B466CF2D4E0A458C8E1CFE779BAC5A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-13] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter\nlclientapp.exe [608608 2024-02-23] (Locktime Software s.r.o. -> Locktime Software)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [11504544 2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2888672 2023-08-08] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2842648 2024-04-03] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Policies\Explorer: []
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\MountPoints2: {9daf3333-9984-11e8-9003-3065ecbad515} - "E:\setup.EXE" /AUTORUN
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\es.scr [2719744 2018-04-03] () [File not signed]
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2023-08-01] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.122\Installer\chrmstp.exe [2024-04-10] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\Installer\chrmstp.exe [2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\Geofish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AHK Master Startup Script.ahk - Shortcut.lnk [2019-11-24]
ShortcutTarget: AHK Master Startup Script.ahk - Shortcut.lnk -> C:\AHK Master Startup Script.ahk () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ableton Push Control Panel Autostart.lnk [2023-11-20]
ShortcutTarget: Ableton Push Control Panel Autostart.lnk -> C:\Program Files\Ableton\Push Driver\x64\AbletonPushCpl.exe (Thesycon Software Solutions GmbH & Co. KG -> )
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4A0CF3D6-082A-46C0-987C-1AC98F9DC6C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {A9D0BABE-CD5F-40D4-A027-1F0B94D317E5} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {52126433-3BF2-4B4C-A2D2-C1A2269DC796} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D2945ED3-B0AF-4A50-8C49-790AB970CAB4} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe [1111184 2023-12-12] (Bitdefender SRL -> Bitdefender) -> C:\Program Files\Bitdefender Agent\27.0.1.266\repair
Task: {2E927927-018C-473F-BA9D-5EFDC76ED785} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{5731B7DF-189A-4350-8BD8-73EEC82492D4} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5E1BD4FF-F852-47B9-9E14-B1A567DEAF1D} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{BCEE0ED9-ED36-4150-9209-3118EDDA7F18} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {4324E64D-90F9-4C1C-ACB7-CA7B4C767292} - System32\Tasks\CorelUpdateHelperTask-5DCAF6EC04905C083AE8261AF6998A16 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (No File)
Task: {AE03C98D-10FD-4CC3-B6C9-4282713C14A0} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem125.0.6407.0{7600B3E0-211F-484B-AE22-8F29471DFA18} => C:\Program Files (x86)\Google\GoogleUpdater\125.0.6407.0\updater.exe [4782880 2024-04-08] (Google LLC -> Google LLC)
Task: {97587913-E297-4E19-90E9-899482777E28} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {D2A615C9-58C7-401C-A1B8-2B524E900AC4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {977BF7D6-4BCC-4195-852F-FE09F07B3E12} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E582B15E-262A-4F26-9A72-625737F76D4B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {76DDA7B1-EFBF-45B6-AFEA-D908D5907C2E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E540D65A-DEBA-487D-9DC6-2A81A5DD661A} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168488 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {2574437C-650C-463D-A2A1-AA6A45287E5C} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4449176 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CD830EF-9C3A-4C9D-B436-DC0ED7867A56} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SysInfo => %appdata%\\toolsyshost\\sihost.exe -st -tu 0 (No File) <==== ATTENTION
Task: {332DC620-DD09-4E87-86F8-7E3678E4699F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {3242629C-14B9-4A99-AE73-0FC460123A8F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5FA3A926-5CDA-4F03-8C4F-BAE946E44641} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {5526FE8F-5B5F-4900-8580-CC30EAE8863E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0B5B7AF-3071-44C3-BDE9-6E5142B826BE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {960F07B0-D921-465F-8498-1A5E07BF23C1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EC98E84-DE9D-45E4-B76D-F1F877C16FBD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A501053-B987-4E26-ADC8-4346CDB90CD6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7FE83956-9996-4D40-BF34-DB5631612C5C} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D4E6B6E3-0C76-49B7-8254-8E949DE30AA7} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {05F34924-1F99-4476-9B8A-E29FC9D442B3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1286322575-3200454710-2639170948-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {354E7BFE-D420-4A98-B036-DD28E1B2E392} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1286322575-3200454710-2639170948-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {2ABA3549-3E42-4EC8-97B9-38BD42BBEFA9} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2770736 2019-09-26] (Acer Incorporated -> Acer Incorporated)
Task: {2A208EB3-CED8-4A33-934A-6A153BBB87A8} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [446256 2019-09-26] (Acer Incorporated -> Acer Incorporated)
Task: {D8F07ECD-DB58-4511-80B5-E05E60F58B02} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2610160 2019-09-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\/AUTOHIDE
Task: {4347EB1E-D689-47D9-AF02-F1FBA2FFF307} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2019-09-25] (Acer Incorporated -> Acer Incorporated)
Task: {5E5C3B90-6BCB-4F95-B830-FD65F784E7C1} - System32\Tasks\throttlestop => D:\ThrottleStop_8.70.6\ThrottleStop.exe [509608 2019-01-24] (TechPowerUp LLC -> uWebb Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4bbea6b1-96c1-4431-9c54-30f022972119}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4bbea6b1-96c1-4431-9c54-30f022972119}: [DhcpDomain] innonet.local
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}: [DhcpDomain] innonet.local
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\55053403935323233333: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\55053403935323233333: [DhcpDomain] home
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\64C696872657370243235354: [DhcpNameServer] 192.168.55.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\65F6461666F6E656D2548383331393731353: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\65F6461666F6E656D2548383331393731353: [DhcpDomain] station
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\75C414E4D23475739545B4: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\75C414E4D23475739545B4: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\D4167656E6471675C414E4D27373A515: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\D4167656E6471675C414E4D27373A515: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\E4544574541425D4142513: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\E4544574541425D4142513: [DhcpDomain] innonet.local
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\E4544574541425D4142513D25374: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\E4544574541425D4142513D25374: [DhcpDomain] innonet.local
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\F44554439363738314: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge Profile: C:\Users\Geofish\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-11]
Edge Extension: (Google Docs Offline) - C:\Users\Geofish\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Geofish\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-01]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-08-08] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-08-08] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default [2024-04-11]
CHR Extension: (Adblock for Youtube™) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2024-01-19]
CHR Extension: (Tampermonkey) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-04-10]
CHR Extension: (Ruffle - Flash Emulator) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\donbcfbmhbcapadipfkeojnmajbakjdc [2024-04-10]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-04-10]
CHR Extension: (I don't care about cookies) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2024-01-04]
CHR Extension: (Dark theme) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfobiagdiioemjmpdecklcjaplpljdo [2021-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-29]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-04-10]
CHR Extension: (ChatGPT for Google) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjaeacdkonaoafenlfkkkmbaopkbilf [2024-03-29]
CHR Extension: (Adblocker for YouTube™) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldkihpcibakajmpnggbjnehoifnnpebn [2020-09-20]
CHR Extension: (WebChatGPT: ChatGPT with internet access) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfemeioodjbpieminkklglpmhlngfcn [2024-04-08]
CHR Extension: (Facebook Screen Sharing) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfpggehkhmjpdjpefomjchjafhmbnai [2019-12-06]
CHR Extension: (YouTube NonStop) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlkaejimjacpillmajjnopmpbkbnocid [2023-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Scopus Document Download Manager) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojplelelocihfchkdaebocpankipadmp [2020-07-08]
CHR Profile: C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\System Profile [2024-01-12]
CHR HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-04-11]
BRA DownloadDir: D:\Downloads
BRA Extension: (Ruffle - Flash Emulator) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\donbcfbmhbcapadipfkeojnmajbakjdc [2024-04-10]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-04-10]
BRA Extension: (Chrome Remote Desktop) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-11-03]
BRA Extension: (ChatGPT for Google) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jgjaeacdkonaoafenlfkkkmbaopkbilf [2024-03-24]
BRA Extension: (Facebook Screen Sharing) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ncfpggehkhmjpdjpefomjchjafhmbnai [2023-10-11]
BRA Extension: (YouTube NonStop) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nlkaejimjacpillmajjnopmpbkbnocid [2023-10-30]
BRA Profile: C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\System Profile [2023-10-11]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-04-11]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-04-11]
BRA Extension: (Brave NTP background images) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-01]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-04-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-23]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-04-11]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2024-02-09]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2024-04-11]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-03-09]
BRA Extension: (Brave Ads Resources) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2024-03-03]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-04-11]
BRA Extension: (Brave Ad Block Updater (EasyList Germany (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2024-04-11]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-01-26]
BRA Extension: (Brave Ad Block Updater (Fanboy's Annoyances (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\omoaeaghhgmiojkeaemjkpkmelmalbgo [2024-04-11]
BRA Extension: (Brave Ad Block Updater (Greek AdBlock (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\onooookdmjmijocbeafcldnbfiaobhjk [2024-04-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-25]
BRA Extension: (Brave Ad Block Updater (uBlock Annoyances (used with Fanboy's Annoyances) (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\pnoagbonokhdnppohfeemefhjbbofplk [2024-04-10]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-08-08] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [17243936 2024-02-15] (Autodesk, Inc. -> Autodesk)
R2 AdskNLM; C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe [1127760 2019-01-15] (Flexera Software LLC -> Flexera)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Autodesk Access Service Host; C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe [11630368 2024-02-07] (Autodesk, Inc. -> Autodesk, Inc.)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2574864 2023-07-20] (Bitdefender SRL -> Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-05-27] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-20] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\elevation_service.exe [2671128 2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-20] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe [74016 2024-03-26] (Google LLC -> Google LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221312 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-12-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-05-16] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [594320 2023-07-18] (F5 Networks Inc -> F5 Networks, Inc.)
R2 F5FltSrv; C:\WINDOWS\SysWOW64\F5FltSrv.exe [717200 2023-07-18] (F5 Networks Inc -> F5 Networks, Inc.)
R2 F5TrafficSrv; C:\WINDOWS\SysWOW64\F5TrafficSrv.exe [292320 2018-08-24] (F5 Networks Inc -> F5 Networks, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncHelper.exe [3512224 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 Focusrite Control Server; C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [1297920 2023-12-19] () [File not signed]
S2 GoogleUpdaterInternalService125.0.6407.0; C:\Program Files (x86)\Google\GoogleUpdater\125.0.6407.0\updater.exe [4782880 2024-04-08] (Google LLC -> Google LLC)
S2 GoogleUpdaterService125.0.6407.0; C:\Program Files (x86)\Google\GoogleUpdater\125.0.6407.0\updater.exe [4782880 2024-04-08] (Google LLC -> Google LLC)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8882936 2024-04-11] (Malwarebytes Inc. -> Malwarebytes)
R2 MOTUCoreUACAudioPolicyMediator; C:\Program Files (x86)\MOTU\CoreUAC\Service\MOTUCoreUACAudioPolicyMediator.exe [79000 2022-10-31] (Mark of the Unicorn, Inc -> )
R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [8704 2019-04-14] (StagWare) [File not signed] [File is in use] <==== ATTENTION
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe [26464 2024-02-23] (Locktime Software s.r.o. -> Locktime Software)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_e96375d8421bb873\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-01-13] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [22384 2023-11-09] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.055.0317.0002\OneDriveUpdaterService.exe [3852712 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [686032 2023-12-12] (Bitdefender SRL -> Bitdefender)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [466224 2019-09-26] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [508208 2019-09-26] (Acer Incorporated -> Acer Incorporated)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [30224 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [18575672 2024-04-02] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5964328 2023-05-27] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [1045352 2023-11-16] (Windscribe Limited -> Windscribe Limited)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [12311392 2023-05-31] (KRAFTON, Inc. -> KRAFTON, Inc)
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 arturiausbmidi; C:\WINDOWS\System32\drivers\arturiausbmidi.sys [404984 2023-06-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 arturiausbmidiks; C:\WINDOWS\System32\drivers\arturiausbmidiks.sys [54816 2023-06-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-12-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-12-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 F5FltDrv; C:\WINDOWS\SysWOW64\drivers\F5FltDrv.sys [55648 2023-07-18] (F5 Networks Inc -> F5 Networks, Inc.)
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [49560 2023-01-03] (F5 Networks Inc -> F5 Networks, Inc.)
R3 FocusritePCIeSwRoot; C:\WINDOWS\System32\drivers\FocusritePCIeSwRoot.sys [106208 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUsb; C:\WINDOWS\System32\drivers\FocusriteUsb.sys [170312 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUsbAudio; C:\WINDOWS\System32\drivers\FocusriteUsbAudio.sys [109896 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsbSwRoot; C:\WINDOWS\System32\drivers\FocusriteUsbSwRoot.sys [112968 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 Focusriteusb_AUDIO; C:\WINDOWS\system32\drivers\FocusriteusbAudio.sys [109896 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 KMWDFILTER; C:\WINDOWS\System32\drivers\KMWDFILTER.sys [30208 2009-04-29] (MLK Technologies Limited -> Windows ® Codename Longhorn DDK provider)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31032 2019-09-25] (Acer Incorporated -> Acer Incorporated)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78912 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-04-11] (Malwarebytes Inc. -> Malwarebytes)
R3 MOTUCoreUAC; C:\WINDOWS\System32\Drivers\MOTUCoreUAC.sys [224488 2022-10-31] (Mark of the Unicorn, Inc -> MOTU, Inc)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [202416 2024-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Locktime Software)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25400 2019-09-25] (Acer Incorporated -> Acer Incorporated)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [309752 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [120280 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SoundGridMIDI; C:\WINDOWS\system32\drivers\SoundGridMidi.sys [45040 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
S3 SoundGridMIDI; C:\Windows\SysWOW64\drivers\SoundGridMidi.sys [23552 2019-08-19] (Waves Audio Ltd.) [File not signed]
R2 SoundGridProtocol; C:\WINDOWS\system32\DRIVERS\SoundGridProtocol.sys [115184 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
R2 SoundGridProtocol; C:\Windows\SysWOW64\DRIVERS\SoundGridProtocol.sys [55296 2019-08-19] (Waves Audio Ltd.) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2022-10-07] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2023-11-03] (Windscribe Limited -> The OpenVPN Project)
R3 urvpndrv; C:\WINDOWS\System32\drivers\covpnv64.sys [61920 2022-10-18] (F5 Networks Inc -> F5 Networks, Inc.)
R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [38152 2023-11-16] (Windscribe Limited -> )
R3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2023-11-03] (Windscribe Limited -> WireGuard LLC)
R1 WinRing0_1_2_0; C:\PROGRAM FILES (X86)\NOTEBOOK FANCONTROL\PLUGINS\WinRing0x64.sys [14544 2024-01-20] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-03-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1447240 2023-06-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X]
S3 hsstap; \SystemRoot\System32\drivers\hsstap.sys [X]
S3 ssudcdf; \SystemRoot\System32\drivers\ssudcdf.sys [X]
S3 ssuddmgr; \SystemRoot\System32\drivers\ssuddmgr.sys [X]
S3 ssudobex; \SystemRoot\System32\drivers\ssudobex.sys [X]
S3 ssudserd; \SystemRoot\System32\drivers\ssudserd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-11 22:50 - 2024-04-11 23:07 - 000001291 _____ C:\Users\Geofish\Desktop\ESET Online Scanner.lnk
2024-04-11 22:15 - 2024-04-11 22:15 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-04-11 19:23 - 2024-04-11 19:41 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\AnyDesk
2024-04-11 18:53 - 2024-04-11 18:53 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240411_185347.txt
2024-04-11 00:16 - 2024-04-11 00:16 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240411_001654.txt
2024-04-11 00:11 - 2024-04-11 00:11 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240411_001159.txt
2024-04-10 23:41 - 2024-04-10 23:41 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_234122.txt
2024-04-10 23:38 - 2024-04-10 23:38 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_233832.txt
2024-04-10 23:35 - 2024-04-10 23:35 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_233555.txt
2024-04-10 23:31 - 2024-04-10 23:31 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_233134.txt
2024-04-10 23:20 - 2024-04-10 23:20 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_232008.txt
2024-04-10 22:40 - 2024-04-10 22:40 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_224045.txt
2024-04-10 22:40 - 2024-04-10 22:40 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2024-04-10 21:28 - 2024-04-10 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-04-10 21:28 - 2024-04-10 21:28 - 000000000 ____D C:\Program Files\VS Revo Group
2024-04-10 20:54 - 2024-04-10 20:54 - 000000000 ____D C:\Program Files\HitmanPro
2024-04-10 06:23 - 2024-04-10 06:23 - 000000000 ___HD C:\$WinREAgent
2024-04-10 04:13 - 2024-04-10 23:19 - 000001527 _____ C:\WINDOWS\system32\config\VSMIDK
2024-04-09 19:04 - 2024-04-11 18:53 - 148635648 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-04-04 18:50 - 2024-04-04 18:50 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-04 10:53 - 2024-04-04 10:53 - 000187761 _____ C:\Users\Geofish\Desktop\SFC_details.txt
2024-04-04 09:47 - 2024-04-04 09:47 - 000000000 ____D C:\WINDOWS\Panther
2024-04-03 09:41 - 2024-04-03 09:58 - 000000000 ____D C:\Users\Geofish\AppData\Local\Sysinternals
2024-04-03 09:05 - 2024-04-11 19:00 - 000000223 _____ C:\WINDOWS\wininit.ini
2024-04-03 03:12 - 2024-04-03 03:12 - 000000000 ____D C:\Users\Geofish\AppData\Local\Backup
2024-04-03 02:08 - 2024-04-03 02:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2024-04-03 01:59 - 2024-04-11 19:00 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2024-04-03 01:59 - 2024-04-11 19:00 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-04-02 16:32 - 2024-04-11 23:07 - 000001397 _____ C:\Users\Geofish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-04-02 16:32 - 2024-04-02 16:32 - 000000000 ____D C:\Users\Geofish\AppData\Local\ESET
2024-04-02 11:51 - 2024-04-11 23:40 - 000000000 ____D C:\FRST
2024-04-02 11:44 - 2024-04-02 11:44 - 000000996 _____ C:\WINDOWS\system32\.crusader
2024-04-02 11:39 - 2024-04-02 11:44 - 000000000 ____D C:\ProgramData\HitmanPro
2024-04-02 11:34 - 2024-04-10 20:48 - 000002244 _____ C:\Users\Geofish\Desktop\Rkill.txt
2024-04-02 10:57 - 2024-04-02 10:57 - 000063519 _____ C:\WINDOWS\system32\sfcdetails.txt
2024-04-02 01:19 - 2024-04-02 01:19 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-02 01:18 - 2024-04-02 01:18 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-01 22:49 - 2024-04-01 22:49 - 000008573 _____ C:\Users\Geofish\Desktop\virus.txt
2024-04-01 15:47 - 2024-04-01 15:47 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\Locktime
2024-04-01 15:46 - 2024-04-01 15:46 - 000001228 _____ C:\Users\Public\Desktop\NetLimiter.lnk
2024-04-01 15:46 - 2024-04-01 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter
2024-04-01 15:46 - 2024-04-01 15:46 - 000000000 ____D C:\ProgramData\Locktime
2024-04-01 15:46 - 2024-04-01 15:46 - 000000000 ____D C:\Program Files\Locktime Software
2024-03-31 04:08 - 2024-04-09 19:04 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-03-30 01:40 - 2024-03-30 01:40 - 000241348 _____ C:\ProgramData\cl.1711755362.bdinstall.v2.bin
2024-03-30 01:40 - 2024-03-30 01:40 - 000126580 _____ C:\ProgramData\cl.kit.1711755361.bdinstall.v2.bin
2024-03-30 01:39 - 2024-03-30 01:39 - 000000000 ____D C:\Program Files\Bitdefender
2024-03-30 01:36 - 2024-03-30 01:36 - 000003846 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2024-03-30 01:36 - 2024-03-30 01:36 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2024-03-30 01:34 - 2024-03-30 01:34 - 000143124 _____ C:\ProgramData\agent.1711755260.bdinstall.v2.bin
2024-03-30 01:34 - 2024-03-30 01:34 - 000000000 ____D C:\Users\Geofish\AppData\Local\Bitdefender
2024-03-30 01:34 - 2024-03-30 01:34 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2024-03-30 01:34 - 2024-03-30 01:34 - 000000000 ____D C:\Program Files\Bitdefender Agent
2024-03-30 00:37 - 2024-04-09 18:05 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-03-29 13:22 - 2024-04-11 22:16 - 000000000 ____D C:\Users\Geofish\AppData\Local\Malwarebytes
2024-03-29 12:53 - 2024-04-11 22:15 - 000000000 ____D C:\Users\Geofish\AppData\LocalLow\IGDump
2024-03-28 23:06 - 2024-04-09 15:59 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1286322575-3200454710-2639170948-1001
2024-03-28 23:06 - 2024-04-09 15:59 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1286322575-3200454710-2639170948-1000
2024-03-28 23:06 - 2024-04-09 15:59 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-03-28 23:06 - 2024-04-09 15:59 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-28 23:06 - 2024-03-28 23:06 - 000000000 ___RD C:\Users\defaultuser0\OneDrive
2024-03-28 23:06 - 2024-03-28 23:06 - 000000000 ___RD C:\Users\Default\OneDrive
2024-03-28 23:05 - 2024-03-28 23:05 - 000002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-03-28 23:00 - 2024-04-04 18:50 - 000000000 ____D C:\Program Files\Microsoft Office
2024-03-28 23:00 - 2024-03-28 23:00 - 000000000 ____D C:\Program Files\Microsoft Office 15
2024-03-28 21:57 - 2024-03-29 12:59 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\ServiceData
2024-03-28 21:57 - 2024-03-29 12:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Service
2024-03-28 21:57 - 2024-03-28 21:57 - 000000000 ____D C:\Users\Geofish\AppData\Local\Vaposenon
2024-03-28 21:36 - 2024-03-28 21:36 - 003983711 _____ C:\ProgramData\DBKEHDGDGHCBGCAKFIIIECFIIJ
2024-03-28 21:36 - 2024-03-28 21:36 - 003716272 _____ C:\ProgramData\AEGIJKEHCAKFCAKFHDAAAAECFC
2024-03-28 21:36 - 2024-03-28 21:36 - 003639917 _____ C:\ProgramData\HJKECAAAFHJECAAAEBFCAEBFHC
2024-03-28 21:36 - 2024-03-28 21:36 - 003639917 _____ C:\ProgramData\FBFHDBKJEGHJJJKFIIJEBGIJKK
2024-03-28 21:36 - 2024-03-28 21:36 - 003211264 _____ (as) C:\ProgramData\HCFIIIJJKJ.exe
2024-03-28 21:36 - 2024-03-28 21:36 - 002963265 _____ C:\ProgramData\FHIDAKFIJJKJJJKEBKJEHCBGDA
2024-03-28 21:36 - 2024-03-28 21:36 - 002154892 _____ C:\ProgramData\KFHJJDHJEGHJKECBGCFHDBFIEG
2024-03-28 21:36 - 2024-03-28 21:36 - 001862821 _____ C:\ProgramData\BFBGHDGCFHIDBGDGIIIEHIJDAF
2024-03-28 21:36 - 2024-03-28 21:36 - 001709054 _____ C:\ProgramData\JKJECBAAAFHIIEBFCBKFIDGDHI
2024-03-28 21:36 - 2024-03-28 21:36 - 001626853 _____ C:\ProgramData\FCFIEHCFIECBGCBFHIJJKEGHIE
2024-03-28 21:36 - 2024-03-28 21:36 - 001560300 _____ C:\ProgramData\CAAAAFBKFIECAAKECGCAAKJECB
2024-03-28 21:36 - 2024-03-28 21:36 - 001441639 _____ C:\ProgramData\JDGIECGIEBKJJJJKEGHJJJKEBA
2024-03-28 21:36 - 2024-03-28 21:36 - 001378462 _____ C:\ProgramData\BAECFCAAECBGDGDHIEHJEBAAFI
2024-03-28 21:36 - 2024-03-28 21:36 - 001171751 _____ C:\ProgramData\CFCGIIEHIEGDGDGCAEBGDAKFCB
2024-03-28 21:36 - 2024-03-28 21:36 - 001150136 _____ C:\ProgramData\EHDAAECAEBKJKFHJKECFIJJDAE
2024-03-28 21:36 - 2024-03-28 21:36 - 001080140 _____ C:\ProgramData\FCFBFHIEBKJKFHIEBFBAEGHJDB
2024-03-28 21:36 - 2024-03-28 21:36 - 000700951 _____ C:\ProgramData\DBAAFIDGDAAAAAAAAKEBFHDBGH
2024-03-28 21:36 - 2024-03-28 21:36 - 000700844 _____ C:\ProgramData\IEGCBFHJDHJJKFIDBGIJJEGDBF
2024-03-28 21:36 - 2024-03-28 21:36 - 000646515 _____ C:\ProgramData\GIIEGHIDBGHIECAAECGDAEHDHJ
2024-03-28 21:36 - 2024-03-28 21:36 - 000593495 _____ C:\ProgramData\DHDAKFCGIJKJKFHIDHIIIEBGCB
2024-03-28 21:36 - 2024-03-28 21:36 - 000556863 _____ C:\ProgramData\AKJDGIEHCAEHIEBFBKKKKFIDBK
2024-03-28 21:36 - 2024-03-28 21:36 - 000556849 _____ C:\ProgramData\ECBGHCGCBKFIECBFHIDGHDGIEG
2024-03-28 21:36 - 2024-03-28 21:36 - 000556849 _____ C:\ProgramData\CAEGHIJEHJDHIDHIDAEHCGDHJJ
2024-03-28 21:36 - 2024-03-28 21:36 - 000537536 _____ C:\ProgramData\JDAEHJJECAEGCAAAAEGIEBKEBK
2024-03-28 21:36 - 2024-03-28 21:36 - 000519796 _____ C:\ProgramData\KFCFBFHIEBKJKFHIEBFBAEGHJD
2024-03-28 21:36 - 2024-03-28 21:36 - 000519756 _____ C:\ProgramData\FIIECFHDBAAECAAKFHDHIIJKFH
2024-03-28 21:36 - 2024-03-28 21:36 - 000450862 _____ C:\ProgramData\GCAFCAFHJJDBFIECFBKECFHDGI
2024-03-28 21:36 - 2024-03-28 21:36 - 000449915 _____ C:\ProgramData\FHIDBKFCAAEBFIDHDBAECFIEGC
2024-03-28 21:36 - 2024-03-28 21:36 - 000435169 _____ C:\ProgramData\HJDGCGDBGCAAEBFIECGHDGCAAE
2024-03-28 21:36 - 2024-03-28 21:36 - 000435169 _____ C:\ProgramData\CAFBGHIDBGHJJKFHJDHCBKJDGC
2024-03-28 21:36 - 2024-03-28 21:36 - 000434616 _____ C:\ProgramData\KJDGDBFBGIDGIEBGHCGIECGIEC
2024-03-28 21:36 - 2024-03-28 21:36 - 000428389 _____ C:\ProgramData\KKEBKJJDGHCBGCAAKEHDBAEGHD
2024-03-28 21:36 - 2024-03-28 21:36 - 000421331 _____ C:\ProgramData\CAAAFCAKKKFBFIDGDBFHJJEHID
2024-03-28 21:36 - 2024-03-28 21:36 - 000386062 _____ C:\ProgramData\BGCAAFHIEBKJKEBFIEHDGDAEBK
2024-03-28 21:36 - 2024-03-28 21:36 - 000361121 _____ C:\ProgramData\AKFCFBAAEHCFHJJKEHJKJDHJDG
2024-03-28 21:36 - 2024-03-28 21:36 - 000305729 _____ C:\ProgramData\BGIJJKKJJDAAAAAKFHJJDGDAFB
2024-03-28 21:36 - 2024-03-28 21:36 - 000301561 _____ C:\ProgramData\CAEHCFCBKKJDGCAKFCFIIIECGC
2024-03-28 21:36 - 2024-03-28 21:36 - 000295162 _____ C:\ProgramData\CGCFCFBKFCFCBGDGIEGHJDAFHJ
2024-03-28 21:36 - 2024-03-28 21:36 - 000292065 _____ C:\ProgramData\IJKKEHJDHJKFIECAAKFIJJKJKF
2024-03-28 21:36 - 2024-03-28 21:36 - 000275423 _____ C:\ProgramData\DBFHDHJKKJDHJJJJKEGHIDGDHD
2024-03-28 21:36 - 2024-03-28 21:36 - 000213270 _____ C:\ProgramData\BGDAKEHIIDGDAAKECBFBKKFCGH
2024-03-28 21:36 - 2022-01-13 18:51 - 052083387 _____ C:\ProgramData\KJEBKJDAFHJDGDHJKKEGIJDAKJ
2024-03-28 21:36 - 2020-03-13 09:20 - 000242857 _____ C:\ProgramData\JDHIEBFHCAKEHIDGHCBAKKKJEG
2024-03-28 21:36 - 2019-08-14 16:13 - 000307589 _____ C:\ProgramData\AFBFHDBKJEGHJJJKFIIJEBGIJK
2024-03-28 21:36 - 2019-08-14 14:59 - 000303204 _____ C:\ProgramData\BKKFCFBKFCFBFIDGCGDHJDBKFH
2024-03-28 21:35 - 2024-03-28 21:36 - 000537322 _____ C:\ProgramData\JJDGCGHCGHCBFHJJKKJEHJEHJE
2024-03-28 21:35 - 2024-03-28 21:36 - 000386062 _____ C:\ProgramData\KFCFBAAEHCFHJJKEHJKJDHJDGI
2024-03-28 21:35 - 2024-03-28 21:35 - 081303158 _____ C:\ProgramData\HDGCAAFBFBKFIDGDHJDBKECFBA
2024-03-28 21:35 - 2024-03-28 21:35 - 080614844 _____ C:\ProgramData\KJECFHCBKKEBAKFIJDHIJDAKKE
2024-03-28 21:35 - 2024-03-28 21:35 - 075397057 _____ C:\ProgramData\IEBFIEBAFCBAAAAKJKJEBGHJKF
2024-03-28 21:35 - 2024-03-28 21:35 - 052046657 _____ C:\ProgramData\AKJKFBAFIDAEBFHJKJEBFCBFHD
2024-03-28 21:35 - 2022-01-14 01:11 - 058343096 _____ C:\ProgramData\JDGIIJJDHDGCGDHIJDAKJKKKFH
2024-03-28 21:35 - 2022-01-13 22:12 - 051880035 _____ C:\ProgramData\AAEBAFBGIDHCBFHIECFCBGHIEG
2024-03-28 21:35 - 2022-01-13 20:47 - 043224137 _____ C:\ProgramData\FCFHJKJJJECGDHJJDHDAAAFBKF
2024-03-28 21:35 - 2022-01-13 20:46 - 058072161 _____ C:\ProgramData\GDBFCGIIIJDBGCBGIDGIDGCGHJ
2024-03-28 21:35 - 2022-01-13 20:46 - 056197689 _____ C:\ProgramData\EHDHIDAEHCFHJJJJECAAFBKJJD
2024-03-28 21:35 - 2022-01-13 20:46 - 054691925 _____ C:\ProgramData\HDAKJDHIEBFIIDGDGDBAEGCGDA
2024-03-28 21:35 - 2022-01-13 20:46 - 054041501 _____ C:\ProgramData\CGHCGIIDGDAKFIEBKFCFIDAFBF
2024-03-28 21:35 - 2022-01-13 20:46 - 052923142 _____ C:\ProgramData\FHCGCFHDHIIIDGCAAEGDAFBFHD
2024-03-28 21:35 - 2022-01-13 20:46 - 048306145 _____ C:\ProgramData\DHIEHIIEHIEHJKEBKEHJKJEBGI
2024-03-28 21:35 - 2022-01-13 20:46 - 047427044 _____ C:\ProgramData\EGIJKEHCAKFCAKFHDAAAAECFCG
2024-03-28 21:35 - 2022-01-13 20:46 - 002149546 _____ C:\ProgramData\JKECFCFBGDHIECAAFIIDAKKJJK
2024-03-28 21:35 - 2022-01-13 20:40 - 092098057 _____ C:\ProgramData\KKECFIEBGCAKJKECGCFIIECGDB
2024-03-28 21:35 - 2022-01-13 20:40 - 053391887 _____ C:\ProgramData\FHDAFIIDAKJDGDHIDAKJJJEHCF
2024-03-28 21:35 - 2022-01-13 20:39 - 100231573 _____ C:\ProgramData\IEHJDGIDBAAFIDGCGCAKKKFBFH
2024-03-28 21:35 - 2022-01-13 20:39 - 099457824 _____ C:\ProgramData\CBKJEGCBKKJECBGCGDBAKJEBAA
2024-03-28 21:35 - 2022-01-13 20:37 - 051721966 _____ C:\ProgramData\GIJECGDGCBKECAKFBGCAKECGIE
2024-03-28 21:35 - 2022-01-13 20:37 - 049739975 _____ C:\ProgramData\GDBKJDGIJECFIEBFIDHCGHDHIE
2024-03-28 21:35 - 2022-01-13 20:37 - 046228343 _____ C:\ProgramData\AFHIEBKKFHIEGCAKECGHJEHIEG
2024-03-28 21:35 - 2022-01-13 20:24 - 055543264 _____ C:\ProgramData\KECFIDGCBFBAKEBFBKFBFBAFII
2024-03-28 21:35 - 2022-01-13 20:05 - 061549386 _____ C:\ProgramData\FBFIDBFHDBGIDHJJEGHIIDAFID
2024-03-28 21:35 - 2022-01-13 20:05 - 000975866 _____ C:\ProgramData\EBAEBFIIECBGCBGDHCAFCGDBGC
2024-03-28 21:35 - 2022-01-13 18:54 - 091571431 _____ C:\ProgramData\IECAFHDBGHJKFIDHJJJEBKEBGI
2024-03-28 21:35 - 2022-01-13 18:54 - 068839290 _____ C:\ProgramData\DHJKJKKKJJJKJKFHJJJJECBFCG
2024-03-28 21:35 - 2022-01-13 18:47 - 049243738 _____ C:\ProgramData\AFHDAEGHDGDBGDGDAAFIJEHDHD
2024-03-28 21:35 - 2022-01-13 18:44 - 042424287 _____ C:\ProgramData\KEHDHIDAEHCFHJJJJECAAFBKJJ
2024-03-28 21:35 - 2022-01-13 18:44 - 041736243 _____ C:\ProgramData\FHJDAAEGIDHDGCAAFCBAFHDAKJ
2024-03-28 21:35 - 2022-01-13 18:42 - 050244930 _____ C:\ProgramData\AFCAAEGDBKJJKECBKFHCBAECAF
2024-03-28 21:35 - 2022-01-13 18:40 - 053238908 _____ C:\ProgramData\JKEHIIJJECFHJKECFHDGIIDBGD
2024-03-28 21:35 - 2022-01-13 18:40 - 052189842 _____ C:\ProgramData\CBAKEBGIIDAFIDHIIECFCFIEGH
2024-03-28 21:35 - 2022-01-13 18:38 - 068712429 _____ C:\ProgramData\DGCFHIDAKECFHIEBFCGIJDBKJD
2024-03-28 21:35 - 2022-01-13 18:34 - 032979973 _____ C:\ProgramData\GIEHJKEBAAEBGCAAEBFHJKKKEC
2024-03-28 21:35 - 2022-01-13 18:31 - 088588946 _____ C:\ProgramData\KFIJEGCBGIDGHIDHDGCBFCGDGC
2024-03-28 21:35 - 2022-01-13 18:24 - 053637524 _____ C:\ProgramData\DGHIDHCAAKECGCBFIJDBAAFBGH
2024-03-28 21:35 - 2022-01-13 18:24 - 053195142 _____ C:\ProgramData\DHCBAEHJJJKKFIDGHJECAFIDAF
2024-03-28 21:35 - 2022-01-13 18:18 - 078716306 _____ C:\ProgramData\EGHCAKKEGCAAFHJJJDBKJECFBK
2024-03-28 21:35 - 2022-01-13 18:17 - 071966690 _____ C:\ProgramData\AAKKECFBGIIIEBGDGDAKJKKKEB
2024-03-28 21:35 - 2022-01-13 18:15 - 098002431 _____ C:\ProgramData\KJEGCFBGDHJJJJJKJECFCFCAAK
2024-03-28 21:35 - 2022-01-13 18:14 - 069866085 _____ C:\ProgramData\ECAKKKKJDBKKFIEBKEHDGCAFCB
2024-03-28 21:35 - 2022-01-13 18:11 - 055989215 _____ C:\ProgramData\JEBKKEGDBFIIEBFHIEHCBKJJKJ
2024-03-28 21:35 - 2022-01-13 18:04 - 089913532 _____ C:\ProgramData\AEBAKJDGHIIJJKFHCFCAFCFCGI
2024-03-28 21:35 - 2019-08-08 20:04 - 031146984 _____ C:\ProgramData\JECAEHJJJKJKFIDGCBGIJJJEHI
2024-03-28 21:35 - 2016-05-30 00:51 - 077216990 _____ C:\ProgramData\GHDBAFIIECBFHIEBKJJKEBFCBG
2024-03-28 21:34 - 2024-03-28 21:36 - 001226584 _____ C:\ProgramData\EBAKEBAECGCBAAAAAEBAFBGIDH
2024-03-28 21:34 - 2024-03-28 21:36 - 000798764 _____ C:\ProgramData\JDAKJJDBGCAKKFHIJEGHCGHJKJ
2024-03-28 21:34 - 2024-03-28 21:36 - 000652406 _____ C:\ProgramData\DAKJDHIEBFIIDGDGDBAEGCGDAE
2024-03-28 21:34 - 2024-03-28 21:36 - 000539069 _____ C:\ProgramData\HJJEGIEHIJKKFIDHDGIDAKECFH
2024-03-28 21:34 - 2024-03-28 21:36 - 000519756 _____ C:\ProgramData\BGDAAKJJDAAKFHJKJKFCAEHDAF
2024-03-28 21:34 - 2024-03-28 21:36 - 000449915 _____ C:\ProgramData\KKFHJJDHJEGHJKECBGCFHDBFIE
2024-03-28 21:34 - 2024-03-28 21:36 - 000334662 _____ C:\ProgramData\HDGCFHIDAKECFHIEBFCGIJDBKJ
2024-03-28 21:34 - 2024-03-28 21:36 - 000292903 _____ C:\ProgramData\EHIJJDGDHDGDAKFIECFIJEGDHI
2024-03-28 21:34 - 2022-01-13 20:46 - 056399392 _____ C:\ProgramData\KEGCFCAKFHCGCBFHCGHDBGIJJD
2024-03-28 21:34 - 2022-01-13 20:46 - 054672345 _____ C:\ProgramData\DGDBKFBAKFBFHIECFBFIJKJKKF
2024-03-28 21:34 - 2022-01-13 20:34 - 049846139 _____ C:\ProgramData\JJEGIJEGDBFHDGCAFCAEBGCGCB
2024-03-28 21:34 - 2022-01-13 18:17 - 095565331 _____ C:\ProgramData\CAKKJKKECFIDGDHIJEGDAKFBFB
2024-03-28 21:34 - 2022-01-13 18:04 - 045594339 _____ C:\ProgramData\GDBKKFHIEGDHJKECAAKKEBAFIJ
2024-03-28 21:34 - 2022-01-13 17:18 - 074259072 _____ C:\ProgramData\HJJKJJDHCGCAECAAECFHDAECFH
2024-03-28 21:34 - 2014-06-26 13:35 - 007573378 _____ C:\ProgramData\JDBGDHIIDAEBFHJJDBFIDGIJEG
2024-03-28 21:34 - 2014-04-14 18:59 - 007480977 _____ C:\ProgramData\GHJKJDAKEHJDGDGDGHIDAEGIJJ
2024-03-28 21:34 - 2014-03-23 21:18 - 007480977 _____ C:\ProgramData\JJEGCBGIDHCAKEBGIIDBKFIEHI
2024-03-28 21:34 - 2013-07-23 21:24 - 003952311 _____ C:\ProgramData\AFCFHDHIIIECBGCAKFIJDHJEGI
2024-03-28 21:34 - 2013-07-23 21:21 - 001910109 _____ C:\ProgramData\IIEHJEHDBGHIDGDGHCBGDGCBFI
2024-03-28 21:34 - 2013-03-31 18:33 - 003483005 _____ C:\ProgramData\HIEHDHCFIJDBFHJJDBFHJKJDHI
2024-03-28 21:34 - 2013-02-22 21:01 - 004336207 _____ C:\ProgramData\DBAEHCGHIIIDHIECFHJDHDGHDB
2024-03-28 21:34 - 2013-02-22 20:03 - 005251901 _____ C:\ProgramData\HJJECBKKECFIEBGCAKJKECGCFI
2024-03-28 21:34 - 2013-01-04 18:36 - 052976969 _____ C:\ProgramData\AFHDAKJKFCFBGCBGDHCBAFCAKE
2024-03-28 21:34 - 2012-09-08 10:49 - 041967361 _____ C:\ProgramData\KKJKFBKKECFHJKEBKEHIDAEBKF
2024-03-28 21:34 - 2012-08-29 16:38 - 007657970 _____ C:\ProgramData\AKKKECBKKECGCAAAEHJKJJJDGI
2024-03-28 21:34 - 2012-08-29 16:31 - 009954202 _____ C:\ProgramData\ECGDBAEHIJKKFHIEGCBGCAFIJJ
2024-03-28 21:34 - 2012-08-29 16:10 - 020857368 _____ C:\ProgramData\DHJDAKEGDBFHCAAKJJJDAEHCAA
2024-03-28 21:34 - 2012-08-29 15:58 - 003858597 _____ C:\ProgramData\GDAEBKJDHDAFIECBAKKJDAEHIE
2024-03-28 21:34 - 2012-08-29 15:52 - 009802450 _____ C:\ProgramData\JDAKJDAAFBKFHIEBFCFBKKKECG
2024-03-28 21:34 - 2012-04-14 12:49 - 009091076 _____ C:\ProgramData\DGDHJEGIEBFHDGDGHDHIEBKFHD
2024-03-28 21:34 - 2012-04-09 15:30 - 006172292 _____ C:\ProgramData\FHCBGIIJKEBFCBGDBAEBGCFIEH
2024-03-28 21:34 - 2012-03-24 19:00 - 009952232 _____ C:\ProgramData\FBFCFIEBKEGHIDGCAFBFBFHDBA
2024-03-28 21:34 - 2012-02-24 19:49 - 005665090 _____ C:\ProgramData\DHCGHDHIDHCBGCBGCAEBAKEHCB
2024-03-28 21:34 - 2012-02-24 19:45 - 003884280 _____ C:\ProgramData\JDBGHIIDAECBFIDHIIDGIIIIII
2024-03-28 21:34 - 2012-02-24 18:26 - 003346168 _____ C:\ProgramData\GHDAKKJJJKJKECBGCGDAEBAEHI
2024-03-28 21:34 - 2011-11-18 16:05 - 006322034 _____ C:\ProgramData\GHJKEHJEGCFCAKFIIJJJECBFBA
2024-03-28 21:34 - 2011-10-27 16:58 - 012715037 _____ C:\ProgramData\EHIJDHCAKKFCBGCBAAECFIJDAK
2024-03-28 21:34 - 2011-10-23 13:53 - 006477770 _____ C:\ProgramData\DGHJEHJJDAAAKEBGCFCAAAAEHC
2024-03-28 21:34 - 2011-09-01 19:15 - 007279585 _____ C:\ProgramData\AAKJEGCFBGDHJJJJJKJECFCFCA
2024-03-28 21:34 - 2011-07-20 18:48 - 004200672 _____ C:\ProgramData\CAKEBFCFIJJKKECAKJEHDAAFIE
2024-03-28 21:34 - 2011-07-20 18:48 - 002951978 _____ C:\ProgramData\GHJJDGHCBGDHIECBGIDAEHCGDG
2024-03-28 21:34 - 2011-06-18 17:26 - 005085508 _____ C:\ProgramData\ECGDAAFIIJDAAAAKFHIDAAAKJJ
2024-03-28 21:34 - 2011-06-18 14:13 - 003914296 _____ C:\ProgramData\KFIDBAFHCAKFBGCBFHIJKECGII
2024-03-28 21:34 - 2011-06-18 13:45 - 003631313 _____ C:\ProgramData\FBGHCGCAEBFIJKFIDBGHDGHCGH
2024-03-28 21:34 - 2011-05-21 16:00 - 006757932 _____ C:\ProgramData\FBKFCFBFIDGCGDHJDBKFHCFBGI
2024-03-28 21:34 - 2011-02-25 18:01 - 000812413 _____ C:\ProgramData\CAKKEGDGCGDAKEBFIJECGHJEGC
2024-03-28 21:34 - 2011-01-05 17:02 - 006191840 _____ C:\ProgramData\IEHDAFHDHCBFIDGCFIDGHJDGDA
2024-03-28 21:34 - 2011-01-04 15:22 - 004669670 _____ C:\ProgramData\FCAEBFIJKEBGHIDHIEGIJEBFII
2024-03-28 21:34 - 2010-11-21 17:11 - 003346168 _____ C:\ProgramData\KKJKEBKFCAAECAAAAAECFBKECG
2024-03-28 21:34 - 2010-09-15 20:20 - 005490454 _____ C:\ProgramData\BGCAFHCAKFBFIECAFIIJKKJEGC
2024-03-28 21:34 - 2010-01-30 20:39 - 007488800 _____ C:\ProgramData\BAKFCBFHJDHJKECAKEHIDGIJJD
2024-03-28 21:34 - 2009-06-26 16:40 - 008077145 _____ C:\ProgramData\HJJEGCAAECBFIEBGHJDGIJDHDH
2024-03-28 21:34 - 2009-05-15 13:56 - 009774470 _____ C:\ProgramData\KFBAECBAEGDGDHIEHIJJEBFHDA
2024-03-28 21:34 - 2008-11-03 22:07 - 005743042 _____ C:\ProgramData\BFCAAEHJDBKJJKFHJEBKFBGDAA
2024-03-28 21:34 - 2008-11-03 21:51 - 008826859 _____ C:\ProgramData\EBAFHCBFHDHCAAKFHDGDBKFCGC
2024-03-28 21:34 - 2008-10-30 23:11 - 004848634 _____ C:\ProgramData\HCBFIJJECFIEBGDGCFIJKFCBGI
2024-03-28 21:34 - 2008-10-30 22:11 - 004848634 _____ C:\ProgramData\FIEHIIIJDAAAAAAKECBFBAEBKJ
2024-03-28 21:34 - 2008-10-14 18:38 - 004029109 _____ C:\ProgramData\IIECFHDBAAECAAKFHDHIIJKFHJ
2024-03-28 21:34 - 2008-10-14 18:38 - 001815440 _____ C:\ProgramData\JJJEGCGDGHCBFHIDHDAAFBGCFB
2024-03-28 21:34 - 2008-10-14 18:36 - 002638127 _____ C:\ProgramData\CFIIIJJKJKFHIDGDBAKJEBKEGC
2024-03-28 21:34 - 2008-10-14 18:35 - 003186739 _____ C:\ProgramData\HIJJDGDHDGDAKFIECFIJEGDHII
2024-03-28 21:34 - 2008-10-14 06:16 - 003973900 _____ C:\ProgramData\EGHJKFHJJJKJJJJKEHCBGCGDAF
2024-03-28 21:34 - 2008-10-14 06:16 - 003865966 _____ C:\ProgramData\GHDHDGHJEBGIDGDGIJJKFBAAKK
2024-03-28 21:34 - 2008-10-12 16:40 - 004717206 _____ C:\ProgramData\GCGCFCBAKKFBFIECAEBAEBGCGD
2024-03-28 21:34 - 2008-10-12 16:40 - 004047743 _____ C:\ProgramData\GIIDBGDAFHJDHIDGDGIIEBGIEG
2024-03-28 21:34 - 2008-10-12 16:38 - 006128004 _____ C:\ProgramData\FCFBGIDAEHCFIDGCBGIIEBKKKF
2024-03-28 21:34 - 2008-09-09 10:53 - 008996072 _____ C:\ProgramData\HDAFIIDAKJDGDHIDAKJJJEHCFB
2024-03-28 21:34 - 2008-09-09 10:53 - 001319436 _____ C:\ProgramData\EGDGIIJJECFIDHJJKKFCAECFHI
2024-03-28 21:34 - 2008-08-10 02:47 - 009566476 _____ C:\ProgramData\BAFCFHDHIIIECBGCAKFIJDHJEG
2024-03-28 21:34 - 2008-08-10 02:47 - 008883453 _____ C:\ProgramData\DAFHIDGIJKJKECBGDBGHDBKFHI
2024-03-28 21:34 - 2008-08-10 02:47 - 008553216 _____ C:\ProgramData\FBKECFIIEHCFHIECAFBAKJJDGD
2024-03-28 21:34 - 2008-08-10 02:47 - 005729142 _____ C:\ProgramData\FIJDGIJJKEGIEBGCGDHCFIDAAE
2024-03-28 21:34 - 2008-08-10 02:47 - 005719619 _____ C:\ProgramData\IDHIEBAAKJDHIECAAFHCAECAFC
2024-03-28 21:34 - 2008-08-10 02:47 - 004694620 _____ C:\ProgramData\IJDHDGDAAAAKFIDGHJDGCGCFHJ
2024-03-28 21:34 - 2008-08-10 02:47 - 003821733 _____ C:\ProgramData\GDBAKKKFBGDHJKFHJJJJDGCBKF
2024-03-28 21:34 - 2008-08-10 02:47 - 003304999 _____ C:\ProgramData\BFHJECAAAFHIJKFIJEGCAKKECA
2024-03-28 21:34 - 2008-08-10 02:47 - 002758105 _____ C:\ProgramData\HJKJEHJKJEBGHJJKEBGIECAAFI
2024-03-28 21:34 - 2008-08-10 02:47 - 002651760 _____ C:\ProgramData\AFHDBGHJKFIDHJJJEBKEBGIEBG
2024-03-28 21:34 - 2008-08-10 02:47 - 002064015 _____ C:\ProgramData\JJJJEBGDAFHJEBGDGIJDHCAKJK
2024-03-28 21:34 - 2008-08-10 02:46 - 010054953 _____ C:\ProgramData\CFHDBFIEGIDGIECBKJECBKFHCA
2024-03-28 21:34 - 2008-08-10 02:46 - 006512187 _____ C:\ProgramData\CGIDHIIJKEBGHJJKFIDAAFCAKJ
2024-03-28 21:34 - 2008-08-10 02:46 - 006496021 _____ C:\ProgramData\AKECBFBAEBKJJJJKFCGCBKKEHD
2024-03-28 21:34 - 2008-08-10 02:46 - 005801295 _____ C:\ProgramData\HCAEHJJKFCAAFHJKFBKKEBKECB
2024-03-28 21:34 - 2008-08-10 02:46 - 004217193 _____ C:\ProgramData\IDHIIJJJKEGIDGCBAFIJECGIEG
2024-03-28 21:34 - 2008-08-10 02:46 - 003630338 _____ C:\ProgramData\CAAEBKEGHJKEBFHJDBFCFBKKJJ
2024-03-28 21:34 - 2008-08-10 02:46 - 003207808 _____ C:\ProgramData\GDBFHDHJKKJDHJJJJKEGHIDGDH
2024-03-28 21:34 - 2008-04-21 16:18 - 005225641 _____ C:\ProgramData\GIEGHJEGHJKFIEBFHJKKKFHCFH
2024-03-28 21:34 - 2008-04-15 22:23 - 026856640 _____ C:\ProgramData\GHDBKFHIJKJKECAAAECAECFBFI
2024-03-28 21:34 - 2008-04-15 22:23 - 010587202 _____ C:\ProgramData\BFIIIDAFBFBKECBGDBGIIIJJDA
2024-03-28 21:34 - 2008-04-15 22:23 - 006333598 _____ C:\ProgramData\CFHDHIJDGCBAKFIEGHCBGHJDAF
2024-03-28 21:34 - 2008-04-15 22:23 - 006303197 _____ C:\ProgramData\GCFCFCGCGIEHIECAFCFIJJKKFH
2024-03-28 21:34 - 2008-04-15 22:23 - 006252287 _____ C:\ProgramData\GCGHIIDHCGHCAAAAAFIJEGHJDH
2024-03-28 21:34 - 2008-04-15 22:23 - 005511450 _____ C:\ProgramData\EHIDAKECFIEBGDHJEBKKKKJKKE
2024-03-28 21:34 - 2008-04-15 22:23 - 005299350 _____ C:\ProgramData\GDHCGDGIEBKJKFHJJKFCBFBGDA
2024-03-28 21:34 - 2008-04-15 22:23 - 005235800 _____ C:\ProgramData\IDHDGIEHJJJJEBGDAFHJEBGDGI
2024-03-28 21:34 - 2008-04-15 22:23 - 005188095 _____ C:\ProgramData\BKJKEBGDHDAFHJKEGIIDAFIEBF
2024-03-28 21:34 - 2008-04-15 22:23 - 005042153 _____ C:\ProgramData\KJKEHIIJJECFHJKECFHDGIIDBG
2024-03-28 21:34 - 2008-04-15 22:23 - 003203704 _____ C:\ProgramData\JKFIDGDHJEGIEBFHDGDGHDHIEB
2024-03-28 21:34 - 2008-04-15 22:23 - 003020985 _____ C:\ProgramData\EBAKKFHJDBKKEBFHDAAEBGIEGD
2024-03-28 21:34 - 2008-04-15 22:23 - 002219556 _____ C:\ProgramData\GHJDGDBFCBKFHJKFHCBKKFIIDG
2024-03-28 21:34 - 2008-04-15 22:22 - 003820487 _____ C:\ProgramData\CBAFCAKEHDHDHIDHDGDHJEGHID
2024-03-28 21:34 - 2008-04-15 22:22 - 001749777 _____ C:\ProgramData\CAAKFIIDGIEHIDGCGHIIECGIJK
2024-03-28 21:34 - 2007-11-01 15:11 - 001470825 _____ C:\ProgramData\BGHIIJDGHCBFIECBKEGHDHDBAF
2024-03-28 21:34 - 2007-11-01 15:11 - 001470825 _____ C:\ProgramData\AFIIIIJKFCAAECAKFIEHCGDHIE
2024-03-28 21:34 - 2007-11-01 15:08 - 001117830 _____ C:\ProgramData\AEHIJKKFHIEGCBGCAFIJJJJKKJ
2024-03-28 21:34 - 2007-01-22 00:46 - 001930977 _____ C:\ProgramData\KEBKJDBAAKJDGCBFHCFCGIEBFB
2024-03-28 21:34 - 2005-11-09 19:49 - 000282695 _____ C:\ProgramData\CBFCFBFBFBKFIDHJKFCAFCFBKJ
2024-03-28 21:34 - 2005-11-09 19:44 - 000257990 _____ C:\ProgramData\HCGDGIDGIJKKEBGDAECAEBKKEB
2024-03-28 21:34 - 2005-08-10 15:19 - 003478954 _____ C:\ProgramData\GIJEBKECBAKFBGDGCBGDBAECAK
2024-03-28 21:33 - 2024-03-28 21:36 - 000388505 _____ C:\ProgramData\AKJDGDGDHDGDBFIDHDBAFHCAAA
2024-03-28 21:33 - 2024-03-28 21:33 - 032314326 _____ C:\ProgramData\HCBAKJEHDBGHIEBGCGDGHCAKEB
2024-03-28 21:33 - 2024-03-28 21:33 - 002419301 _____ C:\ProgramData\AEBKKECBGIIJJKECGIJECGDHIE
2024-03-28 21:33 - 2024-03-28 21:33 - 001621566 _____ C:\ProgramData\JEHJKJEBGHJJKEBGIECAAFIJKJ
2024-03-28 21:33 - 2024-03-28 21:33 - 001237106 _____ C:\ProgramData\IJKFCFHJDBKKFHIEHIDGCFCAEB
2024-03-28 21:33 - 2024-03-28 21:33 - 000837949 _____ C:\ProgramData\BAAAAKJKJEBGHJKFHIDGCFCBAK
2024-03-28 21:33 - 2024-03-28 21:33 - 000580214 _____ C:\ProgramData\CAFIEBKKJJDAKFHIDBFHJDBFBA
2024-03-28 21:33 - 2024-03-28 21:33 - 000522014 _____ C:\ProgramData\AEHDAKFIJJKKEBGDBAAKKJJKEH
2024-03-28 21:33 - 2022-01-13 20:46 - 046528367 _____ C:\ProgramData\FBKKFBAEGDHJJJJKFBKFHCAFCB
2024-03-28 21:33 - 2021-03-09 08:32 - 001558835 _____ C:\ProgramData\BGIIEGIDHCBFIDHJDGDBGIEHJE
2024-03-28 21:33 - 2020-11-22 16:10 - 001743156 _____ C:\ProgramData\KKEHIEBKJKFIEBGDGDAAECGHDH
2024-03-28 21:33 - 2020-11-22 16:10 - 000943261 _____ C:\ProgramData\AEHIDAKECFIEBGDHJEBKKKKJKK
2024-03-28 21:33 - 2020-11-21 21:22 - 001370066 _____ C:\ProgramData\DAFIEHIEGDHIDGDGHDHJJJDGHJ
2024-03-28 21:33 - 2017-07-01 14:29 - 000409806 _____ C:\ProgramData\BAFIEGIECGCBKFIEBGCAAFIEBF
2024-03-28 21:33 - 2014-11-25 00:44 - 1865561346 _____ C:\ProgramData\GCGIDGCGIEGDGDGDGHJKKKJKEC
2024-03-28 21:33 - 2014-09-12 11:33 - 000422597 _____ C:\ProgramData\GIEHJDHCBAEHJJJKKFIDGHJECA
2024-03-28 21:33 - 2014-09-11 11:32 - 000191653 _____ C:\ProgramData\IIJEBFCFIJJJEBGDBAKEHCAFHI
2024-03-28 21:33 - 2014-08-30 08:54 - 002097288 _____ C:\ProgramData\BFIDGHDBAFIJJJJKJDHDAECAKF
2024-03-28 21:33 - 2014-07-16 23:17 - 000967768 _____ C:\ProgramData\HIJEGDBGDBFIJKECBAKFBFIDGC
2024-03-28 21:33 - 2014-06-01 01:01 - 000307529 _____ C:\ProgramData\IECGIEBAEBFIIECBGCBGDHCAFC
2024-03-28 21:33 - 2014-06-01 00:06 - 2228982760 _____ C:\ProgramData\CFHCBKKFIJJJECAAFCGIEHIDHJ
2024-03-28 21:33 - 2011-09-01 19:13 - 008601496 _____ C:\ProgramData\BKKKFCFIIJJKKFHIEHJKECGCGC
2024-03-28 21:33 - 2011-08-15 15:40 - 001756063 _____ C:\ProgramData\GDGHJEHJJDAAAKEBGCFCAAAAEH
2024-03-28 21:33 - 2008-10-14 18:35 - 003263929 _____ C:\ProgramData\IJKFHDBKFCAAECBFIDHJECBKEB
2024-03-28 21:33 - 2008-09-09 10:53 - 007979889 _____ C:\ProgramData\FIJKEHJJDAAKFHIDAKFHCBFCFB
2024-03-28 21:33 - 2008-04-15 22:23 - 008074550 _____ C:\ProgramData\HCAAEBKEGHJKEBFHJDBFCFBKKJ
2024-03-28 21:31 - 2024-03-03 15:45 - 004512768 _____ (The OpenSSL Project, hxxps://www.openssl.org/) C:\ProgramData\EHDAFIJJECFHJJKFCAKJJKEHID
2024-03-28 21:31 - 2020-04-19 23:00 - 000515617 _____ C:\ProgramData\KKJEBAAECBGDHIECAKJKKECFHJ
2024-03-28 21:31 - 2019-03-22 15:05 - 000548598 _____ C:\ProgramData\JKFHIIEHIEGDHJJJKFIIIIDGID
2024-03-28 21:31 - 2009-06-05 16:12 - 004694620 _____ C:\ProgramData\JJJDGIECFCAKKFHIIIJEGDHIIE
2024-03-28 21:29 - 2024-03-28 21:35 - 080151796 _____ C:\ProgramData\DAEGIDHDHIDGIEBGIJEHIJKFII
2024-03-28 21:29 - 2022-01-13 18:52 - 046864644 _____ C:\ProgramData\ECFHIJKJKFIDHJKFBGHCGCAEBF
2024-03-28 21:28 - 2024-03-28 21:28 - 000283481 _____ C:\ProgramData\GCBKECAKFBGCAKECGIEHDGHCBA
2024-03-28 21:28 - 2024-03-28 21:28 - 000283481 _____ C:\ProgramData\EBGCFBGCBFHJECBGDAKKJDGHII
2024-03-28 21:28 - 2024-03-28 21:28 - 000240440 _____ C:\ProgramData\FCAAEHJDBKJJKFHJEBKFBGDAAE
2024-03-28 21:25 - 2024-03-28 21:25 - 000000000 ____D C:\Users\Geofish\.oracle_jre_usage
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-04-11 23:14 - 2021-12-16 12:41 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-11 22:41 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-11 22:39 - 2019-12-07 20:14 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-11 22:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-11 22:19 - 2024-02-04 13:08 - 000000000 ____D C:\Program Files (x86)\Steam
2024-04-11 22:15 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-11 20:32 - 2020-01-10 20:53 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-04-11 20:32 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2024-04-11 19:21 - 2020-01-10 20:53 - 000000000 ____D C:\Users\Geofish\AppData\Local\TeamViewer
2024-04-11 19:16 - 2022-12-20 10:12 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-04-11 18:59 - 2021-03-12 15:55 - 002350512 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-11 18:59 - 2021-03-12 15:28 - 000553010 _____ C:\WINDOWS\system32\perfh008.dat
2024-04-11 18:59 - 2021-03-12 15:28 - 000088970 _____ C:\WINDOWS\system32\perfc008.dat
2024-04-11 18:59 - 2019-12-07 16:50 - 000742808 _____ C:\WINDOWS\system32\perfh007.dat
2024-04-11 18:59 - 2019-12-07 16:50 - 000150022 _____ C:\WINDOWS\system32\perfc007.dat
2024-04-11 18:54 - 2019-12-06 17:48 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-11 18:53 - 2021-03-12 15:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-11 18:53 - 2021-03-12 15:49 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-11 18:53 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-11 18:52 - 2021-03-12 15:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-11 11:59 - 2023-11-22 12:28 - 000000000 ____D C:\Users\Geofish\Desktop\Bewerbung
2024-04-11 11:59 - 2019-12-07 06:50 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\Microsoft\Word
2024-04-11 11:59 - 2019-12-07 06:36 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\Microsoft\Office
2024-04-11 09:09 - 2019-12-07 20:31 - 000000000 ____D C:\Users\Geofish\AppData\Local\D3DSCache
2024-04-11 01:17 - 2020-03-05 01:07 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-04-11 00:27 - 2022-10-02 15:07 - 000000000 ____D C:\Users\Geofish\AppData\Local\CrashDumps
2024-04-11 00:16 - 2017-09-21 17:28 - 000000000 __SHD C:\Users\Geofish\IntelGraphicsProfiles
2024-04-11 00:12 - 2021-03-12 15:51 - 000000000 ____D C:\Users\Geofish
2024-04-11 00:10 - 2021-03-12 15:51 - 000000000 ____D C:\Users\defaultuser0
2024-04-11 00:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-04-11 00:06 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-11 00:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\registration
2024-04-10 22:40 - 2020-04-14 14:13 - 000000000 ____D C:\Program Files\ElanFP
2024-04-10 22:13 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-10 21:08 - 2020-04-11 15:56 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\NoteBookFanControl
2024-04-10 20:26 - 2022-05-23 00:23 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-10 07:38 - 2021-03-12 15:49 - 000868424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-10 07:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-10 07:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-10 07:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-10 07:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-10 06:29 - 2021-03-12 15:52 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-10 03:58 - 2019-12-06 17:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-09 09:57 - 2019-12-07 17:50 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\vlc
2024-04-09 00:09 - 2022-12-20 10:12 - 000003860 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{BCEE0ED9-ED36-4150-9209-3118EDDA7F18}
2024-04-09 00:09 - 2022-12-20 10:12 - 000003736 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{5731B7DF-189A-4350-8BD8-73EEC82492D4}
2024-04-08 22:38 - 2019-12-06 18:27 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-08 00:04 - 2020-04-11 15:55 - 000000000 ____D C:\ProgramData\NbfcService
2024-04-07 15:00 - 2020-04-30 22:45 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\A1AUDIO.de
2024-04-06 01:31 - 2023-03-23 12:05 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-05 09:34 - 2023-03-07 02:13 - 000000000 ____D C:\Users\Geofish\Desktop\other
2024-04-04 18:50 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-04 18:41 - 2019-12-06 18:34 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-04-04 17:43 - 2021-03-12 15:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-04 17:42 - 2023-08-09 02:35 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-04-04 17:42 - 2023-04-24 20:59 - 000002046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-04-04 11:15 - 2019-12-19 23:06 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\uTorrent
2024-04-04 10:24 - 2019-12-19 18:24 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-04-04 09:27 - 2021-06-25 16:26 - 000000000 ____D C:\WINDOWS\Minidump
2024-04-03 19:25 - 2023-01-15 14:05 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{F7863B7E-BA40-4BCA-B7F3-83C4BA19A08B}
2024-04-03 19:25 - 2023-01-15 14:05 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{A72A6826-DA08-41D8-902C-1346C01792FA}
2024-04-02 22:57 - 2020-09-21 16:45 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\discord
2024-04-02 22:56 - 2020-09-21 16:45 - 000000000 ____D C:\Users\Geofish\AppData\Local\Discord
2024-04-02 22:05 - 2019-12-07 06:36 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\Microsoft\Excel
2024-04-02 12:18 - 2023-01-06 02:39 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-04-02 10:18 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-02 01:25 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-02 01:21 - 2023-12-13 11:07 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-02 01:21 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-04-02 01:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-02 01:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-02 01:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-03-31 00:55 - 2017-09-21 17:28 - 000000000 ___SD C:\Users\Geofish\AppData\Roaming\Microsoft\Credentials
2024-03-30 08:34 - 2023-11-16 03:53 - 000000000 ____D C:\Program Files\Windscribe
2024-03-29 21:59 - 2023-10-12 02:14 - 000000000 ____D C:\ProgramData\ValhallaVintageVerbPreferences
2024-03-29 21:59 - 2021-05-11 15:10 - 000000000 ____D C:\ProgramData\ValhallaVintageVerb
2024-03-29 11:49 - 2019-12-06 18:06 - 000000000 ____D C:\Users\Geofish\AppData\Local\Packages
2024-03-28 23:06 - 2017-09-21 17:30 - 000000000 ___RD C:\Users\Geofish\OneDrive
2024-03-28 22:35 - 2019-12-06 20:10 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2024-03-28 22:18 - 2020-01-27 01:50 - 000000000 ____D C:\ProgramData\FLEXnet
2024-03-18 13:01 - 2021-05-11 15:10 - 000000000 ____D C:\ProgramData\ValhallaShimmer
2024-03-16 22:06 - 2022-09-12 09:31 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\com.adobe.dunamis
2024-03-16 16:53 - 2021-05-11 15:10 - 000000000 ____D C:\ProgramData\ValhallaPlate
2024-03-14 09:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-14 09:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-14 09:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-14 09:25 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-13 22:21 - 2021-05-11 15:18 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences
2024-03-13 22:21 - 2021-05-11 15:10 - 000000000 ____D C:\ProgramData\ValhallaRoom
==================== Files in the root of some directories ========
2024-03-28 21:36 - 2024-03-28 21:36 - 003211264 _____ (as) C:\ProgramData\HCFIIIJJKJ.exe
2019-12-12 01:00 - 2020-01-26 05:50 - 000000028 _____ () C:\Users\Geofish\AppData\Roaming\kulerdata.json
2020-04-11 18:42 - 2020-04-11 18:42 - 000045056 _____ () C:\Users\Geofish\AppData\Roaming\Web Data
2020-04-11 18:42 - 2020-04-11 18:42 - 000000000 _____ () C:\Users\Geofish\AppData\Roaming\Web Data-journal
2020-01-31 16:33 - 2023-09-04 20:18 - 000008192 _____ () C:\Users\Geofish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2022-11-02 21:59 - 2022-11-02 21:59 - 000000000 _____ () C:\Users\Geofish\AppData\Local\oobelibMkey.log
2019-12-31 01:42 - 2023-10-11 02:26 - 000007605 _____ () C:\Users\Geofish\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by Geofish (11-04-2024 23:41:17)
Running from D:\Downloads
Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) (2021-03-12 13:58:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1286322575-3200454710-2639170948-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1286322575-3200454710-2639170948-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1286322575-3200454710-2639170948-1000 - Limited - Enabled) => C:\Users\defaultuser0
Gast (S-1-5-21-1286322575-3200454710-2639170948-501 - Limited - Disabled)
Geofish (S-1-5-21-1286322575-3200454710-2639170948-1001 - Administrator - Enabled) => C:\Users\Geofish
WDAGUtilityAccount (S-1-5-21-1286322575-3200454710-2639170948-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
A1TriggerGate version 1.4 (HKLM-x32\...\{B069846D-66D2-4A30-BB1C-0ADAA50E89DB}_is1) (Version: 1.4 - Alex Hilton / A1AUDIO.DE)
Ableton Live 11 Suite (HKLM\...\{7A330287-7165-47F2-B54D-C875E51DE1FB}) (Version: 11.0.0.0 - Ableton) Hidden
Ableton Live 11 Suite (HKLM-x32\...\{1debf041-c42f-4aca-839d-550648c00239}) (Version: 11.0.0.0 - Ableton)
Ableton Push Driver v5.50.0 (HKLM\...\{8CE98F88-3F07-4338-A036-B66414F3FD66}) (Version: 5.50.0 - Ableton) Hidden
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3028 - Acer Incorporated)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 24.001.20643 - Adobe)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.11.0.522.1 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Illustrator 2019 (HKLM-x32\...\ILST_23_1) (Version: 23.1 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Analog Lab V 5.8.0 (HKLM-x32\...\Analog Lab V_is1) (Version: 5.8.0 - Arturia)
ARIA Engine v1.9.7.3 (HKLM\...\ARIA Engine_is1) (Version: v1.9.7.3 - Plogue Art et Technologie, Inc)
Arturia Pigments (HKLM\...\Pigments_is1) (Version: 3.0.0.1375 - Arturia & Team V.R)
Arturia Software Center 2.7.1 (HKLM-x32\...\Arturia Software Center_is1) (Version: 2.7.1 - Arturia)
Arturia USB MIDI Driver v1.3.0 (HKLM-x32\...\Software_Arturia_arturiausbmidi_Setup) (Version: 1.3.0 - Arturia)
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
AutoCAD 2023 Shared (HKLM\...\{28B89EEF-6101-0000-4102-CF3F3A09B77D}) (Version: 24.2.161.0 - Autodesk) Hidden
AutoCAD 2023 Shared Language Pack - English (HKLM\...\{28B89EEF-6101-0409-5102-CF3F3A09B77D}) (Version: 24.2.153.0 - Autodesk) Hidden
Autodesk AutoCAD 2023 - English (HKLM\...\{73A78CE1-E03A-3415-826E-91A699E39B17}) (Version: 24.2.53.0 - Autodesk, Inc.)
Autodesk Identity Manager (HKLM\...\Autodesk Identity Manager) (Version: 1.10.4.0 - Autodesk)
Autodesk Interoperability Engine Manager (HKLM\...\{C4EFAB73-D98A-3676-A3F8-142FC78E0EF3}) (Version: 1.0.0.11 - Autodesk.com) Hidden
Autodesk Inventor Interoperability 2023 (HKLM\...\{E2B54F9E-FF26-47AE-9AE1-D7AFBC32DE0C}) (Version: 27.0.13400.0000 - Autodesk) Hidden
Autodesk Material Library 2023 (HKLM-x32\...\{8E133591-B0FD-4DB0-B60E-FB593CAF72B0}) (Version: 21.0.1.1 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2023 (HKLM-x32\...\{3B564A94-BA47-4E42-ACD6-B5C35291210B}) (Version: 21.0.1.1 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.16.2.0 - Autodesk, Inc.)
AutoHotkey 1.1.32.00 (HKLM\...\AutoHotkey) (Version: 1.1.32.00 - Lexikos)
Backmask version 1.0 (HKLM\...\{8A6411FB-7E85-4B61-9624-C624C89B9A07}_is1) (Version: 1.0 - Freakshow Industries)
BIG-IP Edge Client (HKLM-x32\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 72.23.0718.0858 - F5 Networks, Inc.)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 72.2023.0718.0858 - F5 Networks, Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 27.0.1.266 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 123.1.64.122 - Brave Software Inc)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.74.1085 - AB Team, d.o.o.)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
Cardinal version 22.10 (HKLM\...\Cardinal_is1) (Version: 22.10 - DISTRHO)
Chrome Remote Desktop Host (HKLM-x32\...\{B3DF9767-C635-4558-A655-D586070E2CE3}) (Version: 124.0.6367.18 - Google LLC)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.1001 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Discord) (Version: 0.0.311 - Discord Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.)
DumpsterFire version 1.01 (HKLM\...\{B2F19491-19F8-4116-966F-06B581001600}}_is1) (Version: 1.01 - Freakshow Industries)
Efx REFRACT 1.0.0 (HKLM-x32\...\Efx REFRACT_is1) (Version: 1.0.0 - Arturia)
ELAN FingerPrint (HKLM\...\ElanFP) (Version: 1.6.10.1102 - ELAN Microelectronic Corp.)
ELAN HIDI2C Filter Driver X64 13.6.7.2_WHQL (HKLM\...\Elantech) (Version: 13.6.7.2 - ELAN Microelectronic Corp.)
Electric Sheep 3.0.2 (HKLM-x32\...\Electric Sheep) (Version: 3.0.2 - Electricsheep)
Electric Sheep HD version 20200622 (HKLM-x32\...\{4914324E-3650-433D-8127-3D98A5DA489D}_is1) (Version: 20200622 - Electric Sheep HD)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Eventide Ensemble Bundle (HKLM\...\Eventide Ensemble Bundle_is1) (Version: 2.14.4 - Eventide)
Exponential Audio Excalibur (HKLM\...\Excalibur_is1) (Version: 5.0.0 - Exponential Audio)
Exponential Audio PhoenixVerb (HKLM\...\PhoenixVerb_is1) (Version: 6.0.1 - Exponential Audio)
FabFilter Total Bundle (HKLM\...\FabFilter Total Bundle_is1) (Version: 2019.03.13 - FabFilter)
Focusrite Audio Drivers 4.119.13.33 (HKLM\...\Focusrite Audio Drivers_is1) (Version: 4.119.13.33 - Focusrite Audio Engineering, Ltd.)
Focusrite Control 3.17.0.179 (HKLM\...\Focusrite Control_is1) (Version: 3.17.0.179 - Focusrite Audio Engineering Ltd.)
Fraqtive 0.4.8 (64-bit) (HKLM\...\Fraqtive) (Version: 0.4.8 - Michał Męciński)
Geeks3D FurMark 1.21.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.31.0.0 - COGNOSPHERE PTE. LTD.)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.122 - Google LLC)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Infected Mushroom - Gatekeeper version 1.2 (HKLM\...\{B6807461-431E-433F-9D7F-9D38A96ADA7C}_is1) (Version: 1.2 - Polyverse Music, Inc.)
Infected Mushroom - I Wish version 1.01 (HKLM\...\{25772CF9-4EEE-4D1A-9FE7-29A4B91B3422}_is1) (Version: 1.01 - Polyverse Music, Inc.)
IrfanView 4.66 (64-bit) (HKLM\...\IrfanView64) (Version: 4.66 - Irfan Skiljan)
iZotope Nectar 3 Elements (HKLM\...\Nectar 3 Elements) (Version: 3.8.0 - iZotope, Inc.)
iZotope Ozone 9 (HKLM\...\Ozone 9_is1) (Version: 9.1.0 - iZotope)
iZotope Stutter Edit (HKLM\...\Stutter Edit_is1) (Version: 1.0.5c - iZotope)
iZotope Trash 2 (HKLM\...\Trash 2_is1) (Version: 2.0.5d - iZotope)
JACK2 version v1.9.17 (HKLM\...\JACK2_is1) (Version: v1.9.17 - jackaudio.org)
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 7.5.2.2 (HKLM\...\{B722792A-A194-4906-97A9-58CA688304E8}) (Version: 7.5.2.2 - The Document Foundation)
Limbo v3.0.0.1a (12082) (HKLM-x32\...\{8E776FF8-LIMB-432B-BD2A-OBSCURE151A9}_is1) (Version: - Playdead)
Little Nightmares II - Enhanced Edition (HKLM-x32\...\{10FF8C5E-3590-4DD5-99C8-5B1B5E90698F}_dixen18_is1) (Version: - dixen18)
Logitech Options (HKLM\...\LogiOptions) (Version: 10.10.58 - Logitech)
Malwarebytes version 4.6.11.320 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.11.320 - Malwarebytes)
Mario Kart 8 Deluxe (HKLM-x32\...\Mario Kart 8 Deluxe_is1) (Version: - )
Mario Party Superstars (HKLM-x32\...\Mario Party Superstars_is1) (Version: - )
MeldaProduction Audio Plugins 14 (HKLM-x32\...\MeldaProduction Audio Plugins 14) (Version: - MeldaProduction)
Melodics version 3.1.1856.0 (HKLM\...\Melodics_is1) (Version: 3.1.1856.0 - )
Mendeley Desktop 1.19.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.19.4 - Mendeley Ltd.)
Microsoft .NET Core Host - 3.1.10 (x64) (HKLM\...\{52B42932-15C1-45D4-8904-FC3117EEE69B}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.10 (x64) (HKLM\...\{752B4412-A129-4CB2-AD96-B6D97EAD3090}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM\...\{396D7BC8-E3C8-4B3E-8C60-D50D94FDF09D}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM-x32\...\{4714dd0a-ebab-4f59-a708-f8d7a793b3f5}) (Version: 3.1.10.29419 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20146 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 - Shared Framework (HKLM-x32\...\{6efe3294-03d8-4977-9c67-9f57ab075130}) (Version: 3.1.10.20520 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 Shared Framework (x64) (HKLM\...\{7BEAA207-E3EB-3948-BBB3-336B04D8A2F1}) (Version: 3.1.10.20520 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{b3c7f59f-dc40-4be9-829c-77dd292978ea}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support (HKLM\...\{10AB056B-1B8C-3E9E-95CC-43C33EB88513}) (Version: 15.0.26717 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support (HKLM-x32\...\{AB46A6EF-12D2-3146-A38D-1D6FF1AFFF69}) (Version: 15.0.26717 - Microsoft Corporation) Hidden
MIDI Control Center 1.17.2 (HKLM\...\MIDI Control Center_is1) (Version: 1.17.2 - Arturia)
MiKTeX 2.9 (HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MISHBY version 1.01 (HKLM\...\{8437C1FD-5B4B-4DE9-90B5-0AB18C2FD0A0}}_is1) (Version: 1.01 - Freakshow Industries)
MOTU M Series (HKLM\...\com_motu_installer_core_uac_is1) (Version: 4.0.9.2368 - MOTU, Inc.)
Mp3tag v3.11 (HKLM-x32\...\Mp3tag) (Version: 3.11 - Florian Heidenreich)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
Native Instruments Guitar Rig 7 (HKLM-x32\...\Native Instruments Guitar Rig 7) (Version: 7.0.1.0 - Native Instruments)
NetLimiter (HKLM\...\{62394CDE-18AB-492D-B110-6D26DF85D767}) (Version: 5.3.8.0 - Locktime Software) Hidden
NetLimiter (HKLM-x32\...\NetLimiter 5.3.8.0) (Version: 5.3.8.0 - Locktime Software)
NoteBook FanControl (HKLM-x32\...\{6ccab7ac-feb0-4395-97e3-75cd6f6c407b}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare)
NoteBook FanControl (HKLM-x32\...\{C027E819-C64C-443E-B6D5-755FE4A7A925}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare) Hidden
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6.2 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 546.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{01421942-1A1E-4035-B183-DD9BCA94E339}) (Version: 5.7.0.4246 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{01421942-1A1E-4035-B183-DD9BCA94E339}) (Version: 5.7.0.4246 - PACE Anti-Piracy, Inc.)
PaulXStretch version 1.6.0 (HKLM\...\PaulXStretch_is1) (Version: 1.6.0 - )
Plogue AlterEgo v1.573 (HKLM\...\__ARIA_1019___is1) (Version: v1.573 - Plogue)
Pocket Dimension version 1.0 (HKLM\...\{C2288D66-1B82-468A-95E6-06D400AF3FD2}}_is1) (Version: 1.0 - Freakshow Industries)
Polyspace R2019b (HKLM\...\Polyspace R2019b) (Version: 3.1 - MathWorks)
Polyverse Music Gatekeeper (HKLM\...\Gatekeeper_is1) (Version: 1.2.0 - Polyverse Music)
Polyverse Music Manipulator (HKLM\...\Manipulator_is1) (Version: 1.0.1 - Polyverse Music)
Portal version 1.0.1 (HKLM\...\Portal_is1) (Version: 1.0.1 - Output)
Product Portal (HKLM-x32\...\Product Portal) (Version: - iZotope, Inc.)
RAPID Mode (HKLM\...\{431CA680-1FEF-46E2-9634-C0F3E85B56E0}) (Version: 1.0.1.105 - Samsung Electronics Co., Ltd.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.0.0.100 - Samsung Electronics)
ShaperBox v2.1.0 (HKLM\...\ShaperBox 2_is1) (Version: 2.1.0 - CableGuys & Team V.R)
Signal 6.6.0 (HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.6.0 - Signal Messenger, LLC)
Slate Digital Fresh Air (HKLM\...\{af2fe7e8-08f8-4c81-b875-ec4c7a97a204}Slate Digi~4955043A_is1) (Version: 1.0.8 - Slate Digital)
Sonic Academy KICK 2 (HKLM\...\KICK 2_is1) (Version: 1.1.1 - Sonic Academy)
soothe2 audio processor version 1.3.1 (HKLM-x32\...\{8E8F4A61-FA08-4CAB-8F5A-AF25CEE4F3FE}_is1) (Version: 1.3.1 - oeksound)
SPC Gear GK550 Omnis Kailh RGB (HKLM-x32\...\{12F382E1-63D4-4B94-BD32-5F845E74FC79}) (Version: 1.00 - COOLING.PL Zdziech Spolka Jawna)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synapse Audio DUNE 3 (HKLM\...\DUNE 3_is1) (Version: 3.2.0.5 - Synapse Audio)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.52.4 - TeamViewer)
Thermo Scientific TM Avizo Software 2019.1 (HKLM\...\Avizo Software 2019.1_is1) (Version: 2019.1. - )
Unfiltered Audio Plugins Bundle (HKLM\...\Unfiltered Audio Plugins Bundle_is1) (Version: 2022.3 - Unfiltered Audio & Team V.R)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
US - Custom - Custom (HKLM\...\{E2280A27-9AD8-45F3-866A-14318CEE3A19}) (Version: 1.0.3.40 - Company)
Valhalla DSP bundle 2021.4 (HKLM\...\ValhallaDSP bundle_is1) (Version: 2021.4 - Valhalla DSP, LLC & Team V.R)
VCV Rack (HKLM\...\VCV Rack) (Version: 1.1.6 - VCV)
Vital version 1.5.5 (HKLM\...\Vital_is1) (Version: 1.5.5 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Voltage Modular (HKLM\...\Voltage Modular) (Version: 1.3.16 - Cherry Audio)
Voxengo PHA-979 (HKLM\...\Voxengo PHA-979_is1) (Version: 2.9 - Voxengo)
Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 3.10 - Voxengo)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Waves Central (HKLM\...\{ab507e17-892b-5203-838d-d58d8d09c50f}) (Version: 11.0.58 - Waves Audio Ltd)
Waves SoundGrid Drivers 9.7.99.1159 (HKLM\...\Waves SoundGrid Drivers_is1) (Version: - Waves Audio Ltd.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windscribe (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.7.14 - Windscribe Limited)
Yuzu EA (HKLM-x32\...\Yuzu EA_is1) (Version: - )
Zebralette3 0.0.1 (HKLM\...\Zebralette3_is1) (Version: - )
Zoom (HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom Video Communications, Inc.)
Zynaptiq INTENSITY (HKLM\...\INTENSITY_is1) (Version: 1.2.0 - Zynaptiq)
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-04-11] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2024-03-14] ()
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2024-04-11] (Adobe Systems Incorporated)
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj [2024-04-11] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2413.1.0_x64__cv1g1gvanyjgm [2024-04-11] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{169B5B8E-E315-41C7-9574-66FC7E530D10}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Geofish\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 -> C:\Users\Geofish\AppData\Local\Microsoft\EdgeUpdate\1.3.169.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\Geofish\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Geofish\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2023\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2022-02-01] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2022-02-01] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2021-10-29] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2021-10-29] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2021-10-29] (Florian Heidenreich) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\igfxDTCM.dll [2017-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_e96375d8421bb873\nvshext.dll [2024-01-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-10-16 15:14 - 2019-10-16 15:14 - 000007168 _____ (Company) [File not signed] C:\WINDOWS\system32\Layout02.dll
2024-04-11 00:37 - 2024-04-11 00:37 - 003707904 _____ (NLog) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\NLog\66a1706aa68434db800510e8d136fa98\NLog.ni.dll
2019-01-24 11:36 - 2017-11-14 15:47 - 000065536 _____ (OpenLibSys.org) [File not signed] D:\ThrottleStop_8.70.6\WinRing0.dll
2024-04-02 16:41 - 2024-04-02 16:41 - 000016896 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.BiosInfo\bdb46c9765f04889c5820a3394966e24\StagWare.BiosInfo.ni.dll
2024-04-11 00:38 - 2024-04-11 00:38 - 000039424 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.Fa1fc2d056#\36e17a7b3de2e3b99067e49f7182956a\StagWare.FanControl.Service.ni.dll
2024-04-11 00:37 - 2024-04-11 00:37 - 000209408 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.Fafc31ac88#\d344d8841ce1e314dce46e15823b1abb\StagWare.FanControl.Configurations.ni.dll
2024-04-11 00:37 - 2024-04-11 00:37 - 000146944 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.FanControl\f62e48b77cc4cfca328fe478b3fa8077\StagWare.FanControl.ni.dll
2024-04-11 00:38 - 2024-04-11 00:38 - 000039936 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.Settings\108d76ad409cdc7264c993ff90093d35\StagWare.Settings.ni.dll
2024-04-11 00:37 - 2024-04-11 00:37 - 000141312 _____ (Tatham Oddie) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.IO.A6c43dedd#\60f900d1436a6c96612270f95aedfabf\System.IO.Abstractions.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\AEBKKECBGIIJJKECGIJECGDHIE:shield [88]
AlternateDataStreams: C:\ProgramData\AEGIJKEHCAKFCAKFHDAAAAECFC:shield [88]
AlternateDataStreams: C:\ProgramData\AEHDAKFIJJKKEBGDBAAKKJJKEH:shield [88]
AlternateDataStreams: C:\ProgramData\AKFCFBAAEHCFHJJKEHJKJDHJDG:shield [88]
AlternateDataStreams: C:\ProgramData\AKJDGDGDHDGDBFIDHDBAFHCAAA:shield [88]
AlternateDataStreams: C:\ProgramData\AKJDGIEHCAEHIEBFBKKKKFIDBK:shield [88]
AlternateDataStreams: C:\ProgramData\AKJKFBAFIDAEBFHJKJEBFCBFHD:shield [88]
AlternateDataStreams: C:\ProgramData\BAAAAKJKJEBGHJKFHIDGCFCBAK:shield [152]
AlternateDataStreams: C:\ProgramData\BAECFCAAECBGDGDHIEHJEBAAFI:shield [88]
AlternateDataStreams: C:\ProgramData\BFBGHDGCFHIDBGDGIIIEHIJDAF:shield [88]
AlternateDataStreams: C:\ProgramData\BGCAAFHIEBKJKEBFIEHDGDAEBK:shield [88]
AlternateDataStreams: C:\ProgramData\BGDAAKJJDAAKFHJKJKFCAEHDAF:shield [88]
AlternateDataStreams: C:\ProgramData\BGDAKEHIIDGDAAKECBFBKKFCGH:shield [88]
AlternateDataStreams: C:\ProgramData\BGIJJKKJJDAAAAAKFHJJDGDAFB:shield [88]
AlternateDataStreams: C:\ProgramData\CAAAAFBKFIECAAKECGCAAKJECB:shield [88]
AlternateDataStreams: C:\ProgramData\CAAAFCAKKKFBFIDGDBFHJJEHID:shield [88]
AlternateDataStreams: C:\ProgramData\CAEGHIJEHJDHIDHIDAEHCGDHJJ:shield [88]
AlternateDataStreams: C:\ProgramData\CAEHCFCBKKJDGCAKFCFIIIECGC:shield [88]
AlternateDataStreams: C:\ProgramData\CAFBGHIDBGHJJKFHJDHCBKJDGC:shield [88]
AlternateDataStreams: C:\ProgramData\CAFIEBKKJJDAKFHIDBFHJDBFBA:shield [88]
AlternateDataStreams: C:\ProgramData\CFCGIIEHIEGDGDGCAEBGDAKFCB:shield [88]
AlternateDataStreams: C:\ProgramData\CGCFCFBKFCFCBGDGIEGHJDAFHJ:shield [88]
AlternateDataStreams: C:\ProgramData\DAEGIDHDHIDGIEBGIJEHIJKFII:shield [88]
AlternateDataStreams: C:\ProgramData\DAKJDHIEBFIIDGDGDBAEGCGDAE:shield [88]
AlternateDataStreams: C:\ProgramData\DBAAFIDGDAAAAAAAAKEBFHDBGH:shield [88]
AlternateDataStreams: C:\ProgramData\DBFHDHJKKJDHJJJJKEGHIDGDHD:shield [88]
AlternateDataStreams: C:\ProgramData\DBKEHDGDGHCBGCAKFIIIECFIIJ:shield [88]
AlternateDataStreams: C:\ProgramData\DHDAKFCGIJKJKFHIDHIIIEBGCB:shield [88]
AlternateDataStreams: C:\ProgramData\EBAKEBAECGCBAAAAAEBAFBGIDH:shield [88]
AlternateDataStreams: C:\ProgramData\EBGCFBGCBFHJECBGDAKKJDGHII:shield [88]
AlternateDataStreams: C:\ProgramData\ECBGHCGCBKFIECBFHIDGHDGIEG:shield [88]
AlternateDataStreams: C:\ProgramData\EHDAAECAEBKJKFHJKECFIJJDAE:shield [88]
AlternateDataStreams: C:\ProgramData\EHIJJDGDHDGDAKFIECFIJEGDHI:shield [160]
AlternateDataStreams: C:\ProgramData\FBFHDBKJEGHJJJKFIIJEBGIJKK:shield [88]
AlternateDataStreams: C:\ProgramData\FCAAEHJDBKJJKFHJEBKFBGDAAE:shield [222]
AlternateDataStreams: C:\ProgramData\FCFBFHIEBKJKFHIEBFBAEGHJDB:shield [88]
AlternateDataStreams: C:\ProgramData\FCFIEHCFIECBGCBFHIJJKEGHIE:shield [88]
AlternateDataStreams: C:\ProgramData\FHIDAKFIJJKJJJKEBKJEHCBGDA:shield [88]
AlternateDataStreams: C:\ProgramData\FHIDBKFCAAEBFIDHDBAECFIEGC:shield [88]
AlternateDataStreams: C:\ProgramData\FIIECFHDBAAECAAKFHDHIIJKFH:shield [88]
AlternateDataStreams: C:\ProgramData\GCAFCAFHJJDBFIECFBKECFHDGI:shield [88]
AlternateDataStreams: C:\ProgramData\GCBKECAKFBGCAKECGIEHDGHCBA:shield [88]
AlternateDataStreams: C:\ProgramData\GIIEGHIDBGHIECAAECGDAEHDHJ:shield [88]
AlternateDataStreams: C:\ProgramData\HCBAKJEHDBGHIEBGCGDGHCAKEB:shield [88]
AlternateDataStreams: C:\ProgramData\HDGCAAFBFBKFIDGDHJDBKECFBA:shield [88]
AlternateDataStreams: C:\ProgramData\HDGCFHIDAKECFHIEBFCGIJDBKJ:shield [88]
AlternateDataStreams: C:\ProgramData\HJDGCGDBGCAAEBFIECGHDGCAAE:shield [88]
AlternateDataStreams: C:\ProgramData\HJJEGIEHIJKKFIDHDGIDAKECFH:shield [88]
AlternateDataStreams: C:\ProgramData\HJKECAAAFHJECAAAEBFCAEBFHC:shield [88]
AlternateDataStreams: C:\ProgramData\IEBFIEBAFCBAAAAKJKJEBGHJKF:shield [290]
AlternateDataStreams: C:\ProgramData\IEGCBFHJDHJJKFIDBGIJJEGDBF:shield [88]
AlternateDataStreams: C:\ProgramData\IJKFCFHJDBKKFHIEHIDGCFCAEB:shield [88]
AlternateDataStreams: C:\ProgramData\IJKKEHJDHJKFIECAAKFIJJKJKF:shield [88]
AlternateDataStreams: C:\ProgramData\JDAEHJJECAEGCAAAAEGIEBKEBK:shield [88]
AlternateDataStreams: C:\ProgramData\JDAKJJDBGCAKKFHIJEGHCGHJKJ:shield [88]
AlternateDataStreams: C:\ProgramData\JDGIECGIEBKJJJJKEGHJJJKEBA:shield [88]
AlternateDataStreams: C:\ProgramData\JEHJKJEBGHJJKEBGIECAAFIJKJ:shield [88]
AlternateDataStreams: C:\ProgramData\JJDGCGHCGHCBFHJJKKJEHJEHJE:shield [88]
AlternateDataStreams: C:\ProgramData\JKJECBAAAFHIIEBFCBKFIDGDHI:shield [88]
AlternateDataStreams: C:\ProgramData\KFCFBAAEHCFHJJKEHJKJDHJDGI:shield [88]
AlternateDataStreams: C:\ProgramData\KFCFBFHIEBKJKFHIEBFBAEGHJD:shield [88]
AlternateDataStreams: C:\ProgramData\KFHJJDHJEGHJKECBGCFHDBFIEG:shield [88]
AlternateDataStreams: C:\ProgramData\KJDGDBFBGIDGIEBGHCGIECGIEC:shield [88]
AlternateDataStreams: C:\ProgramData\KJECFHCBKKEBAKFIJDHIJDAKKE:shield [88]
AlternateDataStreams: C:\ProgramData\KKEBKJJDGHCBGCAAKEHDBAEGHD:shield [88]
AlternateDataStreams: C:\ProgramData\KKFHJJDHJEGHJKECBGCFHDBFIE:shield [88]
AlternateDataStreams: C:\Users\Geofish\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Geofish\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Geofish\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\WINDOWS\TEMP\F5_TMP_127238110359128124200\urxvpn.cab
DPF: HKLM-x32 {2c8ffa64-e3f7-49ae-87c2-49018fde3aea} file://C:/Program Files (x86)/F5 VPN/F5_TMP/OesisInspector.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\WINDOWS\TEMP\F5_TMP_133113471183037256\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab
DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\WINDOWS\TEMP\F5_TMP_15616214316220722720174\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\sharepoint.com -> hxxps://univie-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\univie.ac.at -> hxxps://vpn.univie.ac.at
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2023-10-18 17:43 - 2024-03-30 08:34 - 000000984 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 nuedge.net
127.0.0.1 *.nuedge.net
127.0.0.1 173.231.151.131
127.0.0.1 *.nuedge.net
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Geofish\Desktop\other\hubble-deep-field-space-galaxy-multiple-display-wallpaper-390612963b6abf2ae0fb228a08e76563.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection 3: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Wi-Fi: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Bluetooth Network Connection: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Local Area Connection 2: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
Ethernet: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Wondershare PEToolbox.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Wondershare PEScreenshot.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Ableton Push Control Panel Autostart.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SamsungRapidApp"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Focusrite Notifier"
HKLM\...\StartupApproved\Run: => "SGDawNodeService"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Autodesk Access"
HKLM\...\StartupApproved\Run: => "BraveVpnWireguardService"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "F5_SAM_Client"
HKLM\...\StartupApproved\Run32: => "Launch 0 FwCustom"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SGDawNodeService"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\StartupFolder: => "Wondershare PEToolbox.lnk"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\StartupFolder: => "Wondershare PEScreenshot.lnk"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "org.whispersystems.signal-desktop"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_91B466CF2D4E0A458C8E1CFE779BAC5A"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "NetLimiter"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{A3B6D6D1-75F2-4B18-BE3D-8291A727E762}C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe] => (Allow) C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe => No File
FirewallRules: [TCP Query User{9C16438B-636C-46F3-BDB6-DACF9BDE3E76}C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe] => (Allow) C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe => No File
FirewallRules: [UDP Query User{A9DD1F4F-AE0B-4DB0-9976-EEF0DF9E3554}C:\program files\vcv\rack\rack.exe] => (Allow) C:\program files\vcv\rack\rack.exe () [File not signed]
FirewallRules: [TCP Query User{326E485B-1D41-4531-A685-7B5F3CC8555A}C:\program files\vcv\rack\rack.exe] => (Allow) C:\program files\vcv\rack\rack.exe () [File not signed]
FirewallRules: [UDP Query User{FAAD963F-DAE4-41DF-8749-DC6F8298E0BF}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{7F948142-D94F-4C93-9241-B30C1FB48AA1}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [{572BF5D5-241C-447A-AC50-2BB4CDA236C8}] => (Allow) C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe (Waves Inc -> Waves Audio Ltd.)
FirewallRules: [{0C489352-8883-44DF-A01E-FF9919291233}] => (Allow) C:\Program Files (x86)\Waves\SuperRack\SuperRack SoundGrid.exe (Waves Inc -> )
FirewallRules: [{8E266507-FC21-4939-A47B-BEB01829B094}] => (Allow) C:\Program Files (x86)\Waves\eMotion LV1\eMotion LV1.exe (Waves Inc -> )
FirewallRules: [{36D060D3-3369-418C-A54E-88C4205C9A6E}] => (Allow) C:\ProgramData\Waves Audio\MyMon\MyMonService.bundle\Contents\Win64\MyMonControlPanel.exe (Waves Inc -> )
FirewallRules: [{F3BE165E-DF79-4231-A7FC-275D1CE8D61D}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{17EB24C4-64A6-4E00-BEAC-0934B81BA86A}] => (Allow) C:\Users\Geofish\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{25922AA5-E2C8-409B-BF66-E03297871AE0}] => (Allow) C:\Users\Geofish\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{341BF92F-9BDC-41C9-83FB-86E3C11271E0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{A5250DCC-6619-44E4-AB04-4613B3030671}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{E7E8ABC8-70EC-4FD8-B361-4C3EF2A2B476}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CFC190CB-07CC-41B6-89BD-F601A8853C95}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{15A99D09-A1F5-493D-B83C-63DCB310F647}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{249AE5CC-BC9F-4C37-BD6C-19273E53319E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{78E2D149-8D8C-4DF0-A9E2-29E01ACCEAFB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0076790E-7824-424F-97D4-9D3901F9CCC3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6AE2DC3E-6046-46A9-AA2E-07EDA8AE7269}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0C57E7EC-7D00-43A6-BEE6-751A65EAC21C}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{34BE7815-E768-4BFC-ABF6-D36586EE78AC}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{87197D24-812C-4377-B2B6-87629AAFDC2D}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6CCD41DC-4522-49C5-B12E-6D56718679BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6B986615-8CDB-4E6A-8643-66AE7349689E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{2D898AFF-6153-4108-94AD-499976A7EF7F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{04C90045-9468-4141-8F6C-C70DFEB7A5EF}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{82A704F3-CDEC-422E-B592-5C55A6215EE9}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{0CB652FF-A9D2-4A51-8103-AAD7B15B84FE}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [{F21A8A67-3A27-4ECC-8A1C-30AEBB04EAA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8EB0ED82-6CCA-4910-B72C-B57104E070F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39C636A0-C568-4BC1-A0DA-5789650FFC2C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A15AA74E-324E-4A08-830C-B8B232F6E021}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{35100830-DD21-47FF-AAE7-9FCCC7976175}D:\games\diablo\diablo iv - server slam\diablo iv.exe] => (Allow) D:\games\diablo\diablo iv - server slam\diablo iv.exe => No File
FirewallRules: [UDP Query User{EFEC5513-87AD-4BFC-9961-CFFFF977D8B3}D:\games\diablo\diablo iv - server slam\diablo iv.exe] => (Allow) D:\games\diablo\diablo iv - server slam\diablo iv.exe => No File
FirewallRules: [TCP Query User{D2AB9E25-A75C-4150-A5BC-35544FB67FD3}D:\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\games\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{8CE6A3B0-598C-4228-A450-DE1CFCA8F05A}D:\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\games\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{9DAF04F8-CD9D-495C-B670-B86B58E767DF}C:\users\geofish\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\geofish\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{A7245D02-5302-4CC6-9087-D6A98F6218A1}C:\users\geofish\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\geofish\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{F7E46617-2ED8-4B8D-BE7D-134EB7A2D871}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{7FC5B055-50D9-4073-919E-453694E6FDA1}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [{86D7020E-303F-4314-BF25-4CBDE770DCAC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3FFF6516-209F-44CC-9FC8-AD82B21771F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{00E085BE-BCF1-4229-A5D8-8F6120FB6B0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{40F14B39-A8A7-4E95-92E3-449675CEE74C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C9321E2E-8C2D-4BCC-8CC5-C767142B62D3}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{340E8B81-F2C1-41A8-B69E-AC344524E368}C:\program files\avizo-2019.1\bin\arch-win64vc12-optimize\avizo.exe] => (Block) C:\program files\avizo-2019.1\bin\arch-win64vc12-optimize\avizo.exe (Thermo Fisher Scientific) [File not signed]
FirewallRules: [UDP Query User{AB21A934-7F79-41F6-A1F5-25CB531C1FC4}C:\program files\avizo-2019.1\bin\arch-win64vc12-optimize\avizo.exe] => (Block) C:\program files\avizo-2019.1\bin\arch-win64vc12-optimize\avizo.exe (Thermo Fisher Scientific) [File not signed]
FirewallRules: [TCP Query User{9163F28B-368D-4A16-AEAC-5EEA19161BFF}C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe] => (Block) C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [UDP Query User{C7EAE4CF-7CE8-431C-A177-03EB7E1830AB}C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe] => (Block) C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [{D0AA02B1-D5AE-45CB-B5BC-A8C842F2DC85}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7CA181FE-A171-49E6-938F-5211C9F11633}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{831DC122-35FC-4C04-8F0A-4722000169F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EB20FE7F-75A3-4044-AB3E-9C4E2108D5EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{078D925B-618E-47B9-95F6-5BEDBFAB7D5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{71487A1A-5412-4941-B738-DE9FFE65A5C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{073C9EEA-21A6-4744-B384-2649EEC2E3E4}C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe] => (Allow) C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [UDP Query User{FBFA2F29-0801-41FA-A212-78D0CD38EC06}C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe] => (Allow) C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [{CCFB41EB-2394-4C5F-9E24-7DC9F15D79F9}] => (Allow) C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe () [File not signed]
FirewallRules: [{1EF389FD-D106-406E-BF23-7304D38B8B6F}] => (Allow) LPort=1688
FirewallRules: [{C535BB12-A336-4906-B1ED-CF97FC80D656}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File
FirewallRules: [{8578A174-DC37-4E90-B166-F32A1FD75551}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File
FirewallRules: [{FF0A8E5A-0166-41CE-ACAC-8E92FE6515BB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{49A1964E-86B8-47AF-807B-B617A11B2A80}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{20FF0F0C-DD10-44DE-B6CA-5663517CA3D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A4222FED-B145-40A0-8A8A-C9BA13FC0726}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F7EBCCBE-B982-4970-AA09-D8BC18025CCE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F7BB4820-09AB-4A67-B04B-0A80F61D6468}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3813CD0-5604-46D3-A726-01DE79730546}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{1E68957A-204D-4FBF-A095-88602341B3F6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{15B7741C-DAD0-46AD-8732-A7F041E90E51}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{BC04B72A-4D61-497B-88DB-0D42CDB24087}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{1A9B8EE0-B65B-405C-A4AA-C6DD7E243697}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe => No File
FirewallRules: [{4C94BC5E-1E45-4E22-937D-35F03D25D305}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5E362A87-AD9F-4D8A-999A-274580032BBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1CD70680-9CD4-4585-8E4F-95F5C405EF54}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A4A3463D-DCE3-40AC-A43E-7F954527755D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/11/2024 10:15:18 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (04/11/2024 07:00:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDFSSvc.exe, version: 2.9.85.231, time stamp: 0x63ebb1a4
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4291, time stamp: 0x9a786c8a
Exception code: 0x0eedfade
Fault offset: 0x0013fae2
Faulting process id: 0x19a8
Faulting application start time: 0x01da8c30d3835be5
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 327d5c4b-fa99-4f90-aa09-4bf919ba89dc
Faulting package full name:
Faulting package-relative application ID:
Error: (04/11/2024 06:55:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ParameterService.exe, version: 0.5.8.275, time stamp: 0x570c3d1c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4291, time stamp: 0xa956ff71
Exception code: 0xe0434352
Fault offset: 0x000000000002ab89
Faulting process id: 0x3404
Faulting application start time: 0x01da8c30fcbbc5e6
Faulting application path: C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: fdb00759-78f0-4e94-925c-85cbfcdb8cb8
Faulting package full name:
Faulting package-relative application ID:
Error: (04/11/2024 06:55:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ParameterService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: ParameterFrameworkFacade.PfwException
at ParameterFrameworkFacade.ParameterManager..ctor(System.String, System.Collections.Generic.IEnumerable`1<ParameterFrameworkFacade.CriterionDescription>, ParameterFrameworkFacade.ILogger)
at ParameterServer.BackEnd.initInternal(ParameterServer.Config, IntelStateMonitor.IStateMonitorSetObserver)
Exception Info: ParameterServer.ServerException
at CommandProcessing.CommandProcessor.ProcessSync(Command)
at ParameterServer.Server..ctor(ParameterServer.Config)
at ParameterService.ParameterService.startService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (04/11/2024 06:53:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ParameterService.exe, version: 0.5.8.275, time stamp: 0x570c3d1c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4291, time stamp: 0xa956ff71
Exception code: 0xe0434352
Fault offset: 0x000000000002ab89
Faulting process id: 0x288c
Faulting application start time: 0x01da8c30d5105354
Faulting application path: C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6a72ed7d-639a-496d-b8be-3aeb9a6c9525
Faulting package full name:
Faulting package-relative application ID:
Error: (04/11/2024 06:53:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ParameterService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: ParameterFrameworkFacade.PfwException
at ParameterFrameworkFacade.ParameterManager..ctor(System.String, System.Collections.Generic.IEnumerable`1<ParameterFrameworkFacade.CriterionDescription>, ParameterFrameworkFacade.ILogger)
at ParameterServer.BackEnd.initInternal(ParameterServer.Config, IntelStateMonitor.IStateMonitorSetObserver)
Exception Info: ParameterServer.ServerException
at CommandProcessing.CommandProcessor.ProcessSync(Command)
at ParameterServer.Server..ctor(ParameterServer.Config)
at ParameterService.ParameterService.startService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (04/11/2024 06:53:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ParameterService.exe, version: 0.5.8.275, time stamp: 0x570c3d1c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4291, time stamp: 0xa956ff71
Exception code: 0xe0434352
Fault offset: 0x000000000002ab89
Faulting process id: 0x111c
Faulting application start time: 0x01da8c30d2b85195
Faulting application path: C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5495bf38-0567-4031-a2a9-208a54702a4c
Faulting package full name:
Faulting package-relative application ID:
Error: (04/11/2024 06:53:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ParameterService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: ParameterFrameworkFacade.PfwException
at ParameterFrameworkFacade.ParameterManager..ctor(System.String, System.Collections.Generic.IEnumerable`1<ParameterFrameworkFacade.CriterionDescription>, ParameterFrameworkFacade.ILogger)
at ParameterServer.BackEnd.initInternal(ParameterServer.Config, IntelStateMonitor.IStateMonitorSetObserver)
Exception Info: ParameterServer.ServerException
at CommandProcessing.CommandProcessor.ProcessSync(Command)
at ParameterServer.Server..ctor(ParameterServer.Config)
at ParameterService.ParameterService.startService()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
System errors:
=============
Error: (04/11/2024 10:15:22 PM) (Source: DCOM) (EventID: 10001) (User: ACER)
Description: Unable to start a DCOM Server: {C53A4F16-787E-42A4-B304-29EFFB4BF597} as Unavailable/Unavailable. The error:
"2147943660"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.22.10861.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe" -Embedding
Error: (04/11/2024 10:15:21 PM) (Source: DCOM) (EventID: 10001) (User: ACER)
Description: Unable to start a DCOM Server: {C53A4F16-787E-42A4-B304-29EFFB4BF597} as Unavailable/Unavailable. The error:
"2147943660"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.22.10861.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe" -Embedding
Error: (04/11/2024 08:58:57 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (04/11/2024 08:41:53 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (04/11/2024 08:41:53 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (04/11/2024 08:41:53 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (04/11/2024 08:41:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Error: (04/11/2024 08:41:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
Windows Defender:
================
Date: 2024-04-11 21:58:12
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Date: 2024-04-11 21:58:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Date: 2024-04-11 21:57:31
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Date: 2024-04-11 21:57:20
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Date: 2024-04-11 21:56:21
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Event[0]:
Date: 2024-04-04 10:26:43
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.
Date: 2024-04-04 10:26:26
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.
Date: 2024-04-04 10:24:00
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2024-04-04 09:37:21
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2024-04-02 10:20:11
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2024-04-11 23:38:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2024-04-11 23:35:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2024-04-11 23:18:23
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde Corp. V1.11 08/01/2018
Motherboard: KBL Pluto_KLS
Processor: Intel® Core i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 25%
Total physical RAM: 32654.22 MB
Available physical RAM: 24423.43 MB
Total Virtual: 38654.22 MB
Available Virtual: 28595.12 MB
==================== Drives ================================
Drive c: (ROOT - 250 GB) (Fixed) (Total:237.36 GB) (Free:19.24 GB) (Model: INTEL SSDPEKKW256G7) NTFS
Drive d: (INTERNAL - 500 GB) (Fixed) (Total:419.17 GB) (Free:108.49 GB) (Model: Samsung SSD 860 EVO 500GB) NTFS
Drive f: (EXTERNAL - 4 TB) (Fixed) (Total:3725.9 GB) (Free:1701.68 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS
\\?\Volume{07e8c6ac-b578-4b11-8430-cdc61827203b}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.32 GB) NTFS
\\?\Volume{87b0e4a1-6e23-4bff-ac55-c99b7b85f353}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: F6DAF595)
Partition: GPT.
==========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 39AC8114)
Partition: GPT.
==================== End of Addition.txt =======================