Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Accounts hacked - Infostealer Trojan Infection


  • This topic is locked This topic is locked
30 replies to this topic

#1 geofish

geofish

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 11 April 2024 - 05:18 PM

Greetings good people! I kindly ask for your advice and help to clean my computer.

 

About 2 weeks ago I made the mistake to allow some malware to run on my Windows 10 laptop. A few hours later I begun getting mailbombed on my main gmail account and discovered that a payment was authorized from my paypal account. I managed to stop the transaction, disabled my credit card, and ran malwarebytes, which seems to have found and removed the virus (davonevur.exe). After the virus was removed I changed all the important passwords (email addresses, paypal, amazon) and added 2-step verification.

 

The next day I saw that the hackers had used my reddit and discord accounts to spam, and they later tried to steal my facebook account, which I immediately recovered. I started changing passwords for social media and other accounts, and begun running scans with Windows Defender, AdwCleaner, ESET Online Scanner, HitmanPro, Microsoft Safety Scanner and Windows Malicious Software Removal Tool. The only suspicious file found in these scans was by esetonlinescanner (Real.bat). I also ran FRST and looked at the logs but my knowledge stopped there and thus i found this forum section to ask for help. Yesterday I enabled Memory integration and SmartScreen on Windows Defender and I applied the Interactive preset of ConfigureDefender and the SimpleWindowsHardening of HardConfigurator, but haven't ran a Windows Defender scan since. After re-running the FRST now to post the logs I see lots of ATTENTION entries associated with HKLM Group Policy restriction that werent there when i ran it a week ago. I assume that it has to do with the changes I did on Windows Defender. 

 

 

Nothing bad has happened since the initial hack so I feel kind of safe, but I am scared that some trojan might still be dormant in my system. I don't care much about social media so I saved my new facebook password on my browser to see if they try to use it again. I don't dare to use my credit card though, or reconnect my paypal to my bank. I hope that the FRST results can confirm that I am virus free because I really want to avoid reinstalling Windows. I would also like to understand the logic of this hacking, apparently the virus was able to steal the passwords that I had saved in my browser. If that is the case, then why didn't they try to steal my instagram or my email addresses? Only my main gmail account had 2-step verification enabled and I have 3 gmails and 6 outlook emails.

 

When the infection happened, I had my external drive connected, which contains all my personal files. I haven't managed to backup the files yet, also because I think that if there is a virus in the drive then it might infect my backup drives too if i copy the files. I ran the FRST now with my external drive connected, but if you people decide to help me running a fix, please advise me about backing up the files if you think there is a risk of losing anything.

 

I re-downloaded the suspicious files to upload them to virustotal, for this reason they appear in the Addition.txt since Windows Defender flagged them. (https://www.virustotal.com/gui/file/baa50b0a75111d3fde973d13e702f222288288e20a63496907f1a07e7b1087fe), (https://www.virustotal.com/gui/file/03d283b3072150400e5a53382f70563f2ea27265348d3e6b03eb5fd4f0dff924)

 

 

The FRST logs I will post in a reply because my post is too long.

Here I am posting the log from malwarebytes that found what I believe to be the Infostealer virus:

 
-Log Details-
Scan Date: 3/29/24
Scan Time: 11:53 AM
Log File: 89a59e80-edba-11ee-991c-3065ecbad515.json
 
-Software Information-
Version: 4.5.19.229
Components Version: 1.0.1860
Update Package Version: 1.0.82744
License: Free
 
-System Information-
OS: Windows 10 (Build 19045.4170)
CPU: x64
File System: NTFS
User: AceR\Geofish
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 374556
Threats Detected: 36
Threats Quarantined: 36
Time Elapsed: 3 min, 32 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 2
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO\SERVICE_KMS.EXE, Quarantined, 9005, 921564, , , , , 8D0C31D282CC9194791EA850041C6C45, 2B533757086499E224D5717F94A0F4C33E705398A7610219D82B9D3BC8763378
Trojan.Agent.AutoIt, C:\USERS\GEOFISH\APPDATA\ROAMING\SERVICEDATA\DAVONEVUR.EXE, Quarantined, 296, 1040706, , , , , 0ADB9B817F1DF7807576C2D7068DD931, 98E4F904F7DE1644E519D09371B8AFCBBF40FF3BD56D76CE4DF48479A4AB884B
 
Module: 3
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO\SERVICE_KMS.EXE, Quarantined, 9005, 921564, , , , , 8D0C31D282CC9194791EA850041C6C45, 2B533757086499E224D5717F94A0F4C33E705398A7610219D82B9D3BC8763378
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO\WINDIVERT.DLL, Quarantined, 9005, 921550, , , , , 3F0C03E5076C7E6B404F894FF4DC5BB1, 4E7EBED8410C83B73A23185AA94680143DA2933305CD6DEEFE8EC0B51B7EE6F3
Trojan.Agent.AutoIt, C:\USERS\GEOFISH\APPDATA\ROAMING\SERVICEDATA\DAVONEVUR.EXE, Quarantined, 296, 1040706, , , , , 0ADB9B817F1DF7807576C2D7068DD931, 98E4F904F7DE1644E519D09371B8AFCBBF40FF3BD56D76CE4DF48479A4AB884B
 
Registry Key: 6
HackTool.KMSpico, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service KMSELDI, Quarantined, 9005, 921564, 1.0.82744, , ame, , , 
PUP.Optional.BundleInstaller, HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrent, Quarantined, 78, 1225423, , , , , , 
HackTool.KMSpico, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDivert1.1, Quarantined, 9005, 921550, , , , , , 
Trojan.Agent.AutoIt, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Service\Data, Quarantined, 296, 1040706, , , , , , 
Trojan.Agent.AutoIt, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{87D2A481-184E-4F8F-8116-4D4DA0EE44C2}, Quarantined, 296, 1040706, , , , , , 
Trojan.Agent.AutoIt, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{87D2A481-184E-4F8F-8116-4D4DA0EE44C2}, Quarantined, 296, 1040706, , , , , , 
 
Registry Value: 1
PUP.Optional.BundleInstaller, HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uTorrent, Quarantined, 78, 1225423, , , , , , 
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 1
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO, Quarantined, 9005, 921550, 1.0.82744, , ame, , , 
 
File: 23
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO\SERVICE_KMS.EXE, Quarantined, 9005, 921564, , , , , 8D0C31D282CC9194791EA850041C6C45, 2B533757086499E224D5717F94A0F4C33E705398A7610219D82B9D3BC8763378
Generic.Malware/Suspicious, C:\WINDOWS\SECOH-QAD.EXE, Quarantined, 0, 392686, 1.0.82744, , shuriken, , 38DE5B216C33833AF710E88F7F64FC98, 9896A6FCB9BB5AC1EC5297B4A65BE3F647589ADF7C37B45F3F7466DECD6A4A7F
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO\WINDIVERT.DLL, Quarantined, 9005, 921550, 1.0.82744, , ame, , 3F0C03E5076C7E6B404F894FF4DC5BB1, 4E7EBED8410C83B73A23185AA94680143DA2933305CD6DEEFE8EC0B51B7EE6F3
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO\SERVICE_KMS.EXE, Quarantined, 9005, 921550, 1.0.82744, , ame, , 8D0C31D282CC9194791EA850041C6C45, 2B533757086499E224D5717F94A0F4C33E705398A7610219D82B9D3BC8763378
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE, Quarantined, 78, 1225423, 1.0.82744, , ame, , 1E77D566BE73EBE3C850C8E28F315427, BDEC8F6BA59AB0E117473DDE8BB16A84D9700B710A732EFBC23B0BA066EF0B10
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO\WINDIVERT.SYS, Quarantined, 9005, 921550, , , , , A0D15D8727D0780C51628DF46B7268B3, 5E23F3ED1D6620C39A644F9879404A22DED86B3B076EC4A898B4B6BE244AFD64
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO\WINDIVERT.SYS, Quarantined, 9005, 921550, 1.0.82744, , ame, , A0D15D8727D0780C51628DF46B7268B3, 5E23F3ED1D6620C39A644F9879404A22DED86B3B076EC4A898B4B6BE244AFD64
Trojan.Agent.AutoIt, C:\WINDOWS\SYSTEM32\TASKS\Service\Data, Quarantined, 296, 1040706, , , , , 24B7B4990247E5B906A7E40C17902512, 7CE535614406566D3268D161F1D5A3939B5D427CC58EBF6FD37FD68AC85CF9D9
Trojan.Agent.AutoIt, C:\USERS\GEOFISH\APPDATA\ROAMING\SERVICEDATA\DAVONEVUR.EXE, Quarantined, 296, 1040706, 1.0.82744, , ame, , 0ADB9B817F1DF7807576C2D7068DD931, 98E4F904F7DE1644E519D09371B8AFCBBF40FF3BD56D76CE4DF48479A4AB884B
Patcher.Trojan.HackTool.DDS, C:\PROGRAMDATA\ABLETON\LIVE 11 SUITE\PROGRAM\ABLETON PATCHER.EXE, Quarantined, 1000002, 0, 1.0.82744, 8F80D289EED3A442E49C9035, dds, 02756714, FBC067AEF30463409083AAD335CDA983, 39F1594B7FBBB4AB73E7FAC0ED085FCCFB9172D13F53A1589EEF1421C5497781
Generic.Malware.AI.DDS, C:\PROGRAMDATA\GDHIEHJEBAAFIDHJEBGIEBFIJK, Quarantined, 1000002, 0, 1.0.82744, 2307BFAB720B83600B0C9318, dds, 02756714, A37A39B26C1B8AB1152A1F70B319EE1C, BFF1C1482BB6DD91981D85A23DA9B5BAB93E04B28AE0DB52869CA078971973A7
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_46348.EXE, Quarantined, 78, 1086270, 1.0.82744, , ame, , 600F20ABCC1FA9F5BDA0965D07B6855D, 7D89A16FC0D3AFA3CD78CC51E7AE6A81343CB14DE6FDCA9325142DECA5133515
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46984.EXE, Quarantined, 78, 1207888, 1.0.82744, , ame, , 5C2FEB7B6272710AFD242AC8E153E020, F93BB52B7D806215F52D2ECDF1F2C6DF5CAB7152BAA930F242B12ACDBB0BA478
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46672.EXE, Quarantined, 78, 1170957, 1.0.82744, , ame, , 437ED8763AE1A4D9FA62F3643927CCC6, 94D24CAD6B8E158DF73247376A420291E2D954CE387E4A6665670A4E8E586EE3
PUP.Optional.BundleInstaller.DDS, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46590.EXE, Quarantined, 1000002, 0, 1.0.82744, B980C6209754A622661C1298, dds, 02756714, 4B4149C544EA79ACCC7CB55015FCC0FA, 761BE1C00F156CAA8D04DB5BD0E2F7B3F12FD0B4B9F29BD4E0AF13125F2E4646
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_47006.EXE, Quarantined, 78, 1215924, 1.0.82744, , ame, , 90158EC8FEB8A5564561EC7237944ACD, 201A6E739D0A0959D1EE693FE6F45074160790A112BC9FBA972A13B2F6E3CA2C
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\UTORRENT.EXE, Quarantined, 78, 1225423, 1.0.82744, , ame, , 1E77D566BE73EBE3C850C8E28F315427, BDEC8F6BA59AB0E117473DDE8BB16A84D9700B710A732EFBC23B0BA066EF0B10
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46922.EXE, Quarantined, 78, 1194600, 1.0.82744, , ame, , 3839CF1C5D36C519D906EFB02F1CE926, A874053DF1DD29288B9F3518B8E14FE6BE99728FD86AF9FB070A02C997C87731
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_47016.EXE, Quarantined, 78, 1225423, 1.0.82744, , ame, , 9DB9573530208EAE10F733BF8B4DA5C5, 38E7D2137B21B6AC3D7029BF228FA317D8375D60316C90D2A261CB89FB3F741D
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_45838.EXE, Quarantined, 78, 990390, 1.0.82744, , ame, , 6A8B93E27DCCFF2F250A22B8BDC93168, 50BAEE75B0BB181B5280A1F60B32F7E75ABDA8A4E06CBF32074B1444D73A9CF7
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46902.EXE, Quarantined, 78, 1185007, 1.0.82744, , ame, , 4E322149AE25F4445FCB4D55051F8ACF, 6A2AA195B0405A3B6A881F452AF80B230AEF90E3FAF54B60D0B5B22402CD8270
PUP.Optional.BundleInstaller, C:\USERS\GEOFISH\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_46682.EXE, Quarantined, 78, 1124933, 1.0.82744, , ame, , 21EA44D3A8D7CBCC07477A5C0D8795C8, 0CCF662DB06716FD3BA76CCC9178AB9AA613F41426EC69D69DDFCECC761E1A7E
Generic.Malware.AI.DDS, C:\USERS\GEOFISH\APPDATA\LOCAL\TEMP\SETUP.EXE, Quarantined, 1000002, 0, 1.0.82744, E8EB30E324C9F784B397287A, dds, 02756714, A02164371A50C5FF9FA2870EF6E8CFA3, 64C731ADBE1B96CB5765203B1E215093DCF268D020B299445884A4AE62ED2D3A
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

Edited by geofish, 11 April 2024 - 05:29 PM.


BC AdBot (Login to Remove)

 


#2 geofish

geofish
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 11 April 2024 - 05:23 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by Geofish (administrator) on ACER (Acer Aspire VN7-593G) (11-04-2024 23:39:57)
Running from D:\Downloads\FRST64.exe
Loaded Profiles: Geofish
Platform: Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) Language: German (Germany) -> English (United States)
Default browser: Brave
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe ->) (Autodesk, Inc. -> Autodesk, Inc.) [File not signed] C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe
(C:\Program Files\Acer\Acer Quick Access\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(C:\Program Files\Acer\Acer Quick Access\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) () [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <19>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Mark of the Unicorn, Inc -> MOTU) C:\Program Files (x86)\MOTU\CoreUAC\MOTUMSeries.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) () [File not signed] C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\14.1.0.10619\AdskLicensingService\AdskLicensingService.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (F5 Networks Inc -> F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe
(services.exe ->) (F5 Networks Inc -> F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
(services.exe ->) (F5 Networks Inc -> F5 Networks, Inc.) C:\Windows\SysWOW64\F5TrafficSrv.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe <2>
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe <2>
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\igfxCUIService.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\IntelCpHeciSvc.exe
(services.exe ->) (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Mark of the Unicorn, Inc -> ) C:\Program Files (x86)\MOTU\CoreUAC\Service\MOTUCoreUACAudioPolicyMediator.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_e96375d8421bb873\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(services.exe ->) (StagWare) [File not signed] [File is in use] C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2413.1.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(svchost.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\igfxext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (TechPowerUp LLC -> uWebb Software) D:\ThrottleStop_8.70.6\ThrottleStop.exe
(TeamViewer Germany GmbH -> ) C:\Windows\Temp\nspCD2F.tmp\TvUpdateInfo.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [176472 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SGDawNodeService] => C:\WINDOWS\SysWOW64\SGDawNodeService.exe [5624320 2019-08-19] (Waves Audio Ltd.) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [MOTUMSeries.exe] => C:\Program Files (x86)\MOTU\CoreUAC\MOTUMSeries.exe [2773144 2022-10-31] (Mark of the Unicorn, Inc -> MOTU)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1792256 2023-06-23] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384864 2017-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1492960 2017-11-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Autodesk Access] => C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe [20689696 2024-02-07] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\Focusrite\Drivers\Focusrite Notifier.exe [906840 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering, Ltd.)
HKLM-x32\...\Run: [F5_SAM_Client] => C:\Program Files (x86)\F5 VPN\f5fpclientW.exe [5020560 2023-07-18] (F5 Networks Inc -> F5 Networks, Inc.)
HKLM-x32\...\Run: [Launch 0 FwCustom] => C:\Program Files\SPC_Gear\GK550.exe [3572224 2018-11-30] (0) [File not signed]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1129440 2023-08-08] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Genshin Impact_launcher_mihoyo_1_0] => [X]
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Temp*_*.zip\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\wz????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\Rar$EX*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\7zO????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\.ptmp??????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_PA*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\B1FreeArchiver-*-*-*-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\BNZ.???????????????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\$$_????\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\_AZTMP*_\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\ExpressZip-*-*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\PK????.tmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.exe <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.tmp <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\?EXTMP??\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*.msi <==== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller* <==== ATTENTION
HKLM Group Policy restriction on software: protected <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\SysWOW64\FxsTmp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\SysWOW64\Com\dmp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\FxsTmp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\debug\WIA <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\Registration\CRMLog <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\spool\drivers\color <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\Com\dmp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\Tasks <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\tracing <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\Tasks <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\Temp <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\spool\PRINTERS <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\SysWOW64\Tasks <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\Microsoft\Crypto\RSA\MachineKeys <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\spool\SERVERS <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\System32\Tasks_Migrated <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\servicing\Packages <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\servicing\Sessions <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\Hard_Configurator\Tools <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group1\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group2\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group3\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\OneDrive\Desktop\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\OneDrive\Desktop\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\Public\Desktop\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\*\*.lnk\* <==== ATTENTION
HKLM Group Policy restriction on software: *.exe <==== ATTENTION
HKLM Group Policy restriction on software: *.tmp <==== ATTENTION
HKLM Group Policy restriction on software: *.msi <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\*\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramW6432Dir% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group1\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group2\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group3\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop%*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\OneDrive\Desktop\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: C:\Users\Public\Desktop\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\*\*.lnk <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\ProductAppDataPath% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM\...\Policies\Explorer: [HideRunAsVerb] 0
HKLM\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1286322575-3200454710-2639170948-1000\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3306400 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-12-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [Lync] => "C:\Program Files\Microsoft Office\root\Office16\lync.exe" /fromrunkey (No File)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [org.whispersystems.signal-desktop] => C:\Users\Geofish\AppData\Local\Programs\signal-desktop\Signal.exe [157760376 2023-02-16] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [MicrosoftEdgeAutoLaunch_91B466CF2D4E0A458C8E1CFE779BAC5A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063784 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-13] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter\nlclientapp.exe [608608 2024-02-23] (Locktime Software s.r.o. -> Locktime Software)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [11504544 2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2888672 2023-08-08] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2842648 2024-04-03] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\MountPoints2: {9daf3333-9984-11e8-9003-3065ecbad515} - "E:\setup.EXE" /AUTORUN
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\es.scr [2719744 2018-04-03] () [File not signed]
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2023-08-01] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\123.0.6312.122\Installer\chrmstp.exe [2024-04-10] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\Installer\chrmstp.exe [2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\Geofish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AHK Master Startup Script.ahk - Shortcut.lnk [2019-11-24]
ShortcutTarget: AHK Master Startup Script.ahk - Shortcut.lnk -> C:\AHK Master Startup Script.ahk () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ableton Push Control Panel Autostart.lnk [2023-11-20]
ShortcutTarget: Ableton Push Control Panel Autostart.lnk -> C:\Program Files\Ableton\Push Driver\x64\AbletonPushCpl.exe (Thesycon Software Solutions GmbH & Co. KG -> )
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4A0CF3D6-082A-46C0-987C-1AC98F9DC6C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {A9D0BABE-CD5F-40D4-A027-1F0B94D317E5} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {52126433-3BF2-4B4C-A2D2-C1A2269DC796} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D2945ED3-B0AF-4A50-8C49-790AB970CAB4} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe [1111184 2023-12-12] (Bitdefender SRL -> Bitdefender) -> C:\Program Files\Bitdefender Agent\27.0.1.266\repair
Task: {2E927927-018C-473F-BA9D-5EFDC76ED785} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{5731B7DF-189A-4350-8BD8-73EEC82492D4} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {5E1BD4FF-F852-47B9-9E14-B1A567DEAF1D} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{BCEE0ED9-ED36-4150-9209-3118EDDA7F18} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {4324E64D-90F9-4C1C-ACB7-CA7B4C767292} - System32\Tasks\CorelUpdateHelperTask-5DCAF6EC04905C083AE8261AF6998A16 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe  -resume (No File)
Task: {AE03C98D-10FD-4CC3-B6C9-4282713C14A0} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem125.0.6407.0{7600B3E0-211F-484B-AE22-8F29471DFA18} => C:\Program Files (x86)\Google\GoogleUpdater\125.0.6407.0\updater.exe [4782880 2024-04-08] (Google LLC -> Google LLC)
Task: {97587913-E297-4E19-90E9-899482777E28} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {D2A615C9-58C7-401C-A1B8-2B524E900AC4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {977BF7D6-4BCC-4195-852F-FE09F07B3E12} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28452976 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E582B15E-262A-4F26-9A72-625737F76D4B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {76DDA7B1-EFBF-45B6-AFEA-D908D5907C2E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309696 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E540D65A-DEBA-487D-9DC6-2A81A5DD661A} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168488 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {2574437C-650C-463D-A2A1-AA6A45287E5C} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4449176 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CD830EF-9C3A-4C9D-B436-DC0ED7867A56} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SysInfo => %appdata%\\toolsyshost\\sihost.exe  -st -tu 0 (No File) <==== ATTENTION
Task: {332DC620-DD09-4E87-86F8-7E3678E4699F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {3242629C-14B9-4A99-AE73-0FC460123A8F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5FA3A926-5CDA-4F03-8C4F-BAE946E44641} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {5526FE8F-5B5F-4900-8580-CC30EAE8863E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0B5B7AF-3071-44C3-BDE9-6E5142B826BE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {960F07B0-D921-465F-8498-1A5E07BF23C1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EC98E84-DE9D-45E4-B76D-F1F877C16FBD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9A501053-B987-4E26-ADC8-4346CDB90CD6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7FE83956-9996-4D40-BF34-DB5631612C5C} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D4E6B6E3-0C76-49B7-8254-8E949DE30AA7} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {05F34924-1F99-4476-9B8A-E29FC9D442B3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1286322575-3200454710-2639170948-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {354E7BFE-D420-4A98-B036-DD28E1B2E392} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1286322575-3200454710-2639170948-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4207120 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {2ABA3549-3E42-4EC8-97B9-38BD42BBEFA9} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2770736 2019-09-26] (Acer Incorporated -> Acer Incorporated)
Task: {2A208EB3-CED8-4A33-934A-6A153BBB87A8} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [446256 2019-09-26] (Acer Incorporated -> Acer Incorporated)
Task: {D8F07ECD-DB58-4511-80B5-E05E60F58B02} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2610160 2019-09-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\/AUTOHIDE
Task: {4347EB1E-D689-47D9-AF02-F1FBA2FFF307} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2019-09-25] (Acer Incorporated -> Acer Incorporated)
Task: {5E5C3B90-6BCB-4F95-B830-FD65F784E7C1} - System32\Tasks\throttlestop => D:\ThrottleStop_8.70.6\ThrottleStop.exe [509608 2019-01-24] (TechPowerUp LLC -> uWebb Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4bbea6b1-96c1-4431-9c54-30f022972119}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4bbea6b1-96c1-4431-9c54-30f022972119}: [DhcpDomain] innonet.local
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}: [DhcpDomain] innonet.local
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\55053403935323233333: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\55053403935323233333: [DhcpDomain] home
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\64C696872657370243235354: [DhcpNameServer] 192.168.55.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\65F6461666F6E656D2548383331393731353: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\65F6461666F6E656D2548383331393731353: [DhcpDomain] station
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\75C414E4D23475739545B4: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\75C414E4D23475739545B4: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\D4167656E6471675C414E4D27373A515: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\D4167656E6471675C414E4D27373A515: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\E4544574541425D4142513: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\E4544574541425D4142513: [DhcpDomain] innonet.local
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\E4544574541425D4142513D25374: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\E4544574541425D4142513D25374: [DhcpDomain] innonet.local
Tcpip\..\Interfaces\{a181956c-2354-41f1-a73a-38bf7ced3b02}\F44554439363738314: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
 
Edge: 
=======
Edge Profile: C:\Users\Geofish\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-11]
Edge Extension: (Google Docs Offline) - C:\Users\Geofish\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Geofish\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-01]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-08-08] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-08-08] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default [2024-04-11]
CHR Extension: (Adblock for Youtube™) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2024-01-19]
CHR Extension: (Tampermonkey) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-04-10]
CHR Extension: (Ruffle - Flash Emulator) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\donbcfbmhbcapadipfkeojnmajbakjdc [2024-04-10]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-04-10]
CHR Extension: (I don't care about cookies) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2024-01-04]
CHR Extension: (Dark theme) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfobiagdiioemjmpdecklcjaplpljdo [2021-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-29]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-04-10]
CHR Extension: (ChatGPT for Google) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjaeacdkonaoafenlfkkkmbaopkbilf [2024-03-29]
CHR Extension: (Adblocker for YouTube™) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldkihpcibakajmpnggbjnehoifnnpebn [2020-09-20]
CHR Extension: (WebChatGPT: ChatGPT with internet access) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfemeioodjbpieminkklglpmhlngfcn [2024-04-08]
CHR Extension: (Facebook Screen Sharing) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfpggehkhmjpdjpefomjchjafhmbnai [2019-12-06]
CHR Extension: (YouTube NonStop) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlkaejimjacpillmajjnopmpbkbnocid [2023-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Scopus Document Download Manager) - C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojplelelocihfchkdaebocpankipadmp [2020-07-08]
CHR Profile: C:\Users\Geofish\AppData\Local\Google\Chrome\User Data\System Profile [2024-01-12]
CHR HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
Brave: 
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-04-11]
BRA DownloadDir: D:\Downloads
BRA Extension: (Ruffle - Flash Emulator) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\donbcfbmhbcapadipfkeojnmajbakjdc [2024-04-10]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-04-10]
BRA Extension: (Chrome Remote Desktop) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2023-11-03]
BRA Extension: (ChatGPT for Google) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jgjaeacdkonaoafenlfkkkmbaopkbilf [2024-03-24]
BRA Extension: (Facebook Screen Sharing) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ncfpggehkhmjpdjpefomjchjafhmbnai [2023-10-11]
BRA Extension: (YouTube NonStop) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nlkaejimjacpillmajjnopmpbkbnocid [2023-10-30]
BRA Profile: C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\System Profile [2023-10-11]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-04-11]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-04-11]
BRA Extension: (Brave NTP background images) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-01]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-04-11]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-23]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-04-11]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2024-02-09]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2024-04-11]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-03-09]
BRA Extension: (Brave Ads Resources) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2024-03-03]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-04-11]
BRA Extension: (Brave Ad Block Updater (EasyList Germany (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2024-04-11]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-01-26]
BRA Extension: (Brave Ad Block Updater (Fanboy's Annoyances (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\omoaeaghhgmiojkeaemjkpkmelmalbgo [2024-04-11]
BRA Extension: (Brave Ad Block Updater (Greek AdBlock (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\onooookdmjmijocbeafcldnbfiaobhjk [2024-04-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-25]
BRA Extension: (Brave Ad Block Updater (uBlock Annoyances (used with Fanboy's Annoyances) (plaintext))) - C:\Users\Geofish\AppData\Local\BraveSoftware\Brave-Browser\User Data\pnoagbonokhdnppohfeemefhjbbofplk [2024-04-10]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-08-08] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [17243936 2024-02-15] (Autodesk, Inc. -> Autodesk)
R2 AdskNLM; C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe [1127760 2019-01-15] (Flexera Software LLC -> Flexera)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Autodesk Access Service Host; C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe [11630368 2024-02-07] (Autodesk, Inc. -> Autodesk, Inc.)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2574864 2023-07-20] (Bitdefender SRL -> Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-05-27] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-20] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\elevation_service.exe [2671128 2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-12-20] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe [74016 2024-03-26] (Google LLC -> Google LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14221312 2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-12-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-05-16] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [594320 2023-07-18] (F5 Networks Inc -> F5 Networks, Inc.)
R2 F5FltSrv; C:\WINDOWS\SysWOW64\F5FltSrv.exe [717200 2023-07-18] (F5 Networks Inc -> F5 Networks, Inc.)
R2 F5TrafficSrv; C:\WINDOWS\SysWOW64\F5TrafficSrv.exe [292320 2018-08-24] (F5 Networks Inc -> F5 Networks, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncHelper.exe [3512224 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 Focusrite Control Server; C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [1297920 2023-12-19] () [File not signed]
S2 GoogleUpdaterInternalService125.0.6407.0; C:\Program Files (x86)\Google\GoogleUpdater\125.0.6407.0\updater.exe [4782880 2024-04-08] (Google LLC -> Google LLC)
S2 GoogleUpdaterService125.0.6407.0; C:\Program Files (x86)\Google\GoogleUpdater\125.0.6407.0\updater.exe [4782880 2024-04-08] (Google LLC -> Google LLC)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8882936 2024-04-11] (Malwarebytes Inc. -> Malwarebytes)
R2 MOTUCoreUACAudioPolicyMediator; C:\Program Files (x86)\MOTU\CoreUAC\Service\MOTUCoreUACAudioPolicyMediator.exe [79000 2022-10-31] (Mark of the Unicorn, Inc -> )
R2 NbfcService; C:\Program Files (x86)\NoteBook FanControl\NbfcService.exe [8704 2019-04-14] (StagWare) [File not signed] [File is in use] <==== ATTENTION
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe [26464 2024-02-23] (Locktime Software s.r.o. -> Locktime Software)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_e96375d8421bb873\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-01-13] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [22384 2023-11-09] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.055.0317.0002\OneDriveUpdaterService.exe [3852712 2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [686032 2023-12-12] (Bitdefender SRL -> Bitdefender)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [466224 2019-09-26] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [508208 2019-09-26] (Acer Incorporated -> Acer Incorporated)
R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [30224 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [18575672 2024-04-02] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5964328 2023-05-27] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [1045352 2023-11-16] (Windscribe Limited -> Windscribe Limited)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [12311392 2023-05-31] (KRAFTON, Inc. -> KRAFTON, Inc)
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 arturiausbmidi; C:\WINDOWS\System32\drivers\arturiausbmidi.sys [404984 2023-06-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 arturiausbmidiks; C:\WINDOWS\System32\drivers\arturiausbmidiks.sys [54816 2023-06-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-12-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-12-06] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 F5FltDrv; C:\WINDOWS\SysWOW64\drivers\F5FltDrv.sys [55648 2023-07-18] (F5 Networks Inc -> F5 Networks, Inc.)
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [49560 2023-01-03] (F5 Networks Inc -> F5 Networks, Inc.)
R3 FocusritePCIeSwRoot; C:\WINDOWS\System32\drivers\FocusritePCIeSwRoot.sys [106208 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUsb; C:\WINDOWS\System32\drivers\FocusriteUsb.sys [170312 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUsbAudio; C:\WINDOWS\System32\drivers\FocusriteUsbAudio.sys [109896 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsbSwRoot; C:\WINDOWS\System32\drivers\FocusriteUsbSwRoot.sys [112968 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 Focusriteusb_AUDIO; C:\WINDOWS\system32\drivers\FocusriteusbAudio.sys [109896 2023-11-27] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
S3 KMWDFILTER; C:\WINDOWS\System32\drivers\KMWDFILTER.sys [30208 2009-04-29] (MLK Technologies Limited -> Windows ® Codename Longhorn DDK provider)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31032 2019-09-25] (Acer Incorporated -> Acer Incorporated)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78912 2024-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-04-11] (Malwarebytes Inc. -> Malwarebytes)
R3 MOTUCoreUAC; C:\WINDOWS\System32\Drivers\MOTUCoreUAC.sys [224488 2022-10-31] (Mark of the Unicorn, Inc -> MOTU, Inc)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [202416 2024-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Locktime Software)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25400 2019-09-25] (Acer Incorporated -> Acer Incorporated)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [309752 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [120280 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SoundGridMIDI; C:\WINDOWS\system32\drivers\SoundGridMidi.sys [45040 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
S3 SoundGridMIDI; C:\Windows\SysWOW64\drivers\SoundGridMidi.sys [23552 2019-08-19] (Waves Audio Ltd.) [File not signed]
R2 SoundGridProtocol; C:\WINDOWS\system32\DRIVERS\SoundGridProtocol.sys [115184 2019-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Waves Audio Ltd.)
R2 SoundGridProtocol; C:\Windows\SysWOW64\DRIVERS\SoundGridProtocol.sys [55296 2019-08-19] (Waves Audio Ltd.) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2022-10-07] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2023-11-03] (Windscribe Limited -> The OpenVPN Project)
R3 urvpndrv; C:\WINDOWS\System32\drivers\covpnv64.sys [61920 2022-10-18] (F5 Networks Inc -> F5 Networks, Inc.)
R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [38152 2023-11-16] (Windscribe Limited -> )
R3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2023-11-03] (Windscribe Limited -> WireGuard LLC)
R1 WinRing0_1_2_0; C:\PROGRAM FILES (X86)\NOTEBOOK FANCONTROL\PLUGINS\WinRing0x64.sys [14544 2024-01-20] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-03-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [1447240 2023-06-23] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 AppleLowerFilter; \SystemRoot\System32\drivers\AppleLowerFilter.sys [X]
S3 hsstap; \SystemRoot\System32\drivers\hsstap.sys [X]
S3 ssudcdf; \SystemRoot\System32\drivers\ssudcdf.sys [X]
S3 ssuddmgr; \SystemRoot\System32\drivers\ssuddmgr.sys [X]
S3 ssudobex; \SystemRoot\System32\drivers\ssudobex.sys [X]
S3 ssudserd; \SystemRoot\System32\drivers\ssudserd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-11 22:50 - 2024-04-11 23:07 - 000001291 _____ C:\Users\Geofish\Desktop\ESET Online Scanner.lnk
2024-04-11 22:15 - 2024-04-11 22:15 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-04-11 19:23 - 2024-04-11 19:41 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\AnyDesk
2024-04-11 18:53 - 2024-04-11 18:53 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240411_185347.txt
2024-04-11 00:16 - 2024-04-11 00:16 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240411_001654.txt
2024-04-11 00:11 - 2024-04-11 00:11 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240411_001159.txt
2024-04-10 23:41 - 2024-04-10 23:41 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_234122.txt
2024-04-10 23:38 - 2024-04-10 23:38 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_233832.txt
2024-04-10 23:35 - 2024-04-10 23:35 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_233555.txt
2024-04-10 23:31 - 2024-04-10 23:31 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_233134.txt
2024-04-10 23:20 - 2024-04-10 23:20 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_232008.txt
2024-04-10 22:40 - 2024-04-10 22:40 - 000000000 ____T C:\WINDOWS\system32\Elan_FP_Image_20240410_224045.txt
2024-04-10 22:40 - 2024-04-10 22:40 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2024-04-10 21:28 - 2024-04-10 21:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-04-10 21:28 - 2024-04-10 21:28 - 000000000 ____D C:\Program Files\VS Revo Group
2024-04-10 20:54 - 2024-04-10 20:54 - 000000000 ____D C:\Program Files\HitmanPro
2024-04-10 06:23 - 2024-04-10 06:23 - 000000000 ___HD C:\$WinREAgent
2024-04-10 04:13 - 2024-04-10 23:19 - 000001527 _____ C:\WINDOWS\system32\config\VSMIDK
2024-04-09 19:04 - 2024-04-11 18:53 - 148635648 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-04-04 18:50 - 2024-04-04 18:50 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-04-04 10:53 - 2024-04-04 10:53 - 000187761 _____ C:\Users\Geofish\Desktop\SFC_details.txt
2024-04-04 09:47 - 2024-04-04 09:47 - 000000000 ____D C:\WINDOWS\Panther
2024-04-03 09:41 - 2024-04-03 09:58 - 000000000 ____D C:\Users\Geofish\AppData\Local\Sysinternals
2024-04-03 09:05 - 2024-04-11 19:00 - 000000223 _____ C:\WINDOWS\wininit.ini
2024-04-03 03:12 - 2024-04-03 03:12 - 000000000 ____D C:\Users\Geofish\AppData\Local\Backup
2024-04-03 02:08 - 2024-04-03 02:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2024-04-03 01:59 - 2024-04-11 19:00 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2024-04-03 01:59 - 2024-04-11 19:00 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2024-04-02 16:32 - 2024-04-11 23:07 - 000001397 _____ C:\Users\Geofish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-04-02 16:32 - 2024-04-02 16:32 - 000000000 ____D C:\Users\Geofish\AppData\Local\ESET
2024-04-02 11:51 - 2024-04-11 23:40 - 000000000 ____D C:\FRST
2024-04-02 11:44 - 2024-04-02 11:44 - 000000996 _____ C:\WINDOWS\system32\.crusader
2024-04-02 11:39 - 2024-04-02 11:44 - 000000000 ____D C:\ProgramData\HitmanPro
2024-04-02 11:34 - 2024-04-10 20:48 - 000002244 _____ C:\Users\Geofish\Desktop\Rkill.txt
2024-04-02 10:57 - 2024-04-02 10:57 - 000063519 _____ C:\WINDOWS\system32\sfcdetails.txt
2024-04-02 01:19 - 2024-04-02 01:19 - 000020861 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-02 01:18 - 2024-04-02 01:18 - 000020861 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-04-01 22:49 - 2024-04-01 22:49 - 000008573 _____ C:\Users\Geofish\Desktop\virus.txt
2024-04-01 15:47 - 2024-04-01 15:47 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\Locktime
2024-04-01 15:46 - 2024-04-01 15:46 - 000001228 _____ C:\Users\Public\Desktop\NetLimiter.lnk
2024-04-01 15:46 - 2024-04-01 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter
2024-04-01 15:46 - 2024-04-01 15:46 - 000000000 ____D C:\ProgramData\Locktime
2024-04-01 15:46 - 2024-04-01 15:46 - 000000000 ____D C:\Program Files\Locktime Software
2024-03-31 04:08 - 2024-04-09 19:04 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-03-30 01:40 - 2024-03-30 01:40 - 000241348 _____ C:\ProgramData\cl.1711755362.bdinstall.v2.bin
2024-03-30 01:40 - 2024-03-30 01:40 - 000126580 _____ C:\ProgramData\cl.kit.1711755361.bdinstall.v2.bin
2024-03-30 01:39 - 2024-03-30 01:39 - 000000000 ____D C:\Program Files\Bitdefender
2024-03-30 01:36 - 2024-03-30 01:36 - 000003846 _____ C:\WINDOWS\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2024-03-30 01:36 - 2024-03-30 01:36 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2024-03-30 01:34 - 2024-03-30 01:34 - 000143124 _____ C:\ProgramData\agent.1711755260.bdinstall.v2.bin
2024-03-30 01:34 - 2024-03-30 01:34 - 000000000 ____D C:\Users\Geofish\AppData\Local\Bitdefender
2024-03-30 01:34 - 2024-03-30 01:34 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2024-03-30 01:34 - 2024-03-30 01:34 - 000000000 ____D C:\Program Files\Bitdefender Agent
2024-03-30 00:37 - 2024-04-09 18:05 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-03-29 13:22 - 2024-04-11 22:16 - 000000000 ____D C:\Users\Geofish\AppData\Local\Malwarebytes
2024-03-29 12:53 - 2024-04-11 22:15 - 000000000 ____D C:\Users\Geofish\AppData\LocalLow\IGDump
2024-03-28 23:06 - 2024-04-09 15:59 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1286322575-3200454710-2639170948-1001
2024-03-28 23:06 - 2024-04-09 15:59 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1286322575-3200454710-2639170948-1000
2024-03-28 23:06 - 2024-04-09 15:59 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-03-28 23:06 - 2024-04-09 15:59 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-03-28 23:06 - 2024-03-28 23:06 - 000000000 ___RD C:\Users\defaultuser0\OneDrive
2024-03-28 23:06 - 2024-03-28 23:06 - 000000000 ___RD C:\Users\Default\OneDrive
2024-03-28 23:05 - 2024-03-28 23:05 - 000002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-03-28 23:05 - 2024-03-28 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2024-03-28 23:00 - 2024-04-04 18:50 - 000000000 ____D C:\Program Files\Microsoft Office
2024-03-28 23:00 - 2024-03-28 23:00 - 000000000 ____D C:\Program Files\Microsoft Office 15
2024-03-28 21:57 - 2024-03-29 12:59 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\ServiceData
2024-03-28 21:57 - 2024-03-29 12:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Service
2024-03-28 21:57 - 2024-03-28 21:57 - 000000000 ____D C:\Users\Geofish\AppData\Local\Vaposenon
2024-03-28 21:36 - 2024-03-28 21:36 - 003983711 _____ C:\ProgramData\DBKEHDGDGHCBGCAKFIIIECFIIJ
2024-03-28 21:36 - 2024-03-28 21:36 - 003716272 _____ C:\ProgramData\AEGIJKEHCAKFCAKFHDAAAAECFC
2024-03-28 21:36 - 2024-03-28 21:36 - 003639917 _____ C:\ProgramData\HJKECAAAFHJECAAAEBFCAEBFHC
2024-03-28 21:36 - 2024-03-28 21:36 - 003639917 _____ C:\ProgramData\FBFHDBKJEGHJJJKFIIJEBGIJKK
2024-03-28 21:36 - 2024-03-28 21:36 - 003211264 _____ (as) C:\ProgramData\HCFIIIJJKJ.exe
2024-03-28 21:36 - 2024-03-28 21:36 - 002963265 _____ C:\ProgramData\FHIDAKFIJJKJJJKEBKJEHCBGDA
2024-03-28 21:36 - 2024-03-28 21:36 - 002154892 _____ C:\ProgramData\KFHJJDHJEGHJKECBGCFHDBFIEG
2024-03-28 21:36 - 2024-03-28 21:36 - 001862821 _____ C:\ProgramData\BFBGHDGCFHIDBGDGIIIEHIJDAF
2024-03-28 21:36 - 2024-03-28 21:36 - 001709054 _____ C:\ProgramData\JKJECBAAAFHIIEBFCBKFIDGDHI
2024-03-28 21:36 - 2024-03-28 21:36 - 001626853 _____ C:\ProgramData\FCFIEHCFIECBGCBFHIJJKEGHIE
2024-03-28 21:36 - 2024-03-28 21:36 - 001560300 _____ C:\ProgramData\CAAAAFBKFIECAAKECGCAAKJECB
2024-03-28 21:36 - 2024-03-28 21:36 - 001441639 _____ C:\ProgramData\JDGIECGIEBKJJJJKEGHJJJKEBA
2024-03-28 21:36 - 2024-03-28 21:36 - 001378462 _____ C:\ProgramData\BAECFCAAECBGDGDHIEHJEBAAFI
2024-03-28 21:36 - 2024-03-28 21:36 - 001171751 _____ C:\ProgramData\CFCGIIEHIEGDGDGCAEBGDAKFCB
2024-03-28 21:36 - 2024-03-28 21:36 - 001150136 _____ C:\ProgramData\EHDAAECAEBKJKFHJKECFIJJDAE
2024-03-28 21:36 - 2024-03-28 21:36 - 001080140 _____ C:\ProgramData\FCFBFHIEBKJKFHIEBFBAEGHJDB
2024-03-28 21:36 - 2024-03-28 21:36 - 000700951 _____ C:\ProgramData\DBAAFIDGDAAAAAAAAKEBFHDBGH
2024-03-28 21:36 - 2024-03-28 21:36 - 000700844 _____ C:\ProgramData\IEGCBFHJDHJJKFIDBGIJJEGDBF
2024-03-28 21:36 - 2024-03-28 21:36 - 000646515 _____ C:\ProgramData\GIIEGHIDBGHIECAAECGDAEHDHJ
2024-03-28 21:36 - 2024-03-28 21:36 - 000593495 _____ C:\ProgramData\DHDAKFCGIJKJKFHIDHIIIEBGCB
2024-03-28 21:36 - 2024-03-28 21:36 - 000556863 _____ C:\ProgramData\AKJDGIEHCAEHIEBFBKKKKFIDBK
2024-03-28 21:36 - 2024-03-28 21:36 - 000556849 _____ C:\ProgramData\ECBGHCGCBKFIECBFHIDGHDGIEG
2024-03-28 21:36 - 2024-03-28 21:36 - 000556849 _____ C:\ProgramData\CAEGHIJEHJDHIDHIDAEHCGDHJJ
2024-03-28 21:36 - 2024-03-28 21:36 - 000537536 _____ C:\ProgramData\JDAEHJJECAEGCAAAAEGIEBKEBK
2024-03-28 21:36 - 2024-03-28 21:36 - 000519796 _____ C:\ProgramData\KFCFBFHIEBKJKFHIEBFBAEGHJD
2024-03-28 21:36 - 2024-03-28 21:36 - 000519756 _____ C:\ProgramData\FIIECFHDBAAECAAKFHDHIIJKFH
2024-03-28 21:36 - 2024-03-28 21:36 - 000450862 _____ C:\ProgramData\GCAFCAFHJJDBFIECFBKECFHDGI
2024-03-28 21:36 - 2024-03-28 21:36 - 000449915 _____ C:\ProgramData\FHIDBKFCAAEBFIDHDBAECFIEGC
2024-03-28 21:36 - 2024-03-28 21:36 - 000435169 _____ C:\ProgramData\HJDGCGDBGCAAEBFIECGHDGCAAE
2024-03-28 21:36 - 2024-03-28 21:36 - 000435169 _____ C:\ProgramData\CAFBGHIDBGHJJKFHJDHCBKJDGC
2024-03-28 21:36 - 2024-03-28 21:36 - 000434616 _____ C:\ProgramData\KJDGDBFBGIDGIEBGHCGIECGIEC
2024-03-28 21:36 - 2024-03-28 21:36 - 000428389 _____ C:\ProgramData\KKEBKJJDGHCBGCAAKEHDBAEGHD
2024-03-28 21:36 - 2024-03-28 21:36 - 000421331 _____ C:\ProgramData\CAAAFCAKKKFBFIDGDBFHJJEHID
2024-03-28 21:36 - 2024-03-28 21:36 - 000386062 _____ C:\ProgramData\BGCAAFHIEBKJKEBFIEHDGDAEBK
2024-03-28 21:36 - 2024-03-28 21:36 - 000361121 _____ C:\ProgramData\AKFCFBAAEHCFHJJKEHJKJDHJDG
2024-03-28 21:36 - 2024-03-28 21:36 - 000305729 _____ C:\ProgramData\BGIJJKKJJDAAAAAKFHJJDGDAFB
2024-03-28 21:36 - 2024-03-28 21:36 - 000301561 _____ C:\ProgramData\CAEHCFCBKKJDGCAKFCFIIIECGC
2024-03-28 21:36 - 2024-03-28 21:36 - 000295162 _____ C:\ProgramData\CGCFCFBKFCFCBGDGIEGHJDAFHJ
2024-03-28 21:36 - 2024-03-28 21:36 - 000292065 _____ C:\ProgramData\IJKKEHJDHJKFIECAAKFIJJKJKF
2024-03-28 21:36 - 2024-03-28 21:36 - 000275423 _____ C:\ProgramData\DBFHDHJKKJDHJJJJKEGHIDGDHD
2024-03-28 21:36 - 2024-03-28 21:36 - 000213270 _____ C:\ProgramData\BGDAKEHIIDGDAAKECBFBKKFCGH
2024-03-28 21:36 - 2022-01-13 18:51 - 052083387 _____ C:\ProgramData\KJEBKJDAFHJDGDHJKKEGIJDAKJ
2024-03-28 21:36 - 2020-03-13 09:20 - 000242857 _____ C:\ProgramData\JDHIEBFHCAKEHIDGHCBAKKKJEG
2024-03-28 21:36 - 2019-08-14 16:13 - 000307589 _____ C:\ProgramData\AFBFHDBKJEGHJJJKFIIJEBGIJK
2024-03-28 21:36 - 2019-08-14 14:59 - 000303204 _____ C:\ProgramData\BKKFCFBKFCFBFIDGCGDHJDBKFH
2024-03-28 21:35 - 2024-03-28 21:36 - 000537322 _____ C:\ProgramData\JJDGCGHCGHCBFHJJKKJEHJEHJE
2024-03-28 21:35 - 2024-03-28 21:36 - 000386062 _____ C:\ProgramData\KFCFBAAEHCFHJJKEHJKJDHJDGI
2024-03-28 21:35 - 2024-03-28 21:35 - 081303158 _____ C:\ProgramData\HDGCAAFBFBKFIDGDHJDBKECFBA
2024-03-28 21:35 - 2024-03-28 21:35 - 080614844 _____ C:\ProgramData\KJECFHCBKKEBAKFIJDHIJDAKKE
2024-03-28 21:35 - 2024-03-28 21:35 - 075397057 _____ C:\ProgramData\IEBFIEBAFCBAAAAKJKJEBGHJKF
2024-03-28 21:35 - 2024-03-28 21:35 - 052046657 _____ C:\ProgramData\AKJKFBAFIDAEBFHJKJEBFCBFHD
2024-03-28 21:35 - 2022-01-14 01:11 - 058343096 _____ C:\ProgramData\JDGIIJJDHDGCGDHIJDAKJKKKFH
2024-03-28 21:35 - 2022-01-13 22:12 - 051880035 _____ C:\ProgramData\AAEBAFBGIDHCBFHIECFCBGHIEG
2024-03-28 21:35 - 2022-01-13 20:47 - 043224137 _____ C:\ProgramData\FCFHJKJJJECGDHJJDHDAAAFBKF
2024-03-28 21:35 - 2022-01-13 20:46 - 058072161 _____ C:\ProgramData\GDBFCGIIIJDBGCBGIDGIDGCGHJ
2024-03-28 21:35 - 2022-01-13 20:46 - 056197689 _____ C:\ProgramData\EHDHIDAEHCFHJJJJECAAFBKJJD
2024-03-28 21:35 - 2022-01-13 20:46 - 054691925 _____ C:\ProgramData\HDAKJDHIEBFIIDGDGDBAEGCGDA
2024-03-28 21:35 - 2022-01-13 20:46 - 054041501 _____ C:\ProgramData\CGHCGIIDGDAKFIEBKFCFIDAFBF
2024-03-28 21:35 - 2022-01-13 20:46 - 052923142 _____ C:\ProgramData\FHCGCFHDHIIIDGCAAEGDAFBFHD
2024-03-28 21:35 - 2022-01-13 20:46 - 048306145 _____ C:\ProgramData\DHIEHIIEHIEHJKEBKEHJKJEBGI
2024-03-28 21:35 - 2022-01-13 20:46 - 047427044 _____ C:\ProgramData\EGIJKEHCAKFCAKFHDAAAAECFCG
2024-03-28 21:35 - 2022-01-13 20:46 - 002149546 _____ C:\ProgramData\JKECFCFBGDHIECAAFIIDAKKJJK
2024-03-28 21:35 - 2022-01-13 20:40 - 092098057 _____ C:\ProgramData\KKECFIEBGCAKJKECGCFIIECGDB
2024-03-28 21:35 - 2022-01-13 20:40 - 053391887 _____ C:\ProgramData\FHDAFIIDAKJDGDHIDAKJJJEHCF
2024-03-28 21:35 - 2022-01-13 20:39 - 100231573 _____ C:\ProgramData\IEHJDGIDBAAFIDGCGCAKKKFBFH
2024-03-28 21:35 - 2022-01-13 20:39 - 099457824 _____ C:\ProgramData\CBKJEGCBKKJECBGCGDBAKJEBAA
2024-03-28 21:35 - 2022-01-13 20:37 - 051721966 _____ C:\ProgramData\GIJECGDGCBKECAKFBGCAKECGIE
2024-03-28 21:35 - 2022-01-13 20:37 - 049739975 _____ C:\ProgramData\GDBKJDGIJECFIEBFIDHCGHDHIE
2024-03-28 21:35 - 2022-01-13 20:37 - 046228343 _____ C:\ProgramData\AFHIEBKKFHIEGCAKECGHJEHIEG
2024-03-28 21:35 - 2022-01-13 20:24 - 055543264 _____ C:\ProgramData\KECFIDGCBFBAKEBFBKFBFBAFII
2024-03-28 21:35 - 2022-01-13 20:05 - 061549386 _____ C:\ProgramData\FBFIDBFHDBGIDHJJEGHIIDAFID
2024-03-28 21:35 - 2022-01-13 20:05 - 000975866 _____ C:\ProgramData\EBAEBFIIECBGCBGDHCAFCGDBGC
2024-03-28 21:35 - 2022-01-13 18:54 - 091571431 _____ C:\ProgramData\IECAFHDBGHJKFIDHJJJEBKEBGI
2024-03-28 21:35 - 2022-01-13 18:54 - 068839290 _____ C:\ProgramData\DHJKJKKKJJJKJKFHJJJJECBFCG
2024-03-28 21:35 - 2022-01-13 18:47 - 049243738 _____ C:\ProgramData\AFHDAEGHDGDBGDGDAAFIJEHDHD
2024-03-28 21:35 - 2022-01-13 18:44 - 042424287 _____ C:\ProgramData\KEHDHIDAEHCFHJJJJECAAFBKJJ
2024-03-28 21:35 - 2022-01-13 18:44 - 041736243 _____ C:\ProgramData\FHJDAAEGIDHDGCAAFCBAFHDAKJ
2024-03-28 21:35 - 2022-01-13 18:42 - 050244930 _____ C:\ProgramData\AFCAAEGDBKJJKECBKFHCBAECAF
2024-03-28 21:35 - 2022-01-13 18:40 - 053238908 _____ C:\ProgramData\JKEHIIJJECFHJKECFHDGIIDBGD
2024-03-28 21:35 - 2022-01-13 18:40 - 052189842 _____ C:\ProgramData\CBAKEBGIIDAFIDHIIECFCFIEGH
2024-03-28 21:35 - 2022-01-13 18:38 - 068712429 _____ C:\ProgramData\DGCFHIDAKECFHIEBFCGIJDBKJD
2024-03-28 21:35 - 2022-01-13 18:34 - 032979973 _____ C:\ProgramData\GIEHJKEBAAEBGCAAEBFHJKKKEC
2024-03-28 21:35 - 2022-01-13 18:31 - 088588946 _____ C:\ProgramData\KFIJEGCBGIDGHIDHDGCBFCGDGC
2024-03-28 21:35 - 2022-01-13 18:24 - 053637524 _____ C:\ProgramData\DGHIDHCAAKECGCBFIJDBAAFBGH
2024-03-28 21:35 - 2022-01-13 18:24 - 053195142 _____ C:\ProgramData\DHCBAEHJJJKKFIDGHJECAFIDAF
2024-03-28 21:35 - 2022-01-13 18:18 - 078716306 _____ C:\ProgramData\EGHCAKKEGCAAFHJJJDBKJECFBK
2024-03-28 21:35 - 2022-01-13 18:17 - 071966690 _____ C:\ProgramData\AAKKECFBGIIIEBGDGDAKJKKKEB
2024-03-28 21:35 - 2022-01-13 18:15 - 098002431 _____ C:\ProgramData\KJEGCFBGDHJJJJJKJECFCFCAAK
2024-03-28 21:35 - 2022-01-13 18:14 - 069866085 _____ C:\ProgramData\ECAKKKKJDBKKFIEBKEHDGCAFCB
2024-03-28 21:35 - 2022-01-13 18:11 - 055989215 _____ C:\ProgramData\JEBKKEGDBFIIEBFHIEHCBKJJKJ
2024-03-28 21:35 - 2022-01-13 18:04 - 089913532 _____ C:\ProgramData\AEBAKJDGHIIJJKFHCFCAFCFCGI
2024-03-28 21:35 - 2019-08-08 20:04 - 031146984 _____ C:\ProgramData\JECAEHJJJKJKFIDGCBGIJJJEHI
2024-03-28 21:35 - 2016-05-30 00:51 - 077216990 _____ C:\ProgramData\GHDBAFIIECBFHIEBKJJKEBFCBG
2024-03-28 21:34 - 2024-03-28 21:36 - 001226584 _____ C:\ProgramData\EBAKEBAECGCBAAAAAEBAFBGIDH
2024-03-28 21:34 - 2024-03-28 21:36 - 000798764 _____ C:\ProgramData\JDAKJJDBGCAKKFHIJEGHCGHJKJ
2024-03-28 21:34 - 2024-03-28 21:36 - 000652406 _____ C:\ProgramData\DAKJDHIEBFIIDGDGDBAEGCGDAE
2024-03-28 21:34 - 2024-03-28 21:36 - 000539069 _____ C:\ProgramData\HJJEGIEHIJKKFIDHDGIDAKECFH
2024-03-28 21:34 - 2024-03-28 21:36 - 000519756 _____ C:\ProgramData\BGDAAKJJDAAKFHJKJKFCAEHDAF
2024-03-28 21:34 - 2024-03-28 21:36 - 000449915 _____ C:\ProgramData\KKFHJJDHJEGHJKECBGCFHDBFIE
2024-03-28 21:34 - 2024-03-28 21:36 - 000334662 _____ C:\ProgramData\HDGCFHIDAKECFHIEBFCGIJDBKJ
2024-03-28 21:34 - 2024-03-28 21:36 - 000292903 _____ C:\ProgramData\EHIJJDGDHDGDAKFIECFIJEGDHI
2024-03-28 21:34 - 2022-01-13 20:46 - 056399392 _____ C:\ProgramData\KEGCFCAKFHCGCBFHCGHDBGIJJD
2024-03-28 21:34 - 2022-01-13 20:46 - 054672345 _____ C:\ProgramData\DGDBKFBAKFBFHIECFBFIJKJKKF
2024-03-28 21:34 - 2022-01-13 20:34 - 049846139 _____ C:\ProgramData\JJEGIJEGDBFHDGCAFCAEBGCGCB
2024-03-28 21:34 - 2022-01-13 18:17 - 095565331 _____ C:\ProgramData\CAKKJKKECFIDGDHIJEGDAKFBFB
2024-03-28 21:34 - 2022-01-13 18:04 - 045594339 _____ C:\ProgramData\GDBKKFHIEGDHJKECAAKKEBAFIJ
2024-03-28 21:34 - 2022-01-13 17:18 - 074259072 _____ C:\ProgramData\HJJKJJDHCGCAECAAECFHDAECFH
2024-03-28 21:34 - 2014-06-26 13:35 - 007573378 _____ C:\ProgramData\JDBGDHIIDAEBFHJJDBFIDGIJEG
2024-03-28 21:34 - 2014-04-14 18:59 - 007480977 _____ C:\ProgramData\GHJKJDAKEHJDGDGDGHIDAEGIJJ
2024-03-28 21:34 - 2014-03-23 21:18 - 007480977 _____ C:\ProgramData\JJEGCBGIDHCAKEBGIIDBKFIEHI
2024-03-28 21:34 - 2013-07-23 21:24 - 003952311 _____ C:\ProgramData\AFCFHDHIIIECBGCAKFIJDHJEGI
2024-03-28 21:34 - 2013-07-23 21:21 - 001910109 _____ C:\ProgramData\IIEHJEHDBGHIDGDGHCBGDGCBFI
2024-03-28 21:34 - 2013-03-31 18:33 - 003483005 _____ C:\ProgramData\HIEHDHCFIJDBFHJJDBFHJKJDHI
2024-03-28 21:34 - 2013-02-22 21:01 - 004336207 _____ C:\ProgramData\DBAEHCGHIIIDHIECFHJDHDGHDB
2024-03-28 21:34 - 2013-02-22 20:03 - 005251901 _____ C:\ProgramData\HJJECBKKECFIEBGCAKJKECGCFI
2024-03-28 21:34 - 2013-01-04 18:36 - 052976969 _____ C:\ProgramData\AFHDAKJKFCFBGCBGDHCBAFCAKE
2024-03-28 21:34 - 2012-09-08 10:49 - 041967361 _____ C:\ProgramData\KKJKFBKKECFHJKEBKEHIDAEBKF
2024-03-28 21:34 - 2012-08-29 16:38 - 007657970 _____ C:\ProgramData\AKKKECBKKECGCAAAEHJKJJJDGI
2024-03-28 21:34 - 2012-08-29 16:31 - 009954202 _____ C:\ProgramData\ECGDBAEHIJKKFHIEGCBGCAFIJJ
2024-03-28 21:34 - 2012-08-29 16:10 - 020857368 _____ C:\ProgramData\DHJDAKEGDBFHCAAKJJJDAEHCAA
2024-03-28 21:34 - 2012-08-29 15:58 - 003858597 _____ C:\ProgramData\GDAEBKJDHDAFIECBAKKJDAEHIE
2024-03-28 21:34 - 2012-08-29 15:52 - 009802450 _____ C:\ProgramData\JDAKJDAAFBKFHIEBFCFBKKKECG
2024-03-28 21:34 - 2012-04-14 12:49 - 009091076 _____ C:\ProgramData\DGDHJEGIEBFHDGDGHDHIEBKFHD
2024-03-28 21:34 - 2012-04-09 15:30 - 006172292 _____ C:\ProgramData\FHCBGIIJKEBFCBGDBAEBGCFIEH
2024-03-28 21:34 - 2012-03-24 19:00 - 009952232 _____ C:\ProgramData\FBFCFIEBKEGHIDGCAFBFBFHDBA
2024-03-28 21:34 - 2012-02-24 19:49 - 005665090 _____ C:\ProgramData\DHCGHDHIDHCBGCBGCAEBAKEHCB
2024-03-28 21:34 - 2012-02-24 19:45 - 003884280 _____ C:\ProgramData\JDBGHIIDAECBFIDHIIDGIIIIII
2024-03-28 21:34 - 2012-02-24 18:26 - 003346168 _____ C:\ProgramData\GHDAKKJJJKJKECBGCGDAEBAEHI
2024-03-28 21:34 - 2011-11-18 16:05 - 006322034 _____ C:\ProgramData\GHJKEHJEGCFCAKFIIJJJECBFBA
2024-03-28 21:34 - 2011-10-27 16:58 - 012715037 _____ C:\ProgramData\EHIJDHCAKKFCBGCBAAECFIJDAK
2024-03-28 21:34 - 2011-10-23 13:53 - 006477770 _____ C:\ProgramData\DGHJEHJJDAAAKEBGCFCAAAAEHC
2024-03-28 21:34 - 2011-09-01 19:15 - 007279585 _____ C:\ProgramData\AAKJEGCFBGDHJJJJJKJECFCFCA
2024-03-28 21:34 - 2011-07-20 18:48 - 004200672 _____ C:\ProgramData\CAKEBFCFIJJKKECAKJEHDAAFIE
2024-03-28 21:34 - 2011-07-20 18:48 - 002951978 _____ C:\ProgramData\GHJJDGHCBGDHIECBGIDAEHCGDG
2024-03-28 21:34 - 2011-06-18 17:26 - 005085508 _____ C:\ProgramData\ECGDAAFIIJDAAAAKFHIDAAAKJJ
2024-03-28 21:34 - 2011-06-18 14:13 - 003914296 _____ C:\ProgramData\KFIDBAFHCAKFBGCBFHIJKECGII
2024-03-28 21:34 - 2011-06-18 13:45 - 003631313 _____ C:\ProgramData\FBGHCGCAEBFIJKFIDBGHDGHCGH
2024-03-28 21:34 - 2011-05-21 16:00 - 006757932 _____ C:\ProgramData\FBKFCFBFIDGCGDHJDBKFHCFBGI
2024-03-28 21:34 - 2011-02-25 18:01 - 000812413 _____ C:\ProgramData\CAKKEGDGCGDAKEBFIJECGHJEGC
2024-03-28 21:34 - 2011-01-05 17:02 - 006191840 _____ C:\ProgramData\IEHDAFHDHCBFIDGCFIDGHJDGDA
2024-03-28 21:34 - 2011-01-04 15:22 - 004669670 _____ C:\ProgramData\FCAEBFIJKEBGHIDHIEGIJEBFII
2024-03-28 21:34 - 2010-11-21 17:11 - 003346168 _____ C:\ProgramData\KKJKEBKFCAAECAAAAAECFBKECG
2024-03-28 21:34 - 2010-09-15 20:20 - 005490454 _____ C:\ProgramData\BGCAFHCAKFBFIECAFIIJKKJEGC
2024-03-28 21:34 - 2010-01-30 20:39 - 007488800 _____ C:\ProgramData\BAKFCBFHJDHJKECAKEHIDGIJJD
2024-03-28 21:34 - 2009-06-26 16:40 - 008077145 _____ C:\ProgramData\HJJEGCAAECBFIEBGHJDGIJDHDH
2024-03-28 21:34 - 2009-05-15 13:56 - 009774470 _____ C:\ProgramData\KFBAECBAEGDGDHIEHIJJEBFHDA
2024-03-28 21:34 - 2008-11-03 22:07 - 005743042 _____ C:\ProgramData\BFCAAEHJDBKJJKFHJEBKFBGDAA
2024-03-28 21:34 - 2008-11-03 21:51 - 008826859 _____ C:\ProgramData\EBAFHCBFHDHCAAKFHDGDBKFCGC
2024-03-28 21:34 - 2008-10-30 23:11 - 004848634 _____ C:\ProgramData\HCBFIJJECFIEBGDGCFIJKFCBGI
2024-03-28 21:34 - 2008-10-30 22:11 - 004848634 _____ C:\ProgramData\FIEHIIIJDAAAAAAKECBFBAEBKJ
2024-03-28 21:34 - 2008-10-14 18:38 - 004029109 _____ C:\ProgramData\IIECFHDBAAECAAKFHDHIIJKFHJ
2024-03-28 21:34 - 2008-10-14 18:38 - 001815440 _____ C:\ProgramData\JJJEGCGDGHCBFHIDHDAAFBGCFB
2024-03-28 21:34 - 2008-10-14 18:36 - 002638127 _____ C:\ProgramData\CFIIIJJKJKFHIDGDBAKJEBKEGC
2024-03-28 21:34 - 2008-10-14 18:35 - 003186739 _____ C:\ProgramData\HIJJDGDHDGDAKFIECFIJEGDHII
2024-03-28 21:34 - 2008-10-14 06:16 - 003973900 _____ C:\ProgramData\EGHJKFHJJJKJJJJKEHCBGCGDAF
2024-03-28 21:34 - 2008-10-14 06:16 - 003865966 _____ C:\ProgramData\GHDHDGHJEBGIDGDGIJJKFBAAKK
2024-03-28 21:34 - 2008-10-12 16:40 - 004717206 _____ C:\ProgramData\GCGCFCBAKKFBFIECAEBAEBGCGD
2024-03-28 21:34 - 2008-10-12 16:40 - 004047743 _____ C:\ProgramData\GIIDBGDAFHJDHIDGDGIIEBGIEG
2024-03-28 21:34 - 2008-10-12 16:38 - 006128004 _____ C:\ProgramData\FCFBGIDAEHCFIDGCBGIIEBKKKF
2024-03-28 21:34 - 2008-09-09 10:53 - 008996072 _____ C:\ProgramData\HDAFIIDAKJDGDHIDAKJJJEHCFB
2024-03-28 21:34 - 2008-09-09 10:53 - 001319436 _____ C:\ProgramData\EGDGIIJJECFIDHJJKKFCAECFHI
2024-03-28 21:34 - 2008-08-10 02:47 - 009566476 _____ C:\ProgramData\BAFCFHDHIIIECBGCAKFIJDHJEG
2024-03-28 21:34 - 2008-08-10 02:47 - 008883453 _____ C:\ProgramData\DAFHIDGIJKJKECBGDBGHDBKFHI
2024-03-28 21:34 - 2008-08-10 02:47 - 008553216 _____ C:\ProgramData\FBKECFIIEHCFHIECAFBAKJJDGD
2024-03-28 21:34 - 2008-08-10 02:47 - 005729142 _____ C:\ProgramData\FIJDGIJJKEGIEBGCGDHCFIDAAE
2024-03-28 21:34 - 2008-08-10 02:47 - 005719619 _____ C:\ProgramData\IDHIEBAAKJDHIECAAFHCAECAFC
2024-03-28 21:34 - 2008-08-10 02:47 - 004694620 _____ C:\ProgramData\IJDHDGDAAAAKFIDGHJDGCGCFHJ
2024-03-28 21:34 - 2008-08-10 02:47 - 003821733 _____ C:\ProgramData\GDBAKKKFBGDHJKFHJJJJDGCBKF
2024-03-28 21:34 - 2008-08-10 02:47 - 003304999 _____ C:\ProgramData\BFHJECAAAFHIJKFIJEGCAKKECA
2024-03-28 21:34 - 2008-08-10 02:47 - 002758105 _____ C:\ProgramData\HJKJEHJKJEBGHJJKEBGIECAAFI
2024-03-28 21:34 - 2008-08-10 02:47 - 002651760 _____ C:\ProgramData\AFHDBGHJKFIDHJJJEBKEBGIEBG
2024-03-28 21:34 - 2008-08-10 02:47 - 002064015 _____ C:\ProgramData\JJJJEBGDAFHJEBGDGIJDHCAKJK
2024-03-28 21:34 - 2008-08-10 02:46 - 010054953 _____ C:\ProgramData\CFHDBFIEGIDGIECBKJECBKFHCA
2024-03-28 21:34 - 2008-08-10 02:46 - 006512187 _____ C:\ProgramData\CGIDHIIJKEBGHJJKFIDAAFCAKJ
2024-03-28 21:34 - 2008-08-10 02:46 - 006496021 _____ C:\ProgramData\AKECBFBAEBKJJJJKFCGCBKKEHD
2024-03-28 21:34 - 2008-08-10 02:46 - 005801295 _____ C:\ProgramData\HCAEHJJKFCAAFHJKFBKKEBKECB
2024-03-28 21:34 - 2008-08-10 02:46 - 004217193 _____ C:\ProgramData\IDHIIJJJKEGIDGCBAFIJECGIEG
2024-03-28 21:34 - 2008-08-10 02:46 - 003630338 _____ C:\ProgramData\CAAEBKEGHJKEBFHJDBFCFBKKJJ
2024-03-28 21:34 - 2008-08-10 02:46 - 003207808 _____ C:\ProgramData\GDBFHDHJKKJDHJJJJKEGHIDGDH
2024-03-28 21:34 - 2008-04-21 16:18 - 005225641 _____ C:\ProgramData\GIEGHJEGHJKFIEBFHJKKKFHCFH
2024-03-28 21:34 - 2008-04-15 22:23 - 026856640 _____ C:\ProgramData\GHDBKFHIJKJKECAAAECAECFBFI
2024-03-28 21:34 - 2008-04-15 22:23 - 010587202 _____ C:\ProgramData\BFIIIDAFBFBKECBGDBGIIIJJDA
2024-03-28 21:34 - 2008-04-15 22:23 - 006333598 _____ C:\ProgramData\CFHDHIJDGCBAKFIEGHCBGHJDAF
2024-03-28 21:34 - 2008-04-15 22:23 - 006303197 _____ C:\ProgramData\GCFCFCGCGIEHIECAFCFIJJKKFH
2024-03-28 21:34 - 2008-04-15 22:23 - 006252287 _____ C:\ProgramData\GCGHIIDHCGHCAAAAAFIJEGHJDH
2024-03-28 21:34 - 2008-04-15 22:23 - 005511450 _____ C:\ProgramData\EHIDAKECFIEBGDHJEBKKKKJKKE
2024-03-28 21:34 - 2008-04-15 22:23 - 005299350 _____ C:\ProgramData\GDHCGDGIEBKJKFHJJKFCBFBGDA
2024-03-28 21:34 - 2008-04-15 22:23 - 005235800 _____ C:\ProgramData\IDHDGIEHJJJJEBGDAFHJEBGDGI
2024-03-28 21:34 - 2008-04-15 22:23 - 005188095 _____ C:\ProgramData\BKJKEBGDHDAFHJKEGIIDAFIEBF
2024-03-28 21:34 - 2008-04-15 22:23 - 005042153 _____ C:\ProgramData\KJKEHIIJJECFHJKECFHDGIIDBG
2024-03-28 21:34 - 2008-04-15 22:23 - 003203704 _____ C:\ProgramData\JKFIDGDHJEGIEBFHDGDGHDHIEB
2024-03-28 21:34 - 2008-04-15 22:23 - 003020985 _____ C:\ProgramData\EBAKKFHJDBKKEBFHDAAEBGIEGD
2024-03-28 21:34 - 2008-04-15 22:23 - 002219556 _____ C:\ProgramData\GHJDGDBFCBKFHJKFHCBKKFIIDG
2024-03-28 21:34 - 2008-04-15 22:22 - 003820487 _____ C:\ProgramData\CBAFCAKEHDHDHIDHDGDHJEGHID
2024-03-28 21:34 - 2008-04-15 22:22 - 001749777 _____ C:\ProgramData\CAAKFIIDGIEHIDGCGHIIECGIJK
2024-03-28 21:34 - 2007-11-01 15:11 - 001470825 _____ C:\ProgramData\BGHIIJDGHCBFIECBKEGHDHDBAF
2024-03-28 21:34 - 2007-11-01 15:11 - 001470825 _____ C:\ProgramData\AFIIIIJKFCAAECAKFIEHCGDHIE
2024-03-28 21:34 - 2007-11-01 15:08 - 001117830 _____ C:\ProgramData\AEHIJKKFHIEGCBGCAFIJJJJKKJ
2024-03-28 21:34 - 2007-01-22 00:46 - 001930977 _____ C:\ProgramData\KEBKJDBAAKJDGCBFHCFCGIEBFB
2024-03-28 21:34 - 2005-11-09 19:49 - 000282695 _____ C:\ProgramData\CBFCFBFBFBKFIDHJKFCAFCFBKJ
2024-03-28 21:34 - 2005-11-09 19:44 - 000257990 _____ C:\ProgramData\HCGDGIDGIJKKEBGDAECAEBKKEB
2024-03-28 21:34 - 2005-08-10 15:19 - 003478954 _____ C:\ProgramData\GIJEBKECBAKFBGDGCBGDBAECAK
2024-03-28 21:33 - 2024-03-28 21:36 - 000388505 _____ C:\ProgramData\AKJDGDGDHDGDBFIDHDBAFHCAAA
2024-03-28 21:33 - 2024-03-28 21:33 - 032314326 _____ C:\ProgramData\HCBAKJEHDBGHIEBGCGDGHCAKEB
2024-03-28 21:33 - 2024-03-28 21:33 - 002419301 _____ C:\ProgramData\AEBKKECBGIIJJKECGIJECGDHIE
2024-03-28 21:33 - 2024-03-28 21:33 - 001621566 _____ C:\ProgramData\JEHJKJEBGHJJKEBGIECAAFIJKJ
2024-03-28 21:33 - 2024-03-28 21:33 - 001237106 _____ C:\ProgramData\IJKFCFHJDBKKFHIEHIDGCFCAEB
2024-03-28 21:33 - 2024-03-28 21:33 - 000837949 _____ C:\ProgramData\BAAAAKJKJEBGHJKFHIDGCFCBAK
2024-03-28 21:33 - 2024-03-28 21:33 - 000580214 _____ C:\ProgramData\CAFIEBKKJJDAKFHIDBFHJDBFBA
2024-03-28 21:33 - 2024-03-28 21:33 - 000522014 _____ C:\ProgramData\AEHDAKFIJJKKEBGDBAAKKJJKEH
2024-03-28 21:33 - 2022-01-13 20:46 - 046528367 _____ C:\ProgramData\FBKKFBAEGDHJJJJKFBKFHCAFCB
2024-03-28 21:33 - 2021-03-09 08:32 - 001558835 _____ C:\ProgramData\BGIIEGIDHCBFIDHJDGDBGIEHJE
2024-03-28 21:33 - 2020-11-22 16:10 - 001743156 _____ C:\ProgramData\KKEHIEBKJKFIEBGDGDAAECGHDH
2024-03-28 21:33 - 2020-11-22 16:10 - 000943261 _____ C:\ProgramData\AEHIDAKECFIEBGDHJEBKKKKJKK
2024-03-28 21:33 - 2020-11-21 21:22 - 001370066 _____ C:\ProgramData\DAFIEHIEGDHIDGDGHDHJJJDGHJ
2024-03-28 21:33 - 2017-07-01 14:29 - 000409806 _____ C:\ProgramData\BAFIEGIECGCBKFIEBGCAAFIEBF
2024-03-28 21:33 - 2014-11-25 00:44 - 1865561346 _____ C:\ProgramData\GCGIDGCGIEGDGDGDGHJKKKJKEC
2024-03-28 21:33 - 2014-09-12 11:33 - 000422597 _____ C:\ProgramData\GIEHJDHCBAEHJJJKKFIDGHJECA
2024-03-28 21:33 - 2014-09-11 11:32 - 000191653 _____ C:\ProgramData\IIJEBFCFIJJJEBGDBAKEHCAFHI
2024-03-28 21:33 - 2014-08-30 08:54 - 002097288 _____ C:\ProgramData\BFIDGHDBAFIJJJJKJDHDAECAKF
2024-03-28 21:33 - 2014-07-16 23:17 - 000967768 _____ C:\ProgramData\HIJEGDBGDBFIJKECBAKFBFIDGC
2024-03-28 21:33 - 2014-06-01 01:01 - 000307529 _____ C:\ProgramData\IECGIEBAEBFIIECBGCBGDHCAFC
2024-03-28 21:33 - 2014-06-01 00:06 - 2228982760 _____ C:\ProgramData\CFHCBKKFIJJJECAAFCGIEHIDHJ
2024-03-28 21:33 - 2011-09-01 19:13 - 008601496 _____ C:\ProgramData\BKKKFCFIIJJKKFHIEHJKECGCGC
2024-03-28 21:33 - 2011-08-15 15:40 - 001756063 _____ C:\ProgramData\GDGHJEHJJDAAAKEBGCFCAAAAEH
2024-03-28 21:33 - 2008-10-14 18:35 - 003263929 _____ C:\ProgramData\IJKFHDBKFCAAECBFIDHJECBKEB
2024-03-28 21:33 - 2008-09-09 10:53 - 007979889 _____ C:\ProgramData\FIJKEHJJDAAKFHIDAKFHCBFCFB
2024-03-28 21:33 - 2008-04-15 22:23 - 008074550 _____ C:\ProgramData\HCAAEBKEGHJKEBFHJDBFCFBKKJ
2024-03-28 21:31 - 2024-03-03 15:45 - 004512768 _____ (The OpenSSL Project, hxxps://www.openssl.org/) C:\ProgramData\EHDAFIJJECFHJJKFCAKJJKEHID
2024-03-28 21:31 - 2020-04-19 23:00 - 000515617 _____ C:\ProgramData\KKJEBAAECBGDHIECAKJKKECFHJ
2024-03-28 21:31 - 2019-03-22 15:05 - 000548598 _____ C:\ProgramData\JKFHIIEHIEGDHJJJKFIIIIDGID
2024-03-28 21:31 - 2009-06-05 16:12 - 004694620 _____ C:\ProgramData\JJJDGIECFCAKKFHIIIJEGDHIIE
2024-03-28 21:29 - 2024-03-28 21:35 - 080151796 _____ C:\ProgramData\DAEGIDHDHIDGIEBGIJEHIJKFII
2024-03-28 21:29 - 2022-01-13 18:52 - 046864644 _____ C:\ProgramData\ECFHIJKJKFIDHJKFBGHCGCAEBF
2024-03-28 21:28 - 2024-03-28 21:28 - 000283481 _____ C:\ProgramData\GCBKECAKFBGCAKECGIEHDGHCBA
2024-03-28 21:28 - 2024-03-28 21:28 - 000283481 _____ C:\ProgramData\EBGCFBGCBFHJECBGDAKKJDGHII
2024-03-28 21:28 - 2024-03-28 21:28 - 000240440 _____ C:\ProgramData\FCAAEHJDBKJJKFHJEBKFBGDAAE
2024-03-28 21:25 - 2024-03-28 21:25 - 000000000 ____D C:\Users\Geofish\.oracle_jre_usage
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-11 23:14 - 2021-12-16 12:41 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-04-11 22:41 - 2019-12-07 20:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-04-11 22:39 - 2019-12-07 20:14 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-04-11 22:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-11 22:19 - 2024-02-04 13:08 - 000000000 ____D C:\Program Files (x86)\Steam
2024-04-11 22:15 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-11 20:32 - 2020-01-10 20:53 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-04-11 20:32 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2024-04-11 19:21 - 2020-01-10 20:53 - 000000000 ____D C:\Users\Geofish\AppData\Local\TeamViewer
2024-04-11 19:16 - 2022-12-20 10:12 - 000002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-04-11 18:59 - 2021-03-12 15:55 - 002350512 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-11 18:59 - 2021-03-12 15:28 - 000553010 _____ C:\WINDOWS\system32\perfh008.dat
2024-04-11 18:59 - 2021-03-12 15:28 - 000088970 _____ C:\WINDOWS\system32\perfc008.dat
2024-04-11 18:59 - 2019-12-07 16:50 - 000742808 _____ C:\WINDOWS\system32\perfh007.dat
2024-04-11 18:59 - 2019-12-07 16:50 - 000150022 _____ C:\WINDOWS\system32\perfc007.dat
2024-04-11 18:54 - 2019-12-06 17:48 - 000000000 ____D C:\ProgramData\NVIDIA
2024-04-11 18:53 - 2021-03-12 15:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-11 18:53 - 2021-03-12 15:49 - 000008192 ___SH C:\DumpStack.log.tmp
2024-04-11 18:53 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-11 18:52 - 2021-03-12 15:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-11 11:59 - 2023-11-22 12:28 - 000000000 ____D C:\Users\Geofish\Desktop\Bewerbung
2024-04-11 11:59 - 2019-12-07 06:50 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\Microsoft\Word
2024-04-11 11:59 - 2019-12-07 06:36 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\Microsoft\Office
2024-04-11 09:09 - 2019-12-07 20:31 - 000000000 ____D C:\Users\Geofish\AppData\Local\D3DSCache
2024-04-11 01:17 - 2020-03-05 01:07 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-04-11 00:27 - 2022-10-02 15:07 - 000000000 ____D C:\Users\Geofish\AppData\Local\CrashDumps
2024-04-11 00:16 - 2017-09-21 17:28 - 000000000 __SHD C:\Users\Geofish\IntelGraphicsProfiles
2024-04-11 00:12 - 2021-03-12 15:51 - 000000000 ____D C:\Users\Geofish
2024-04-11 00:10 - 2021-03-12 15:51 - 000000000 ____D C:\Users\defaultuser0
2024-04-11 00:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-04-11 00:06 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-11 00:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\registration
2024-04-10 22:40 - 2020-04-14 14:13 - 000000000 ____D C:\Program Files\ElanFP
2024-04-10 22:13 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-04-10 21:08 - 2020-04-11 15:56 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\NoteBookFanControl
2024-04-10 20:26 - 2022-05-23 00:23 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-04-10 07:38 - 2021-03-12 15:49 - 000868424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-04-10 07:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-04-10 07:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-04-10 07:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-04-10 07:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-04-10 06:29 - 2021-03-12 15:52 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-04-10 03:58 - 2019-12-06 17:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-04-09 09:57 - 2019-12-07 17:50 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\vlc
2024-04-09 00:09 - 2022-12-20 10:12 - 000003860 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{BCEE0ED9-ED36-4150-9209-3118EDDA7F18}
2024-04-09 00:09 - 2022-12-20 10:12 - 000003736 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{5731B7DF-189A-4350-8BD8-73EEC82492D4}
2024-04-08 22:38 - 2019-12-06 18:27 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-08 00:04 - 2020-04-11 15:55 - 000000000 ____D C:\ProgramData\NbfcService
2024-04-07 15:00 - 2020-04-30 22:45 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\A1AUDIO.de
2024-04-06 01:31 - 2023-03-23 12:05 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-05 09:34 - 2023-03-07 02:13 - 000000000 ____D C:\Users\Geofish\Desktop\other
2024-04-04 18:50 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-04-04 18:41 - 2019-12-06 18:34 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-04-04 17:43 - 2021-03-12 15:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-04-04 17:42 - 2023-08-09 02:35 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-04-04 17:42 - 2023-04-24 20:59 - 000002046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-04-04 11:15 - 2019-12-19 23:06 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\uTorrent
2024-04-04 10:24 - 2019-12-19 18:24 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-04-04 09:27 - 2021-06-25 16:26 - 000000000 ____D C:\WINDOWS\Minidump
2024-04-03 19:25 - 2023-01-15 14:05 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{F7863B7E-BA40-4BCA-B7F3-83C4BA19A08B}
2024-04-03 19:25 - 2023-01-15 14:05 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{A72A6826-DA08-41D8-902C-1346C01792FA}
2024-04-02 22:57 - 2020-09-21 16:45 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\discord
2024-04-02 22:56 - 2020-09-21 16:45 - 000000000 ____D C:\Users\Geofish\AppData\Local\Discord
2024-04-02 22:05 - 2019-12-07 06:36 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\Microsoft\Excel
2024-04-02 12:18 - 2023-01-06 02:39 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-04-02 10:18 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-04-02 01:25 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-04-02 01:21 - 2023-12-13 11:07 - 000000000 ____D C:\WINDOWS\InboxApps
2024-04-02 01:21 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-04-02 01:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-04-02 01:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-04-02 01:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-03-31 00:55 - 2017-09-21 17:28 - 000000000 ___SD C:\Users\Geofish\AppData\Roaming\Microsoft\Credentials
2024-03-30 08:34 - 2023-11-16 03:53 - 000000000 ____D C:\Program Files\Windscribe
2024-03-29 21:59 - 2023-10-12 02:14 - 000000000 ____D C:\ProgramData\ValhallaVintageVerbPreferences
2024-03-29 21:59 - 2021-05-11 15:10 - 000000000 ____D C:\ProgramData\ValhallaVintageVerb
2024-03-29 11:49 - 2019-12-06 18:06 - 000000000 ____D C:\Users\Geofish\AppData\Local\Packages
2024-03-28 23:06 - 2017-09-21 17:30 - 000000000 ___RD C:\Users\Geofish\OneDrive
2024-03-28 22:35 - 2019-12-06 20:10 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2024-03-28 22:18 - 2020-01-27 01:50 - 000000000 ____D C:\ProgramData\FLEXnet
2024-03-18 13:01 - 2021-05-11 15:10 - 000000000 ____D C:\ProgramData\ValhallaShimmer
2024-03-16 22:06 - 2022-09-12 09:31 - 000000000 ____D C:\Users\Geofish\AppData\Roaming\com.adobe.dunamis
2024-03-16 16:53 - 2021-05-11 15:10 - 000000000 ____D C:\ProgramData\ValhallaPlate
2024-03-14 09:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-03-14 09:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-03-14 09:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-14 09:25 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2024-03-13 22:21 - 2021-05-11 15:18 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences
2024-03-13 22:21 - 2021-05-11 15:10 - 000000000 ____D C:\ProgramData\ValhallaRoom
 
==================== Files in the root of some directories ========
 
2024-03-28 21:36 - 2024-03-28 21:36 - 003211264 _____ (as) C:\ProgramData\HCFIIIJJKJ.exe
2019-12-12 01:00 - 2020-01-26 05:50 - 000000028 _____ () C:\Users\Geofish\AppData\Roaming\kulerdata.json
2020-04-11 18:42 - 2020-04-11 18:42 - 000045056 _____ () C:\Users\Geofish\AppData\Roaming\Web Data
2020-04-11 18:42 - 2020-04-11 18:42 - 000000000 _____ () C:\Users\Geofish\AppData\Roaming\Web Data-journal
2020-01-31 16:33 - 2023-09-04 20:18 - 000008192 _____ () C:\Users\Geofish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2022-11-02 21:59 - 2022-11-02 21:59 - 000000000 _____ () C:\Users\Geofish\AppData\Local\oobelibMkey.log
2019-12-31 01:42 - 2023-10-11 02:26 - 000007605 _____ () C:\Users\Geofish\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by Geofish (11-04-2024 23:41:17)
Running from D:\Downloads
Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) (2021-03-12 13:58:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1286322575-3200454710-2639170948-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1286322575-3200454710-2639170948-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1286322575-3200454710-2639170948-1000 - Limited - Enabled) => C:\Users\defaultuser0
Gast (S-1-5-21-1286322575-3200454710-2639170948-501 - Limited - Disabled)
Geofish (S-1-5-21-1286322575-3200454710-2639170948-1001 - Administrator - Enabled) => C:\Users\Geofish
WDAGUtilityAccount (S-1-5-21-1286322575-3200454710-2639170948-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
A1TriggerGate version 1.4 (HKLM-x32\...\{B069846D-66D2-4A30-BB1C-0ADAA50E89DB}_is1) (Version: 1.4 - Alex Hilton / A1AUDIO.DE)
Ableton Live 11 Suite (HKLM\...\{7A330287-7165-47F2-B54D-C875E51DE1FB}) (Version: 11.0.0.0 - Ableton) Hidden
Ableton Live 11 Suite (HKLM-x32\...\{1debf041-c42f-4aca-839d-550648c00239}) (Version: 11.0.0.0 - Ableton)
Ableton Push Driver v5.50.0 (HKLM\...\{8CE98F88-3F07-4338-A036-B66414F3FD66}) (Version: 5.50.0 - Ableton) Hidden
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3028 - Acer Incorporated)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 24.001.20643 - Adobe)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.11.0.522.1 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Illustrator 2019 (HKLM-x32\...\ILST_23_1) (Version: 23.1 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Analog Lab V 5.8.0 (HKLM-x32\...\Analog Lab V_is1) (Version: 5.8.0 - Arturia)
ARIA Engine v1.9.7.3 (HKLM\...\ARIA Engine_is1) (Version: v1.9.7.3 - Plogue Art et Technologie, Inc)
Arturia Pigments (HKLM\...\Pigments_is1) (Version: 3.0.0.1375 - Arturia & Team V.R)
Arturia Software Center 2.7.1 (HKLM-x32\...\Arturia Software Center_is1) (Version: 2.7.1 - Arturia)
Arturia USB MIDI Driver v1.3.0 (HKLM-x32\...\Software_Arturia_arturiausbmidi_Setup) (Version: 1.3.0 - Arturia)
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
AutoCAD 2023 Shared (HKLM\...\{28B89EEF-6101-0000-4102-CF3F3A09B77D}) (Version: 24.2.161.0 - Autodesk) Hidden
AutoCAD 2023 Shared Language Pack - English (HKLM\...\{28B89EEF-6101-0409-5102-CF3F3A09B77D}) (Version: 24.2.153.0 - Autodesk) Hidden
Autodesk AutoCAD 2023 - English (HKLM\...\{73A78CE1-E03A-3415-826E-91A699E39B17}) (Version: 24.2.53.0 - Autodesk, Inc.)
Autodesk Identity Manager (HKLM\...\Autodesk Identity Manager) (Version: 1.10.4.0 - Autodesk)
Autodesk Interoperability Engine Manager (HKLM\...\{C4EFAB73-D98A-3676-A3F8-142FC78E0EF3}) (Version: 1.0.0.11 - Autodesk.com) Hidden
Autodesk Inventor Interoperability 2023 (HKLM\...\{E2B54F9E-FF26-47AE-9AE1-D7AFBC32DE0C}) (Version: 27.0.13400.0000 - Autodesk) Hidden
Autodesk Material Library 2023 (HKLM-x32\...\{8E133591-B0FD-4DB0-B60E-FB593CAF72B0}) (Version: 21.0.1.1 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2023 (HKLM-x32\...\{3B564A94-BA47-4E42-ACD6-B5C35291210B}) (Version: 21.0.1.1 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.16.2.0 - Autodesk, Inc.)
AutoHotkey 1.1.32.00 (HKLM\...\AutoHotkey) (Version: 1.1.32.00 - Lexikos)
Backmask version 1.0 (HKLM\...\{8A6411FB-7E85-4B61-9624-C624C89B9A07}_is1) (Version: 1.0 - Freakshow Industries)
BIG-IP Edge Client (HKLM-x32\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 72.23.0718.0858 - F5 Networks, Inc.)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 72.2023.0718.0858 - F5 Networks, Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 27.0.1.266 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 123.1.64.122 - Brave Software Inc)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.74.1085 - AB Team, d.o.o.)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
Cardinal version 22.10 (HKLM\...\Cardinal_is1) (Version: 22.10 - DISTRHO)
Chrome Remote Desktop Host (HKLM-x32\...\{B3DF9767-C635-4558-A655-D586070E2CE3}) (Version: 124.0.6367.18 - Google LLC)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.1001 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\Discord) (Version: 0.0.311 - Discord Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.)
DumpsterFire version 1.01 (HKLM\...\{B2F19491-19F8-4116-966F-06B581001600}}_is1) (Version: 1.01 - Freakshow Industries)
Efx REFRACT 1.0.0 (HKLM-x32\...\Efx REFRACT_is1) (Version: 1.0.0 - Arturia)
ELAN FingerPrint (HKLM\...\ElanFP) (Version: 1.6.10.1102 - ELAN Microelectronic Corp.)
ELAN HIDI2C Filter Driver X64 13.6.7.2_WHQL (HKLM\...\Elantech) (Version: 13.6.7.2 - ELAN Microelectronic Corp.)
Electric Sheep 3.0.2 (HKLM-x32\...\Electric Sheep) (Version: 3.0.2 - Electricsheep)
Electric Sheep HD version 20200622 (HKLM-x32\...\{4914324E-3650-433D-8127-3D98A5DA489D}_is1) (Version: 20200622 - Electric Sheep HD)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Eventide Ensemble Bundle (HKLM\...\Eventide Ensemble Bundle_is1) (Version: 2.14.4 - Eventide)
Exponential Audio Excalibur (HKLM\...\Excalibur_is1) (Version: 5.0.0 - Exponential Audio)
Exponential Audio PhoenixVerb (HKLM\...\PhoenixVerb_is1) (Version: 6.0.1 - Exponential Audio)
FabFilter Total Bundle (HKLM\...\FabFilter Total Bundle_is1) (Version: 2019.03.13 - FabFilter)
Focusrite Audio Drivers 4.119.13.33 (HKLM\...\Focusrite Audio Drivers_is1) (Version: 4.119.13.33 - Focusrite Audio Engineering, Ltd.)
Focusrite Control 3.17.0.179 (HKLM\...\Focusrite Control_is1) (Version: 3.17.0.179 - Focusrite Audio Engineering Ltd.)
Fraqtive 0.4.8 (64-bit) (HKLM\...\Fraqtive) (Version: 0.4.8 - Michał Męciński)
Geeks3D FurMark 1.21.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.31.0.0 - COGNOSPHERE PTE. LTD.)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 123.0.6312.122 - Google LLC)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Infected Mushroom - Gatekeeper version 1.2 (HKLM\...\{B6807461-431E-433F-9D7F-9D38A96ADA7C}_is1) (Version: 1.2 - Polyverse Music, Inc.)
Infected Mushroom - I Wish version 1.01 (HKLM\...\{25772CF9-4EEE-4D1A-9FE7-29A4B91B3422}_is1) (Version: 1.01 - Polyverse Music, Inc.)
IrfanView 4.66 (64-bit) (HKLM\...\IrfanView64) (Version: 4.66 - Irfan Skiljan)
iZotope Nectar 3 Elements (HKLM\...\Nectar 3 Elements) (Version: 3.8.0 - iZotope, Inc.)
iZotope Ozone 9 (HKLM\...\Ozone 9_is1) (Version: 9.1.0 - iZotope)
iZotope Stutter Edit (HKLM\...\Stutter Edit_is1) (Version: 1.0.5c - iZotope)
iZotope Trash 2 (HKLM\...\Trash 2_is1) (Version: 2.0.5d - iZotope)
JACK2 version v1.9.17 (HKLM\...\JACK2_is1) (Version: v1.9.17 - jackaudio.org)
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 7.5.2.2 (HKLM\...\{B722792A-A194-4906-97A9-58CA688304E8}) (Version: 7.5.2.2 - The Document Foundation)
Limbo v3.0.0.1a (12082) (HKLM-x32\...\{8E776FF8-LIMB-432B-BD2A-OBSCURE151A9}_is1) (Version:  - Playdead)
Little Nightmares II - Enhanced Edition (HKLM-x32\...\{10FF8C5E-3590-4DD5-99C8-5B1B5E90698F}_dixen18_is1) (Version:  - dixen18)
Logitech Options (HKLM\...\LogiOptions) (Version: 10.10.58 - Logitech)
Malwarebytes version 4.6.11.320 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.11.320 - Malwarebytes)
Mario Kart 8 Deluxe (HKLM-x32\...\Mario Kart 8 Deluxe_is1) (Version:  - )
Mario Party Superstars (HKLM-x32\...\Mario Party Superstars_is1) (Version:  - )
MeldaProduction Audio Plugins 14 (HKLM-x32\...\MeldaProduction Audio Plugins 14) (Version:  - MeldaProduction)
Melodics version 3.1.1856.0 (HKLM\...\Melodics_is1) (Version: 3.1.1856.0 - )
Mendeley Desktop 1.19.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.19.4 - Mendeley Ltd.)
Microsoft .NET Core Host - 3.1.10 (x64) (HKLM\...\{52B42932-15C1-45D4-8904-FC3117EEE69B}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.10 (x64) (HKLM\...\{752B4412-A129-4CB2-AD96-B6D97EAD3090}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM\...\{396D7BC8-E3C8-4B3E-8C60-D50D94FDF09D}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM-x32\...\{4714dd0a-ebab-4f59-a708-f8d7a793b3f5}) (Version: 3.1.10.29419 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17425.20146 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 - Shared Framework (HKLM-x32\...\{6efe3294-03d8-4977-9c67-9f57ab075130}) (Version: 3.1.10.20520 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 Shared Framework (x64) (HKLM\...\{7BEAA207-E3EB-3948-BBB3-336B04D8A2F1}) (Version: 3.1.10.20520 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{b3c7f59f-dc40-4be9-829c-77dd292978ea}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support (HKLM\...\{10AB056B-1B8C-3E9E-95CC-43C33EB88513}) (Version: 15.0.26717 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support (HKLM-x32\...\{AB46A6EF-12D2-3146-A38D-1D6FF1AFFF69}) (Version: 15.0.26717 - Microsoft Corporation) Hidden
MIDI Control Center 1.17.2 (HKLM\...\MIDI Control Center_is1) (Version: 1.17.2 - Arturia)
MiKTeX 2.9 (HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MISHBY version 1.01 (HKLM\...\{8437C1FD-5B4B-4DE9-90B5-0AB18C2FD0A0}}_is1) (Version: 1.01 - Freakshow Industries)
MOTU M Series (HKLM\...\com_motu_installer_core_uac_is1) (Version: 4.0.9.2368 - MOTU, Inc.)
Mp3tag v3.11 (HKLM-x32\...\Mp3tag) (Version: 3.11 - Florian Heidenreich)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
Native Instruments Guitar Rig 7 (HKLM-x32\...\Native Instruments Guitar Rig 7) (Version: 7.0.1.0 - Native Instruments)
NetLimiter (HKLM\...\{62394CDE-18AB-492D-B110-6D26DF85D767}) (Version: 5.3.8.0 - Locktime Software) Hidden
NetLimiter (HKLM-x32\...\NetLimiter 5.3.8.0) (Version: 5.3.8.0 - Locktime Software)
NoteBook FanControl (HKLM-x32\...\{6ccab7ac-feb0-4395-97e3-75cd6f6c407b}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare)
NoteBook FanControl (HKLM-x32\...\{C027E819-C64C-443E-B6D5-755FE4A7A925}) (Version: 1.6.3.0 - Stefan Hirschmann - StagWare) Hidden
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6.2 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 546.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{01421942-1A1E-4035-B183-DD9BCA94E339}) (Version: 5.7.0.4246 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{01421942-1A1E-4035-B183-DD9BCA94E339}) (Version: 5.7.0.4246 - PACE Anti-Piracy, Inc.)
PaulXStretch version 1.6.0 (HKLM\...\PaulXStretch_is1) (Version: 1.6.0 - )
Plogue AlterEgo v1.573 (HKLM\...\__ARIA_1019___is1) (Version: v1.573 - Plogue)
Pocket Dimension version 1.0 (HKLM\...\{C2288D66-1B82-468A-95E6-06D400AF3FD2}}_is1) (Version: 1.0 - Freakshow Industries)
Polyspace R2019b (HKLM\...\Polyspace R2019b) (Version: 3.1 - MathWorks)
Polyverse Music Gatekeeper (HKLM\...\Gatekeeper_is1) (Version: 1.2.0 - Polyverse Music)
Polyverse Music Manipulator (HKLM\...\Manipulator_is1) (Version: 1.0.1 - Polyverse Music)
Portal version 1.0.1 (HKLM\...\Portal_is1) (Version: 1.0.1 - Output)
Product Portal (HKLM-x32\...\Product Portal) (Version:  - iZotope, Inc.)
RAPID Mode (HKLM\...\{431CA680-1FEF-46E2-9634-C0F3E85B56E0}) (Version: 1.0.1.105 - Samsung Electronics Co., Ltd.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8295 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.0.0.100 - Samsung Electronics)
ShaperBox v2.1.0 (HKLM\...\ShaperBox 2_is1) (Version: 2.1.0 - CableGuys & Team V.R)
Signal 6.6.0 (HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.6.0 - Signal Messenger, LLC)
Slate Digital Fresh Air (HKLM\...\{af2fe7e8-08f8-4c81-b875-ec4c7a97a204}Slate Digi~4955043A_is1) (Version: 1.0.8 - Slate Digital)
Sonic Academy KICK 2 (HKLM\...\KICK 2_is1) (Version: 1.1.1 - Sonic Academy)
soothe2 audio processor version 1.3.1 (HKLM-x32\...\{8E8F4A61-FA08-4CAB-8F5A-AF25CEE4F3FE}_is1) (Version: 1.3.1 - oeksound)
SPC Gear GK550 Omnis Kailh RGB (HKLM-x32\...\{12F382E1-63D4-4B94-BD32-5F845E74FC79}) (Version: 1.00 - COOLING.PL Zdziech Spolka Jawna)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synapse Audio DUNE 3 (HKLM\...\DUNE 3_is1) (Version: 3.2.0.5 - Synapse Audio)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.52.4 - TeamViewer)
Thermo Scientific TM Avizo Software 2019.1 (HKLM\...\Avizo Software 2019.1_is1) (Version: 2019.1. - )
Unfiltered Audio Plugins Bundle (HKLM\...\Unfiltered Audio Plugins Bundle_is1) (Version: 2022.3 - Unfiltered Audio & Team V.R)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
US - Custom - Custom (HKLM\...\{E2280A27-9AD8-45F3-866A-14318CEE3A19}) (Version: 1.0.3.40 - Company)
Valhalla DSP bundle 2021.4 (HKLM\...\ValhallaDSP bundle_is1) (Version: 2021.4 - Valhalla DSP, LLC & Team V.R)
VCV Rack (HKLM\...\VCV Rack) (Version: 1.1.6 - VCV)
Vital version 1.5.5 (HKLM\...\Vital_is1) (Version: 1.5.5 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Voltage Modular (HKLM\...\Voltage Modular) (Version: 1.3.16 - Cherry Audio)
Voxengo PHA-979 (HKLM\...\Voxengo PHA-979_is1) (Version: 2.9 - Voxengo)
Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 3.10 - Voxengo)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Waves Central (HKLM\...\{ab507e17-892b-5203-838d-d58d8d09c50f}) (Version: 11.0.58 - Waves Audio Ltd)
Waves SoundGrid Drivers 9.7.99.1159 (HKLM\...\Waves SoundGrid Drivers_is1) (Version:  - Waves Audio Ltd.)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windscribe (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.7.14 - Windscribe Limited)
Yuzu EA (HKLM-x32\...\Yuzu EA_is1) (Version:  - )
Zebralette3 0.0.1 (HKLM\...\Zebralette3_is1) (Version:  - )
Zoom (HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom Video Communications, Inc.)
Zynaptiq INTENSITY (HKLM\...\INTENSITY_is1) (Version: 1.2.0 - Zynaptiq)
 
Packages:
=========
 
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-04-11] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2024-03-14] ()
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2024-04-11] (Adobe Systems Incorporated)
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.965.0_x64__56jybvy8sckqj [2024-04-11] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2024-04-11] (Microsoft Corporation)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2413.1.0_x64__cv1g1gvanyjgm [2024-04-11] (WhatsApp Inc.) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{169B5B8E-E315-41C7-9574-66FC7E530D10}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Geofish\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 -> C:\Users\Geofish\AppData\Local\Microsoft\EdgeUpdate\1.3.169.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2023\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\Geofish\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Geofish\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2023\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Common Files\Autodesk Shared\Inventor Interoperability 2023\Bin\TestServer.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2022-02-01] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2022-02-01] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2021-10-29] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2021-10-29] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2021-10-29] (Florian Heidenreich) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.055.0317.0002\FileSyncShell64.dll [2024-04-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_f1d1d01ad984f535\igfxDTCM.dll [2017-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_e96375d8421bb873\nvshext.dll [2024-01-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-08-10] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-03-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-10-16 15:14 - 2019-10-16 15:14 - 000007168 _____ (Company) [File not signed] C:\WINDOWS\system32\Layout02.dll
2024-04-11 00:37 - 2024-04-11 00:37 - 003707904 _____ (NLog) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\NLog\66a1706aa68434db800510e8d136fa98\NLog.ni.dll
2019-01-24 11:36 - 2017-11-14 15:47 - 000065536 _____ (OpenLibSys.org) [File not signed] D:\ThrottleStop_8.70.6\WinRing0.dll
2024-04-02 16:41 - 2024-04-02 16:41 - 000016896 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.BiosInfo\bdb46c9765f04889c5820a3394966e24\StagWare.BiosInfo.ni.dll
2024-04-11 00:38 - 2024-04-11 00:38 - 000039424 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.Fa1fc2d056#\36e17a7b3de2e3b99067e49f7182956a\StagWare.FanControl.Service.ni.dll
2024-04-11 00:37 - 2024-04-11 00:37 - 000209408 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.Fafc31ac88#\d344d8841ce1e314dce46e15823b1abb\StagWare.FanControl.Configurations.ni.dll
2024-04-11 00:37 - 2024-04-11 00:37 - 000146944 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.FanControl\f62e48b77cc4cfca328fe478b3fa8077\StagWare.FanControl.ni.dll
2024-04-11 00:38 - 2024-04-11 00:38 - 000039936 _____ (StagWare) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\StagWare.Settings\108d76ad409cdc7264c993ff90093d35\StagWare.Settings.ni.dll
2024-04-11 00:37 - 2024-04-11 00:37 - 000141312 _____ (Tatham Oddie) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\System.IO.A6c43dedd#\60f900d1436a6c96612270f95aedfabf\System.IO.Abstractions.ni.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\AEBKKECBGIIJJKECGIJECGDHIE:shield [88]
AlternateDataStreams: C:\ProgramData\AEGIJKEHCAKFCAKFHDAAAAECFC:shield [88]
AlternateDataStreams: C:\ProgramData\AEHDAKFIJJKKEBGDBAAKKJJKEH:shield [88]
AlternateDataStreams: C:\ProgramData\AKFCFBAAEHCFHJJKEHJKJDHJDG:shield [88]
AlternateDataStreams: C:\ProgramData\AKJDGDGDHDGDBFIDHDBAFHCAAA:shield [88]
AlternateDataStreams: C:\ProgramData\AKJDGIEHCAEHIEBFBKKKKFIDBK:shield [88]
AlternateDataStreams: C:\ProgramData\AKJKFBAFIDAEBFHJKJEBFCBFHD:shield [88]
AlternateDataStreams: C:\ProgramData\BAAAAKJKJEBGHJKFHIDGCFCBAK:shield [152]
AlternateDataStreams: C:\ProgramData\BAECFCAAECBGDGDHIEHJEBAAFI:shield [88]
AlternateDataStreams: C:\ProgramData\BFBGHDGCFHIDBGDGIIIEHIJDAF:shield [88]
AlternateDataStreams: C:\ProgramData\BGCAAFHIEBKJKEBFIEHDGDAEBK:shield [88]
AlternateDataStreams: C:\ProgramData\BGDAAKJJDAAKFHJKJKFCAEHDAF:shield [88]
AlternateDataStreams: C:\ProgramData\BGDAKEHIIDGDAAKECBFBKKFCGH:shield [88]
AlternateDataStreams: C:\ProgramData\BGIJJKKJJDAAAAAKFHJJDGDAFB:shield [88]
AlternateDataStreams: C:\ProgramData\CAAAAFBKFIECAAKECGCAAKJECB:shield [88]
AlternateDataStreams: C:\ProgramData\CAAAFCAKKKFBFIDGDBFHJJEHID:shield [88]
AlternateDataStreams: C:\ProgramData\CAEGHIJEHJDHIDHIDAEHCGDHJJ:shield [88]
AlternateDataStreams: C:\ProgramData\CAEHCFCBKKJDGCAKFCFIIIECGC:shield [88]
AlternateDataStreams: C:\ProgramData\CAFBGHIDBGHJJKFHJDHCBKJDGC:shield [88]
AlternateDataStreams: C:\ProgramData\CAFIEBKKJJDAKFHIDBFHJDBFBA:shield [88]
AlternateDataStreams: C:\ProgramData\CFCGIIEHIEGDGDGCAEBGDAKFCB:shield [88]
AlternateDataStreams: C:\ProgramData\CGCFCFBKFCFCBGDGIEGHJDAFHJ:shield [88]
AlternateDataStreams: C:\ProgramData\DAEGIDHDHIDGIEBGIJEHIJKFII:shield [88]
AlternateDataStreams: C:\ProgramData\DAKJDHIEBFIIDGDGDBAEGCGDAE:shield [88]
AlternateDataStreams: C:\ProgramData\DBAAFIDGDAAAAAAAAKEBFHDBGH:shield [88]
AlternateDataStreams: C:\ProgramData\DBFHDHJKKJDHJJJJKEGHIDGDHD:shield [88]
AlternateDataStreams: C:\ProgramData\DBKEHDGDGHCBGCAKFIIIECFIIJ:shield [88]
AlternateDataStreams: C:\ProgramData\DHDAKFCGIJKJKFHIDHIIIEBGCB:shield [88]
AlternateDataStreams: C:\ProgramData\EBAKEBAECGCBAAAAAEBAFBGIDH:shield [88]
AlternateDataStreams: C:\ProgramData\EBGCFBGCBFHJECBGDAKKJDGHII:shield [88]
AlternateDataStreams: C:\ProgramData\ECBGHCGCBKFIECBFHIDGHDGIEG:shield [88]
AlternateDataStreams: C:\ProgramData\EHDAAECAEBKJKFHJKECFIJJDAE:shield [88]
AlternateDataStreams: C:\ProgramData\EHIJJDGDHDGDAKFIECFIJEGDHI:shield [160]
AlternateDataStreams: C:\ProgramData\FBFHDBKJEGHJJJKFIIJEBGIJKK:shield [88]
AlternateDataStreams: C:\ProgramData\FCAAEHJDBKJJKFHJEBKFBGDAAE:shield [222]
AlternateDataStreams: C:\ProgramData\FCFBFHIEBKJKFHIEBFBAEGHJDB:shield [88]
AlternateDataStreams: C:\ProgramData\FCFIEHCFIECBGCBFHIJJKEGHIE:shield [88]
AlternateDataStreams: C:\ProgramData\FHIDAKFIJJKJJJKEBKJEHCBGDA:shield [88]
AlternateDataStreams: C:\ProgramData\FHIDBKFCAAEBFIDHDBAECFIEGC:shield [88]
AlternateDataStreams: C:\ProgramData\FIIECFHDBAAECAAKFHDHIIJKFH:shield [88]
AlternateDataStreams: C:\ProgramData\GCAFCAFHJJDBFIECFBKECFHDGI:shield [88]
AlternateDataStreams: C:\ProgramData\GCBKECAKFBGCAKECGIEHDGHCBA:shield [88]
AlternateDataStreams: C:\ProgramData\GIIEGHIDBGHIECAAECGDAEHDHJ:shield [88]
AlternateDataStreams: C:\ProgramData\HCBAKJEHDBGHIEBGCGDGHCAKEB:shield [88]
AlternateDataStreams: C:\ProgramData\HDGCAAFBFBKFIDGDHJDBKECFBA:shield [88]
AlternateDataStreams: C:\ProgramData\HDGCFHIDAKECFHIEBFCGIJDBKJ:shield [88]
AlternateDataStreams: C:\ProgramData\HJDGCGDBGCAAEBFIECGHDGCAAE:shield [88]
AlternateDataStreams: C:\ProgramData\HJJEGIEHIJKKFIDHDGIDAKECFH:shield [88]
AlternateDataStreams: C:\ProgramData\HJKECAAAFHJECAAAEBFCAEBFHC:shield [88]
AlternateDataStreams: C:\ProgramData\IEBFIEBAFCBAAAAKJKJEBGHJKF:shield [290]
AlternateDataStreams: C:\ProgramData\IEGCBFHJDHJJKFIDBGIJJEGDBF:shield [88]
AlternateDataStreams: C:\ProgramData\IJKFCFHJDBKKFHIEHIDGCFCAEB:shield [88]
AlternateDataStreams: C:\ProgramData\IJKKEHJDHJKFIECAAKFIJJKJKF:shield [88]
AlternateDataStreams: C:\ProgramData\JDAEHJJECAEGCAAAAEGIEBKEBK:shield [88]
AlternateDataStreams: C:\ProgramData\JDAKJJDBGCAKKFHIJEGHCGHJKJ:shield [88]
AlternateDataStreams: C:\ProgramData\JDGIECGIEBKJJJJKEGHJJJKEBA:shield [88]
AlternateDataStreams: C:\ProgramData\JEHJKJEBGHJJKEBGIECAAFIJKJ:shield [88]
AlternateDataStreams: C:\ProgramData\JJDGCGHCGHCBFHJJKKJEHJEHJE:shield [88]
AlternateDataStreams: C:\ProgramData\JKJECBAAAFHIIEBFCBKFIDGDHI:shield [88]
AlternateDataStreams: C:\ProgramData\KFCFBAAEHCFHJJKEHJKJDHJDGI:shield [88]
AlternateDataStreams: C:\ProgramData\KFCFBFHIEBKJKFHIEBFBAEGHJD:shield [88]
AlternateDataStreams: C:\ProgramData\KFHJJDHJEGHJKECBGCFHDBFIEG:shield [88]
AlternateDataStreams: C:\ProgramData\KJDGDBFBGIDGIEBGHCGIECGIEC:shield [88]
AlternateDataStreams: C:\ProgramData\KJECFHCBKKEBAKFIJDHIJDAKKE:shield [88]
AlternateDataStreams: C:\ProgramData\KKEBKJJDGHCBGCAAKEHDBAEGHD:shield [88]
AlternateDataStreams: C:\ProgramData\KKFHJJDHJEGHJKECBGCFHDBFIE:shield [88]
AlternateDataStreams: C:\Users\Geofish\Anwendungsdaten:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Geofish\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Geofish\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-03-31] (Adobe Inc. -> Adobe Systems Incorporated)
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\WINDOWS\TEMP\F5_TMP_127238110359128124200\urxvpn.cab
DPF: HKLM-x32 {2c8ffa64-e3f7-49ae-87c2-49018fde3aea} file://C:/Program Files (x86)/F5 VPN/F5_TMP/OesisInspector.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\WINDOWS\TEMP\F5_TMP_133113471183037256\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab 
DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\WINDOWS\TEMP\F5_TMP_15616214316220722720174\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\sharepoint.com -> hxxps://univie-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\univie.ac.at -> hxxps://vpn.univie.ac.at
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2023-10-18 17:43 - 2024-03-30 08:34 - 000000984 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 nuedge.net
127.0.0.1 *.nuedge.net
127.0.0.1 173.231.151.131
127.0.0.1 *.nuedge.net
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1286322575-3200454710-2639170948-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Geofish\Desktop\other\hubble-deep-field-space-galaxy-multiple-display-wallpaper-390612963b6abf2ae0fb228a08e76563.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
Windows Firewall is enabled.
 
Network Binding:
=============
Local Area Connection 3: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled) 
Wi-Fi: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled) 
Bluetooth Network Connection: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled) 
Local Area Connection 2: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled) 
Ethernet: Waves SoundGrid Protocol -> SoundGridProtocolDevice (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Wondershare PEToolbox.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Wondershare PEScreenshot.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Ableton Push Control Panel Autostart.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SamsungRapidApp"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Focusrite Notifier"
HKLM\...\StartupApproved\Run: => "SGDawNodeService"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Autodesk Access"
HKLM\...\StartupApproved\Run: => "BraveVpnWireguardService"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "F5_SAM_Client"
HKLM\...\StartupApproved\Run32: => "Launch 0 FwCustom"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SGDawNodeService"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\StartupFolder: => "Wondershare PEToolbox.lnk"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\StartupFolder: => "Wondershare PEScreenshot.lnk"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "org.whispersystems.signal-desktop"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_91B466CF2D4E0A458C8E1CFE779BAC5A"
HKU\S-1-5-21-1286322575-3200454710-2639170948-1001\...\StartupApproved\Run: => "NetLimiter"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{A3B6D6D1-75F2-4B18-BE3D-8291A727E762}C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe] => (Allow) C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe => No File
FirewallRules: [TCP Query User{9C16438B-636C-46F3-BDB6-DACF9BDE3E76}C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe] => (Allow) C:\programdata\ableton\live 10 suite\program\ableton live 10 suite.exe => No File
FirewallRules: [UDP Query User{A9DD1F4F-AE0B-4DB0-9976-EEF0DF9E3554}C:\program files\vcv\rack\rack.exe] => (Allow) C:\program files\vcv\rack\rack.exe () [File not signed]
FirewallRules: [TCP Query User{326E485B-1D41-4531-A685-7B5F3CC8555A}C:\program files\vcv\rack\rack.exe] => (Allow) C:\program files\vcv\rack\rack.exe () [File not signed]
FirewallRules: [UDP Query User{FAAD963F-DAE4-41DF-8749-DC6F8298E0BF}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{7F948142-D94F-4C93-9241-B30C1FB48AA1}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [{572BF5D5-241C-447A-AC50-2BB4CDA236C8}] => (Allow) C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe (Waves Inc -> Waves Audio Ltd.)
FirewallRules: [{0C489352-8883-44DF-A01E-FF9919291233}] => (Allow) C:\Program Files (x86)\Waves\SuperRack\SuperRack SoundGrid.exe (Waves Inc -> )
FirewallRules: [{8E266507-FC21-4939-A47B-BEB01829B094}] => (Allow) C:\Program Files (x86)\Waves\eMotion LV1\eMotion LV1.exe (Waves Inc -> )
FirewallRules: [{36D060D3-3369-418C-A54E-88C4205C9A6E}] => (Allow) C:\ProgramData\Waves Audio\MyMon\MyMonService.bundle\Contents\Win64\MyMonControlPanel.exe (Waves Inc -> )
FirewallRules: [{F3BE165E-DF79-4231-A7FC-275D1CE8D61D}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{17EB24C4-64A6-4E00-BEAC-0934B81BA86A}] => (Allow) C:\Users\Geofish\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{25922AA5-E2C8-409B-BF66-E03297871AE0}] => (Allow) C:\Users\Geofish\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{341BF92F-9BDC-41C9-83FB-86E3C11271E0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{A5250DCC-6619-44E4-AB04-4613B3030671}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{E7E8ABC8-70EC-4FD8-B361-4C3EF2A2B476}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CFC190CB-07CC-41B6-89BD-F601A8853C95}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{15A99D09-A1F5-493D-B83C-63DCB310F647}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{249AE5CC-BC9F-4C37-BD6C-19273E53319E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{78E2D149-8D8C-4DF0-A9E2-29E01ACCEAFB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0076790E-7824-424F-97D4-9D3901F9CCC3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6AE2DC3E-6046-46A9-AA2E-07EDA8AE7269}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0C57E7EC-7D00-43A6-BEE6-751A65EAC21C}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{34BE7815-E768-4BFC-ABF6-D36586EE78AC}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{87197D24-812C-4377-B2B6-87629AAFDC2D}] => (Allow) C:\Users\Geofish\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6CCD41DC-4522-49C5-B12E-6D56718679BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6B986615-8CDB-4E6A-8643-66AE7349689E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{2D898AFF-6153-4108-94AD-499976A7EF7F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{04C90045-9468-4141-8F6C-C70DFEB7A5EF}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{82A704F3-CDEC-422E-B592-5C55A6215EE9}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{0CB652FF-A9D2-4A51-8103-AAD7B15B84FE}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [{F21A8A67-3A27-4ECC-8A1C-30AEBB04EAA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8EB0ED82-6CCA-4910-B72C-B57104E070F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39C636A0-C568-4BC1-A0DA-5789650FFC2C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A15AA74E-324E-4A08-830C-B8B232F6E021}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{35100830-DD21-47FF-AAE7-9FCCC7976175}D:\games\diablo\diablo iv - server slam\diablo iv.exe] => (Allow) D:\games\diablo\diablo iv - server slam\diablo iv.exe => No File
FirewallRules: [UDP Query User{EFEC5513-87AD-4BFC-9961-CFFFF977D8B3}D:\games\diablo\diablo iv - server slam\diablo iv.exe] => (Allow) D:\games\diablo\diablo iv - server slam\diablo iv.exe => No File
FirewallRules: [TCP Query User{D2AB9E25-A75C-4150-A5BC-35544FB67FD3}D:\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\games\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{8CE6A3B0-598C-4228-A450-DE1CFCA8F05A}D:\games\overwatch\_retail_\overwatch.exe] => (Allow) D:\games\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{9DAF04F8-CD9D-495C-B670-B86B58E767DF}C:\users\geofish\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\geofish\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{A7245D02-5302-4CC6-9087-D6A98F6218A1}C:\users\geofish\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\geofish\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{F7E46617-2ED8-4B8D-BE7D-134EB7A2D871}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{7FC5B055-50D9-4073-919E-453694E6FDA1}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [{86D7020E-303F-4314-BF25-4CBDE770DCAC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3FFF6516-209F-44CC-9FC8-AD82B21771F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{00E085BE-BCF1-4229-A5D8-8F6120FB6B0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{40F14B39-A8A7-4E95-92E3-449675CEE74C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C9321E2E-8C2D-4BCC-8CC5-C767142B62D3}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{340E8B81-F2C1-41A8-B69E-AC344524E368}C:\program files\avizo-2019.1\bin\arch-win64vc12-optimize\avizo.exe] => (Block) C:\program files\avizo-2019.1\bin\arch-win64vc12-optimize\avizo.exe (Thermo Fisher Scientific) [File not signed]
FirewallRules: [UDP Query User{AB21A934-7F79-41F6-A1F5-25CB531C1FC4}C:\program files\avizo-2019.1\bin\arch-win64vc12-optimize\avizo.exe] => (Block) C:\program files\avizo-2019.1\bin\arch-win64vc12-optimize\avizo.exe (Thermo Fisher Scientific) [File not signed]
FirewallRules: [TCP Query User{9163F28B-368D-4A16-AEAC-5EEA19161BFF}C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe] => (Block) C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [UDP Query User{C7EAE4CF-7CE8-431C-A177-03EB7E1830AB}C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe] => (Block) C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [{D0AA02B1-D5AE-45CB-B5BC-A8C842F2DC85}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7CA181FE-A171-49E6-938F-5211C9F11633}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{831DC122-35FC-4C04-8F0A-4722000169F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EB20FE7F-75A3-4044-AB3E-9C4E2108D5EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{078D925B-618E-47B9-95F6-5BEDBFAB7D5F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{71487A1A-5412-4941-B738-DE9FFE65A5C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{073C9EEA-21A6-4744-B384-2649EEC2E3E4}C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe] => (Allow) C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [UDP Query User{FBFA2F29-0801-41FA-A212-78D0CD38EC06}C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe] => (Allow) C:\programdata\ableton\live 11 suite\program\ableton live 11 suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [{CCFB41EB-2394-4C5F-9E24-7DC9F15D79F9}] => (Allow) C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe () [File not signed]
FirewallRules: [{1EF389FD-D106-406E-BF23-7304D38B8B6F}] => (Allow) LPort=1688
FirewallRules: [{C535BB12-A336-4906-B1ED-CF97FC80D656}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File
FirewallRules: [{8578A174-DC37-4E90-B166-F32A1FD75551}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe => No File
FirewallRules: [{FF0A8E5A-0166-41CE-ACAC-8E92FE6515BB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{49A1964E-86B8-47AF-807B-B617A11B2A80}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{20FF0F0C-DD10-44DE-B6CA-5663517CA3D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A4222FED-B145-40A0-8A8A-C9BA13FC0726}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F7EBCCBE-B982-4970-AA09-D8BC18025CCE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F7BB4820-09AB-4A67-B04B-0A80F61D6468}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3813CD0-5604-46D3-A726-01DE79730546}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\124.0.6367.18\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{1E68957A-204D-4FBF-A095-88602341B3F6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{15B7741C-DAD0-46AD-8732-A7F041E90E51}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{BC04B72A-4D61-497B-88DB-0D42CDB24087}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{1A9B8EE0-B65B-405C-A4AA-C6DD7E243697}D:\downloads\anydesk.exe] => (Allow) D:\downloads\anydesk.exe => No File
FirewallRules: [{4C94BC5E-1E45-4E22-937D-35F03D25D305}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5E362A87-AD9F-4D8A-999A-274580032BBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1CD70680-9CD4-4585-8E4F-95F5C405EF54}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A4A3463D-DCE3-40AC-A43E-7F954527755D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/11/2024 10:15:18 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (04/11/2024 07:00:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDFSSvc.exe, version: 2.9.85.231, time stamp: 0x63ebb1a4
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4291, time stamp: 0x9a786c8a
Exception code: 0x0eedfade
Fault offset: 0x0013fae2
Faulting process id: 0x19a8
Faulting application start time: 0x01da8c30d3835be5
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 327d5c4b-fa99-4f90-aa09-4bf919ba89dc
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/11/2024 06:55:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ParameterService.exe, version: 0.5.8.275, time stamp: 0x570c3d1c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4291, time stamp: 0xa956ff71
Exception code: 0xe0434352
Fault offset: 0x000000000002ab89
Faulting process id: 0x3404
Faulting application start time: 0x01da8c30fcbbc5e6
Faulting application path: C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: fdb00759-78f0-4e94-925c-85cbfcdb8cb8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/11/2024 06:55:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ParameterService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: ParameterFrameworkFacade.PfwException
   at ParameterFrameworkFacade.ParameterManager..ctor(System.String, System.Collections.Generic.IEnumerable`1<ParameterFrameworkFacade.CriterionDescription>, ParameterFrameworkFacade.ILogger)
   at ParameterServer.BackEnd.initInternal(ParameterServer.Config, IntelStateMonitor.IStateMonitorSetObserver)
 
Exception Info: ParameterServer.ServerException
   at CommandProcessing.CommandProcessor.ProcessSync(Command)
   at ParameterServer.Server..ctor(ParameterServer.Config)
   at ParameterService.ParameterService.startService()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (04/11/2024 06:53:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ParameterService.exe, version: 0.5.8.275, time stamp: 0x570c3d1c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4291, time stamp: 0xa956ff71
Exception code: 0xe0434352
Fault offset: 0x000000000002ab89
Faulting process id: 0x288c
Faulting application start time: 0x01da8c30d5105354
Faulting application path: C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 6a72ed7d-639a-496d-b8be-3aeb9a6c9525
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/11/2024 06:53:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ParameterService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: ParameterFrameworkFacade.PfwException
   at ParameterFrameworkFacade.ParameterManager..ctor(System.String, System.Collections.Generic.IEnumerable`1<ParameterFrameworkFacade.CriterionDescription>, ParameterFrameworkFacade.ILogger)
   at ParameterServer.BackEnd.initInternal(ParameterServer.Config, IntelStateMonitor.IStateMonitorSetObserver)
 
Exception Info: ParameterServer.ServerException
   at CommandProcessing.CommandProcessor.ProcessSync(Command)
   at ParameterServer.Server..ctor(ParameterServer.Config)
   at ParameterService.ParameterService.startService()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (04/11/2024 06:53:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ParameterService.exe, version: 0.5.8.275, time stamp: 0x570c3d1c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4291, time stamp: 0xa956ff71
Exception code: 0xe0434352
Fault offset: 0x000000000002ab89
Faulting process id: 0x111c
Faulting application start time: 0x01da8c30d2b85195
Faulting application path: C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 5495bf38-0567-4031-a2a9-208a54702a4c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/11/2024 06:53:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ParameterService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: ParameterFrameworkFacade.PfwException
   at ParameterFrameworkFacade.ParameterManager..ctor(System.String, System.Collections.Generic.IEnumerable`1<ParameterFrameworkFacade.CriterionDescription>, ParameterFrameworkFacade.ILogger)
   at ParameterServer.BackEnd.initInternal(ParameterServer.Config, IntelStateMonitor.IStateMonitorSetObserver)
 
Exception Info: ParameterServer.ServerException
   at CommandProcessing.CommandProcessor.ProcessSync(Command)
   at ParameterServer.Server..ctor(ParameterServer.Config)
   at ParameterService.ParameterService.startService()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
 
System errors:
=============
Error: (04/11/2024 10:15:22 PM) (Source: DCOM) (EventID: 10001) (User: ACER)
Description: Unable to start a DCOM Server: {C53A4F16-787E-42A4-B304-29EFFB4BF597} as Unavailable/Unavailable. The error:
"2147943660"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.22.10861.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe" -Embedding
 
Error: (04/11/2024 10:15:21 PM) (Source: DCOM) (EventID: 10001) (User: ACER)
Description: Unable to start a DCOM Server: {C53A4F16-787E-42A4-B304-29EFFB4BF597} as Unavailable/Unavailable. The error:
"2147943660"
Happened while starting this command:
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.22.10861.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe" -Embedding
 
Error: (04/11/2024 08:58:57 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/11/2024 08:41:53 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/11/2024 08:41:53 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/11/2024 08:41:53 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/11/2024 08:41:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (04/11/2024 08:41:52 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
Windows Defender:
================
Date: 2024-04-11 21:58:12
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
 
Date: 2024-04-11 21:58:11
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
 
Date: 2024-04-11 21:57:31
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
 
Date: 2024-04-11 21:57:20
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
 
Date: 2024-04-11 21:56:21
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.H!ml
Severity: Severe
Category: Trojan
Path: file:_D:\Downloads\КМSpicо_6482\КМSpicо\KMSpico.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: Unknown
Security intelligence Version: AV: 1.409.200.0, AS: 1.409.200.0, NIS: 1.409.200.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Event[0]:
 
Date: 2024-04-04 10:26:43
Description: 
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available. 
 
Date: 2024-04-04 10:26:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available. 
 
Date: 2024-04-04 10:24:00
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2024-04-04 09:37:21
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2024-04-02 10:20:11
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===============
Date: 2024-04-11 23:38:55
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2024-04-11 23:35:32
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2024-04-11 23:18:23
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. V1.11 08/01/2018
Motherboard: KBL Pluto_KLS
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 25%
Total physical RAM: 32654.22 MB
Available physical RAM: 24423.43 MB
Total Virtual: 38654.22 MB
Available Virtual: 28595.12 MB
 
==================== Drives ================================
 
Drive c: (ROOT - 250 GB) (Fixed) (Total:237.36 GB) (Free:19.24 GB) (Model: INTEL SSDPEKKW256G7) NTFS
Drive d: (INTERNAL - 500 GB) (Fixed) (Total:419.17 GB) (Free:108.49 GB) (Model: Samsung SSD 860 EVO 500GB) NTFS
Drive f: (EXTERNAL - 4 TB) (Fixed) (Total:3725.9 GB) (Free:1701.68 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS
 
\\?\Volume{07e8c6ac-b578-4b11-8430-cdc61827203b}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.32 GB) NTFS
\\?\Volume{87b0e4a1-6e23-4bff-ac55-c99b7b85f353}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: F6DAF595)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 39AC8114)
 
Partition: GPT.
 
==================== End of Addition.txt =======================


#3 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 11 April 2024 - 10:59 PM

Welcome  :)
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary.  :)

Let's begin... 

This Fix will empty the following folders:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

  • Download the enclosed file  Attached File  Fixlist.txt   50.32KB   6 downloads
  • Save it in the same location FRST64.exe is saved 
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. If too long, use an online service such as www.wetransfer.com.

 

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#4 geofish

geofish
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 12 April 2024 - 05:57 AM

Hello and thank you for your assistance.
Strangely, Windows defender was blocking FRST this time. It is strange because i ran FRST last night  to produce the logs without Defender flagging it. I immediately made the post and went directly to sleep and also put my laptop to sleep. When i woke up today i saw your reply and tried to run FRST after downloading your fixlist and Defender was blocking it all of a sudden, even though I didn't change anything since last night. Anyway, I temporarily disabled real time protection in Defender settings to run your fix (hope this was the right decision). The fix ran and I attached the fixlog obtained after restarting the system. 

When running Dr. Web CureIt! Windows defender blocked the lsass.exe process associated with the following file: C:\Users\Geofish\AppData\Local\Temp\8000161C-2D4A2BD-4B03FAC7-6DCD4D22\xVJnHpRQWqHa.exe
I just ignored this for now and run Dr Web CureIt just as you instructed. The scan found 3 potential threats, associated with the FreemakeAudioConverter program. This programm has been on my computer for more than 5 years so I believe it is a false positive. Nevertheless, I do not mind Dr. Web CureIt removing it, since I dont use the program anymore.
The Dr Web CureIt log was too big to attach; I uploaded it on wetrasfer and you can download it from this link: https://we.tl/t-v71Jlf3piy

 

One thing I forgot to mention is that Windows Defender is blocking C:\Windows\System32\taskhostw.exe after applying the Interactive preset of ConfigureDefender and the SimpleWindowsHardening of HardConfigurator.

Attached Files


Edited by geofish, 12 April 2024 - 06:17 AM.


#5 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 12 April 2024 - 11:10 AM

Windows Resource Protection found corrupt files but was unable to fix some of them.

 

  • Download the enclosed file  Attached File  Fixlist.txt   261bytes   4 downloads
  • Save it in the same location FRST64.exe is saved 
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply. If too long, use an online service such as www.wetransfer.com.

 

No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#6 geofish

geofish
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 12 April 2024 - 12:33 PM

Here you go:

https://we.tl/t-5LVnT3ceI6



#7 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 12 April 2024 - 01:15 PM

  • Download the enclosed file  Attached File  Fixlist.txt   3.81KB   2 downloads
  • Save it in the same location FRST64.exe is saved 
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

 

You seem to be having problems with Windows Image. Download Windows 10 .iso image and save it to your desktop. Once saved, let me know to attempt to Restore the health of the system.

 

Download Windows 10 (microsoft.com)


No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#8 geofish

geofish
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 12 April 2024 - 02:10 PM

I applied the latest fix.

I downloaded the media creation tool to create the Windows.iso file which now lies on my desktop.

 

Thanks again for the assistance.

Attached Files


Edited by geofish, 12 April 2024 - 02:11 PM.


#9 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 12 April 2024 - 04:19 PM

Right click on the .iso file and mount it. Let me know the drive letter assigned.


No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#10 geofish

geofish
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 12 April 2024 - 04:51 PM

I mounted it with daemon tools on drive (E:)



#11 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 12 April 2024 - 05:13 PM

The iso file, contains all files needed to install Windows, although we are not Installing Windows. We will try to Restore the Health of the installation.
 
Open a command prompt as an Administrator. Run these commands one by one. You can copy and paste the command if needed. If the command fails, Stop and review the Syntax.
 
md c:\Image
 
This will create a new folder on drive C:
 
cd /d c:\Image
 
This will change your current location to the c:\Image folder. It is important that the prompt changes to c:\Image. If not Stop.
 
Xcopy E:\ /s
 
The E is for the drive letter assigned to the ,iso drive when mounted. All files and folders will be copied from the iso file to the c:\Image\ folder.
 
Dism /Get-WimInfo /WimFile:c:\Image\Sources\install.esd 
 
This will extract the information from the .esd file in the Image foler. For Windows Home, the Index will be 1
 
Dism /export-image /SourceImageFile:c:\Image\Sources\install.esd /SourceIndex:1 /DestinationImageFile:c:\Image\Sources\install.wim /Compress:max /CheckIntegrity
 
This will export the files from the Install.esd to the Install.wim with Index 1
 
Dism /Get-WimInfo /WimFile:c:\Image\Sources\install.wim 
 
This will extract the information from the .wim file in the Image foler. It should be only the files for Index 1
 
DISM /Online /Cleanup-Image /RestoreHealth /Source:WIM:c:\Image\Sources\install.wim:1 /LimitAccess 
 
This will attempt to restore the Windows Image. If successful, run the following command:
 
SFC /ScanNow
 
Let me know if corrupted files are found and corrected.


No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#12 geofish

geofish
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 12 April 2024 - 05:30 PM

After running this command

 

DISM /Online /Cleanup-Image /RestoreHealth /Source:WIM:c:\Image\Sources\install.wim:1 /LimitAccess 

 

I got the following error

 

Error: 0x800f081f
 
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see https://go.microsoft.com/fwlink/?LinkId=243077.
 
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
 
 
Here is the DISM log in case that helps: https://we.tl/t-YIdXrzKwFx

Edited by geofish, 12 April 2024 - 05:37 PM.


#13 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 12 April 2024 - 06:39 PM

go to c:\Image\Sources. Is there an install.wim file?


No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed


#14 geofish

geofish
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 12 April 2024 - 06:50 PM

yes, the file is here. I have to sleep now, so i will see your reply tomorrow 



#15 JSntgRvr

JSntgRvr

    Malware Fighter


  •  Avatar image
  • Malware Response Team
  • 16,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:30 AM

Posted 12 April 2024 - 07:11 PM

 See if you can upload the C:\Windows\logs\CBS\cbs.log 


No request for help throughout private messaging will be attended.

Unactive logs for mor more than four (4) days will be closed





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users