Hi,
My C and D drives keep reporting no space left.
My first step was to run listing of all my files sorted by date. Many small files with future date (2085 if I remember correct) showed up.
I deleted these files, but new ones keep showing, this time with current date.
I ran 4 free online programs, HouseCall, ESET, Malwarebytes, F-Secure, but no virus was reported.
I ram FRST.
Addition.txt
=========
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2023
Ran by User (27-08-2023 13:20:20)
Running from G:\Downloads
Microsoft Windows 11 Pro Version 22H2 22621.2134 (X64) (2022-11-07 21:46:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1732968123-2954789539-1901243787-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1732968123-2954789539-1901243787-503 - Limited - Disabled)
Guest (S-1-5-21-1732968123-2954789539-1901243787-501 - Limited - Disabled)
ranch (S-1-5-21-1732968123-2954789539-1901243787-1003 - Limited - Enabled) => C:\Users\ranch
User (S-1-5-21-1732968123-2954789539-1901243787-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1732968123-2954789539-1901243787-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Security (Enabled - Up to date) {C622D33D-B035-6463-E471-9D92B9517CA1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Avira Security (Enabled) {BE55A40C-05CA-1096-36EB-CCA92DEAF539}
FW: Avira Security (Enabled) {877B141C-E73B-9A54-223E-108CC963426A}
FW: ESET Firewall (Disabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
FW: Avira Security (Disabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
FW: Avira Security (Enabled) {12CE3622-C811-64DE-1773-AA1774F2B8E1}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1Password 4.5.0.574 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
Active@ ISO Burner 4 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 4 - LSoft Technologies Inc)
AirDroid 3.6.7.0 (HKLM-x32\...\AirDroid) (Version: 3.6.7.0 - Sand Studio)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Any Video Converter 6.3.8 (HKLM-x32\...\Any Video Converter) (Version: 6.3.8 - Anvsoft)
Applian Director (HKLM-x32\...\Applian Director4.0.0.1) (Version: 4.0.0.1 - Applian Technologies Inc.)
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader (HKLM\...\{AC76BA86-7AD7-0000-0000-BC16014E7500}) (Version: 22.001.20085 - Adobe Systems Incorporated)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1582.3 - AVG Technologies) Hidden
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version: - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.41.1.25731 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.93.6 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.25.0.17 - Avira Operations GmbH) Hidden
AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - )
Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.65.1074 - AB Team, d.o.o.)
Bullzip PDF Printer 11.4.0.2674 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.4.0.2674 - Bullzip)
calibre 64bit (HKLM\...\{FD4283DA-1E54-490D-B836-DD06AA5AB5DC}) (Version: 6.9.0 - Kovid Goyal)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 6.15 - Piriform)
Cleaner One Pro 6.6.0 (HKLM-x32\...\99388cc2-2782-5495-bbd2-525df2487901) (Version: 6.6.0 - Trend Micro, Inc.)
CubePDF 3.1.1 (x64) (HKLM\...\{6BBF4252-CB6B-4E0B-9E5B-1719B7934917}_is1) (Version: 3.1.1 - CubeSoft)
CubePDF Page 4.3.0 (x64) (HKLM\...\{E41A604F-B2B6-4076-9020-4F4C458C972F}_is1) (Version: 4.3.0 - CubeSoft)
CubePDF Utility 2.3.0 (x64) (HKLM\...\{4DB5CF1C-F10E-4C4D-84D7-2525CFAB8F6C}_is1) (Version: 2.3.0 - CubeSoft)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 181.4.5678 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.761.1 - Dropbox, Inc.) Hidden
EaseUS RecExperts 2.8.1 (HKLM-x32\...\EaseUS RecExperts_is1) (Version: - EaseUS)
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2212.316 - Avira Operations GmbH & Co. KG) Hidden
Everything 1.4.1.932 (x86) (HKLM-x32\...\Everything) (Version: 1.4.1.932 - David Carpenter)
FreeFileSync (HKLM-x32\...\FreeFileSync_is1) (Version: 11.21 - FreeFileSync.org)
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.111 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 79.0.2.0 - Google LLC)
HD Video Converter Factory 24.6 (HKLM-x32\...\HD Video Converter Factory) (Version: 24.6 - WonderFox Soft, Inc.)
HWiNFO64 Version 6.34 (HKLM\...\HWiNFO64_is1) (Version: 6.34 - Martin Malik - REALiX)
Intel® Computing Improvement Program (HKLM\...\{88B98508-2D8F-46F1-90AD-557BE40C7067}) (Version: 2.4.07642 - Intel Corporation)
Intel® Graphics Driver Software (HKLM-x32\...\{2028abfa-7954-482c-a38b-3d1f1dbbdfcf}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{8a13c1a0-15ca-4939-92ea-9a745169ba28}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{9454a0e6-0762-48ec-b153-2a75b252d1fb}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{9ae59417-0d7e-4339-88ac-07119bd37b27}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{ee09a6a7-c9c8-43cf-a6c0-ec07b3567e5b}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{fb198756-7be7-4730-8f2e-282d5e71e412}) (Version: 3.11.1.0 - Intel) Hidden
K-Lite Codec Pack 17.7.3 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.7.3 - KLCP)
Lenovo Calliope USB Keyboard (HKLM\...\{520AA862-0064-4B41-B777-1FAFC1AD1293}) (Version: 1.12 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.14 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0136 - Lenovo)
Malwarebytes version 4.6.1.280 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16130.20714 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.169.0813.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\a1a734b8150c1d83) (Version: 17.0.8433.11 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Teams) (Version: 1.4.00.22976 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127 (HKLM-x32\...\{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127 (HKLM-x32\...\{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
MiniTool MovieMaker (HKLM\...\{MT-39B9213B-B182-41FB-B149-CD1016372F9C}_is1) (Version: 3.0.1 - MiniTool Software Limited)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 96.0.1 (x64 en-US)) (Version: 96.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MP4Tools v3.7 (HKLM-x32\...\MP4Tools_is1) (Version: - Thüring IT-Consulting)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
Musicmatch® Jukebox (HKLM-x32\...\{85D3CC30-8859-481A-9654-FD9B74310BEF}) (Version: 10.00.3030 - )
NIUBI Partition Editor Professional Edition V7.2.6 (HKLM-x32\...\NIUBISoft-NPE) (Version: V7.2.6 - NIUBI Technology Co., Ltd.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.9 - Notepad++ Team)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20714 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20500 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040D-1000-0000000FF1CE}) (Version: 16.0.16130.20714 - Microsoft Corporation) Hidden
OpenShot Video Editor version 2.4.4 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.4 - OpenShot Studios, LLC)
Opera Stable 101.0.4843.43 (HKLM-x32\...\Opera 101.0.4843.43) (Version: 101.0.4843.43 - Opera Software)
Photo Common (HKLM-x32\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plex (HKLM-x32\...\Plex) (Version: 1.2.0 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{8A92E317-5D87-4170-8782-4F0D9F4B2BBB}) (Version: 1.20.3437 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{b20f9234-c5e6-41cc-ba98-08009683eb2e}) (Version: 1.20.3.3437 - Plex, Inc.)
PowerArchiver 2021 (HKLM\...\PowerArchiver_is1) (Version: 20.10.03 - ConeXware, Inc.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 8.01 - NCH Software)
Replay Converter 6 (6.0.21.0) (HKLM-x32\...\Replay Converter 6) (Version: 6.0.21.0 - Applian Technologies)
Replay Video Capture 9 (HKLM-x32\...\Replay Video Capture 9) (Version: 9.1.1 - Applian Technologies Inc.)
ScreenRec (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\ScreenRec) (Version: 00.01.00.58 - StreamingVideoProvider)
Signal 5.41.0 (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.41.0 - Signal Messenger, LLC)
Snagit 2019 (HKLM\...\{791BC7CD-B0AD-4B16-91D8-41C2B470ADCC}) (Version: 19.1.3 - TechSmith Corporation) Hidden
Snagit 2019 (HKLM-x32\...\{7c408d15-7683-4fd6-9eb1-117f4c5e1a8b}) (Version: 19.1.3.3847 - TechSmith Corporation)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.09 - NCH Software)
Stopping Plex (HKLM-x32\...\{1471F3F3-F130-4218-B700-C36FC134FAA6}) (Version: 1.20.3437 - Plex, Inc.) Hidden
Stremio (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Stremio) (Version: 4.4.160 - Smart Code Ltd)
Sublight (HKLM-x32\...\{04b62368-e432-4d56-b958-e492abba5b59}) (Version: 5.0 - Sublight Labs)
Sublight (HKLM-x32\...\{5CA72C1D-C5EE-4BE4-A749-CFE6210302AA}) (Version: 5.0 - Sublight Labs) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 7.45 - NCH Software)
Syncios 6.7.7 (HKLM-x32\...\Syncios) (Version: 6.7.7 - Anvsoft)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
Telegram Desktop (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.7.3 - Telegram FZ-LLC)
Twitch Studio (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF372B0}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 8.2.0 - Universal Media Server)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VSDC Free Video Editor version 6.9.5.382 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.9.5.382 - Flash-Integro LLC)
WhatsApp (Outdated) (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\WhatsApp) (Version: 2.2314.11 - WhatsApp)
Windows Driver Package - LG Electronics, Inc. (AndnetBus) USB (06/04/2015 3.14.0.0) (HKLM\...\0ED6FC7468C532CF6DCB7EB5A4264C07E282B9AC) (Version: 06/04/2015 3.14.0.0 - LG Electronics, Inc.)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66B5819D-DE70-42BE-B40F-978FBA12452E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{6522F5F9-411B-4513-A75B-CEA00395F032}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Wondershare Filmora 11(Build 11.0.10.2) (HKLM\...\Wondershare Filmora 11_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Wondershare MobileTrans ( Version 4.0.3 ) (HKLM-x32\...\{72289023-823E-4AF7-A65F-C608481758AC}_is1) (Version: 4.0.3 - Wondershare)
Zoom (HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\ZoomUMX) (Version: 5.14.7 (15877) - Zoom Video Communications, Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{728D1A83-6ADC-41EE-915E-99B53376667C}) (Version: 5.14.6 - Zoom)
יישומי Microsoft 365 לארגונים - he-il (HKLM\...\O365ProPlusRetail - he-il) (Version: 16.0.16130.20714 - Microsoft Corporation)
Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5180.0_x64__8j3eq9eme6ctt [2023-08-25] (INTEL CORP) [Startup Task]
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.18.872.0_x64__rz1tebttyb220 [2023-08-24] (Dolby Laboratories)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2023-08-23] (Dropbox Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2023-01-13] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-05-24] (Apple Inc.) [Startup Task]
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2023-01-13] (OverDrive Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-01-13] (Microsoft Corporation) [MS Ad]
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-10] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-07] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.24.243.0_x64__dt26b99r8h8gj [2023-01-13] (Realtek Semiconductor Corp)
Thorium Reader -> C:\Program Files\WindowsApps\EDRLab.ThoriumReader_2.3.0.0_x64__r3hax6t39xm4t [2023-08-06] (EDRLab)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2333.8.0_x64__cv1g1gvanyjgm [2023-08-26] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-08-11] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-01-13] (win.rar GmbH)
YouTube Music -> C:\Program Files\WindowsApps\music.youtube.com-9F558962_1.0.0.1_neutral__vezhnr0wkvrcy [2023-08-23] (music.youtube.com)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1732968123-2954789539-1901243787-1001_Classes\CLSID\{04271989-C4D2-8B03-8DF9-569E0CD2AA58} -> [OneDrive - Ben Gurion University of the Negev] => C:\Users\User\OneDrive - Ben Gurion University of the Negev [2022-02-16 11:16]
CustomCLSID: HKU\S-1-5-21-1732968123-2954789539-1901243787-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21161.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1732968123-2954789539-1901243787-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1732968123-2954789539-1901243787-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\User\Dropbox [2019-06-28 12:37]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\79.0.2.0\drivefsext.dll [2023-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\79.0.2.0\drivefsext.dll [2023-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\79.0.2.0\drivefsext.dll [2023-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\79.0.2.0\drivefsext.dll [2023-08-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\79.0.2.0\drivefsext.dll [2023-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY PRODUCTION LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers1: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2021-06-24] (ConeXware, Inc. -> ConeXware, Inc.)
ContextMenuHandlers1: [PowerArchiver64] -> {d03d3e78-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT64.DLL [2021-06-24] (ConeXware, Inc. -> ConeXware, Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2019\DLLx64\SnagitShellExt64.dll [2019-07-11] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-03-28] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-08-16] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-08-16] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_59691a4ee8d947dd\OptaneShellExt.dll [2021-10-12] (Intel Corporation -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\79.0.2.0\drivefsext.dll [2023-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2019\DLLx64\SnagitShellExt64.dll [2019-07-11] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-03-28] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncShell64.dll [2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\79.0.2.0\drivefsext.dll [2023-08-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.64.0.dll [2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-03-28] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [FineReader12ContextMenu] -> {55344AC6-630B-430C-B292-C7BE21F90061} => C:\Program Files (x86)\ABBYY FineReader 12\FRIntegration.x64.dll [2014-01-30] (ABBYY PRODUCTION LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [PowerArchiver] -> {d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT.DLL [2021-06-24] (ConeXware, Inc. -> ConeXware, Inc.)
ContextMenuHandlers6: [PowerArchiver64] -> {d03d3e78-0c44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files\PowerArchiver\PASHLEXT64.DLL [2021-06-24] (ConeXware, Inc. -> ConeXware, Inc.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2010-03-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2010-03-12] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2010-03-12] (Microsoft Corporation) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Snapshots\115.0.1901.203\Profile 1\Web Applications\_crx__cinhimbnkkaeohfgghhklpknlkffjgod\YouTube Music.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory="Profile 1" --app-id=cinhimbnkkaeohfgghhklpknlkffjgod --app-url=hxxps://music.youtube.com/?source=pwa --app-launch-source=4
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Snapshots\114.0.1823.82\Profile 1\Web Applications\_crx__cinhimbnkkaeohfgghhklpknlkffjgod\YouTube Music.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory="Profile 1" --app-id=cinhimbnkkaeohfgghhklpknlkffjgod --app-url=hxxps://music.youtube.com/?source=pwa --app-launch-source=4
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Snapshots\113.0.1774.57\Profile 1\Web Applications\_crx__cinhimbnkkaeohfgghhklpknlkffjgod\YouTube Music.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory="Profile 1" --app-id=cinhimbnkkaeohfgghhklpknlkffjgod --app-url=hxxps://music.youtube.com/?source=pwa --app-launch-source=4
ShortcutWithArgument: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Web Applications\_crx__cinhimbnkkaeohfgghhklpknlkffjgod\YouTube Music.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory="Profile 1" --app-id=cinhimbnkkaeohfgghhklpknlkffjgod --app-url=hxxps://music.youtube.com/?source=pwa --app-launch-source=4
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\rancherm@bgu.ac.il - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2019-06-27 23:37 - 2015-04-28 10:50 - 000376832 _____ () [File not signed] C:\Program Files (x86)\1Password 4\js3215R.dll
2022-04-10 19:37 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2022-04-10 19:37 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2019-07-28 14:58 - 2017-09-02 14:14 - 000219648 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2019-06-27 23:37 - 2015-04-28 10:50 - 000344064 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\1Password 4\MSVCR70.dll
2009-05-23 02:45 - 2009-05-23 02:45 - 000247808 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
2022-02-15 11:32 - 2022-02-15 11:32 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2022-02-15 11:32 - 2022-02-15 11:32 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2022-02-15 11:32 - 2022-02-15 11:32 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Client\C2R64.dll
2022-02-15 11:32 - 2022-02-15 11:32 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2023-06-01 18:00 - 2023-06-01 18:00 - 068234752 _____ (mpv) [File not signed] C:\Users\User\AppData\Local\Programs\LNV\Stremio-4\mpv-1.dll
2021-07-23 11:36 - 2021-07-23 11:36 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2021-07-23 11:36 - 2021-07-23 11:36 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2019-04-21 15:05 - 2023-04-08 13:16 - 000845312 _____ (Tabibito Technology) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosPropertyHandler.dll
2023-05-30 22:21 - 2023-05-30 22:21 - 002526208 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\User\AppData\Local\Programs\LNV\Stremio-4\libcrypto-1_1.dll
2023-05-30 22:21 - 2023-05-30 22:21 - 000534528 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\User\AppData\Local\Programs\LNV\Stremio-4\libssl-1_1.dll
2022-04-10 19:37 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2015-05-26] (AgileBits Inc. -> AgileBits)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2015-05-26] (AgileBits Inc. -> AgileBits)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\sharepoint.com -> hxxps://bgu365-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2020-11-14 17:41 - 2023-01-09 22:59 - 000000832 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1732968123-2954789539-1901243787-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.57.2.5 - 213.57.22.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Universal Media Server.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Wireless Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SetupRST_ModeSwitch.lnk"
HKLM\...\StartupApproved\Run: => "MimBoot"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKLM\...\StartupApproved\Run32: => "MimBoot"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\StartupApproved\Run: => "ScreenRec"
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{24E2E5A1-AE0C-4576-912F-15E62466CAAB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{85D7E39D-E1B2-4FE8-AC67-BAD057C2170D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FCC143A6-EB19-467C-890E-A19B992404C3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DBDownloader.exe => No File
FirewallRules: [{27D33A27-93D9-4D59-A12F-4E22433B8B3A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DBDownloader.exe => No File
FirewallRules: [{A3949B89-854E-447B-9308-D786162ABA76}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{FDD39D84-2C9C-484D-8FAD-6851EAEBB007}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{578ACDA3-9E9F-4E72-988F-B4E2BD85B63E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{6755E36D-E94A-40C7-866E-D6E0FD519C6E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{FD929C66-1BF3-4FAF-AE77-C5295E6E3C30}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{ED98025A-39B6-46EE-9F6A-DE960C6C59F0}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{0E8FC3A8-5D56-4FBA-8830-9B58F0E7A1A9}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{3AC11BAA-FDA3-4142-9E0A-82F34960E9BE}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{955F5378-B05A-4C4B-B986-28A904620024}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C014E6A-5EB4-4A74-AD45-8CB7F391AFDB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CC303BB4-2E97-4FBC-A5D0-AC45999EBD60}] => (Block) LPort=26727
FirewallRules: [{0261F166-7199-4145-9BA1-C4A25246BAEA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{246A07B9-D795-4363-BCD1-FEBCDC798C76}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{DE49500E-1FFC-4B62-9AC8-C80D7A553F71}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{8564113F-0633-4248-89C1-D7354F9CF4A5}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [UDP Query User{405D5809-4ADA-4A86-BF3A-C8E3EBAE775B}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [TCP Query User{2529CB8F-AC18-4C25-BC27-08FE32671044}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio)
FirewallRules: [{0D7C1824-C251-41C1-BD24-461A87E26C99}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FD2112FF-7EBA-4C43-99FA-E1C257E08DF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4DBE2490-A648-4765-AB20-A7457D4E201B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{77A4D1B7-F71C-40EA-B35C-DD59F6F984E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{454A5E40-668B-4051-8042-1BD353465B07}D:\data\downloads\ap_wizard\setup wizard\english\wizard\apwizard.exe] => (Allow) D:\data\downloads\ap_wizard\setup wizard\english\wizard\apwizard.exe => No File
FirewallRules: [TCP Query User{C4BD0A1D-AEE2-4DE6-A6D2-31330B2B4118}D:\data\downloads\ap_wizard\setup wizard\english\wizard\apwizard.exe] => (Allow) D:\data\downloads\ap_wizard\setup wizard\english\wizard\apwizard.exe => No File
FirewallRules: [{1FDA9F85-7927-47BD-80B8-6BEB4D23982B}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe => No File
FirewallRules: [{36CAC19C-C92F-43DB-A657-9953E36A75E0}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe => No File
FirewallRules: [{6F8CDF4D-D5BF-4A63-84FE-FCD2F8800E2B}] => (Allow) C:\Program Files (x86)\Universal Media Server\jre-x64\bin\javaw.exe
FirewallRules: [{9316443B-0C49-42DA-B44A-E978F3014486}] => (Allow) C:\Program Files (x86)\Universal Media Server\jre-x64\bin\javaw.exe
FirewallRules: [{5075176B-CDD1-43CE-AC58-CEA7893A8184}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{27AD72F3-2810-4BCE-9B28-4BB20B8532D6}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{CB9C06F1-A97A-4AC2-82FF-E6C6BE1015E0}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{6E2B82BC-F5F8-4880-938D-8DD19BBD5A9B}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{A1A6EBF2-882F-4586-9A05-5651F9DD340D}] => (Allow) LPort=1900
FirewallRules: [{F941C1B9-D05C-4687-B5A9-280A4E5242D9}] => (Allow) LPort=2869
FirewallRules: [{DD74C4D3-9803-43C3-9C15-7BD1C069D8EF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{A7A3AA44-11DB-4C77-8531-CCDFD162A44F}C:\program files\openshot video editor\launch.exe] => (Block) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [TCP Query User{D118BEC7-888C-438E-9EA9-BFA9611A9FED}C:\program files\openshot video editor\launch.exe] => (Block) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [{87C91622-1A68-4FA8-BA27-EC3D60BF902A}] => (Allow) LPort=8299
FirewallRules: [UDP Query User{430D4AC8-1E6D-484A-9E44-186EBAE895E0}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe (Plex, Inc -> )
FirewallRules: [TCP Query User{5B1F1335-844D-4C4C-9EEC-97CD4EC8433E}C:\program files\plex\plex\plex.exe] => (Allow) C:\program files\plex\plex\plex.exe (Plex, Inc -> )
FirewallRules: [UDP Query User{E65EB0F8-CF2B-4D9D-85AA-FAF2D3FBA8D5}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [TCP Query User{EA21C87C-6CED-482F-A890-7D947892175E}C:\program files\openshot video editor\launch.exe] => (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [{E34A4DD5-5FB9-4D02-BB58-39F8BF721B5E}] => (Allow) LPort=54925
FirewallRules: [{89A5CE40-678E-42C6-BFEF-F4B8423DDC80}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BB6FA92E-3E50-49CF-8C1F-0FB814A02D39}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{4104805A-32F5-45D3-803D-CC9CE3B989F4}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{9AEDDFC4-39F9-4EF7-BB00-1EC0C4B31567}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{CB7C8CD7-2146-4CE2-BA80-A65B3B3A4980}C:\users\user\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\user\appdata\roaming\twitch studio\bin\twitchstudioagent.exe (Twitch Interactive, Inc. -> )
FirewallRules: [UDP Query User{157CACA5-268C-4C08-A8B0-FA780AC923A1}C:\users\user\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\user\appdata\roaming\twitch studio\bin\twitchstudioagent.exe (Twitch Interactive, Inc. -> )
FirewallRules: [TCP Query User{874C681B-302C-4B23-BD3C-9179E7C48CBF}C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe] => (Allow) C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe => No File
FirewallRules: [UDP Query User{958CA32F-629D-47DD-BACB-177A7C851110}C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe] => (Allow) C:\program files (x86)\lg electronics\lg bridge\lgbridge.exe => No File
FirewallRules: [{9A10B31D-E171-4D5F-BE30-1C792509F644}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{F1ADF6F3-AC91-45F2-899A-8F9D787879A9}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector -> Multilab LLC)
FirewallRules: [{2F4DDD65-4D97-4E9F-9D76-07973569149F}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{97A3E35A-0B8C-4942-95CB-A4804D9D61AC}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector -> Multilab LLC)
FirewallRules: [{F08A6D80-EF44-4B67-8BDF-057E3C0F9C2E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{14E86EB7-ECED-463A-984A-3A2C27F9064B}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector -> Multilab LLC)
FirewallRules: [{39E0F0D5-DA14-445B-99BE-E4FEA96DA4D2}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{42AB340A-1EE0-435D-96AA-63E0FC08E5B1}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{CC5DBA6D-FF88-42A2-B967-5EB3EE699514}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{DF83DBB2-8D79-457A-9197-C145846F25E6}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{AC15CEED-A9C0-41C2-BB30-6FD4AE5D4ED5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E29696B5-0EC0-47C7-9FB4-4E7B6F4FA5C6}C:\users\user\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\user\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [UDP Query User{FD46A443-1361-47E6-B240-FD822BE029E2}C:\users\user\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\user\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Stremio Runtime)
FirewallRules: [{D9FE489B-8032-4E82-AEE5-03100A0477D0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{AA336CEF-E132-4861-881E-7FF790F21F71}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{7F5FE782-5E4C-4A5E-8F1A-610471C9137B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{42BB28B7-548C-42A7-95B7-7F6175CD00E7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{214F0C35-BD4B-49B7-88F3-E242124E45CE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{137CDE3A-298C-4A9A-844F-9B7BBEEE6AFD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{77F0D6FB-C139-4395-A1ED-965E26564772}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A04AC9D5-A327-4BB8-A6D6-D7DDAEFC2513}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{61A4B8A5-BD1C-4F85-93B8-A55D7B755F93}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BBB58E65-BAF8-4B9E-AA6E-A284AED9F44F}] => (Allow) C:\Program Files\Opera\101.0.4843.33\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{DD478DAA-DAB8-4BF6-B0FE-59D5FD9D48FD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C77909E9-6DD9-46A0-AA01-21BF2BFC39D5}] => (Allow) C:\Program Files\Opera\101.0.4843.43\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{EBE802F1-4EB6-4077-AC65-63A1A591FD24}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{F2D11742-3FF6-4863-A26B-4298CFEA02A3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{7060EBF2-1C8A-430B-BF6E-903EC42E7FF1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C5B313EF-E3E0-44CC-81F5-8AF7D296DE30}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A4ADC23D-1199-4E05-B257-4612A1862F11}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2782F895-3E0E-4404-940E-2176782BEF53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.102.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{C869FD7B-084C-4DC4-9701-F08E4B639502}C:\program files\opera\opera.exe] => (Allow) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{E1ADA193-1EE2-4FF0-9C47-605D940AAEAC}C:\program files\opera\opera.exe] => (Allow) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{9BDE6E13-8482-48E5-8DB2-F4600A1AF1FB}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B8B5F73A-2BAE-4AC4-9B84-8AAAB65EB4B9}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23216.905.2334.6698_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{356CD7DB-976D-4035-94C2-D1B3C9913A70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (08/27/2023 01:06:48 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SecurityHealthService.exe, version: 10.0.22621.1635, time stamp: 0xc9cb2878
Faulting module name: ntdll.dll, version: 10.0.22621.2134, time stamp: 0xeee69ec7
Exception code: 0xc0000374
Fault offset: 0x000000000010c239
Faulting process id: 0x0x39b8
Faulting application start time: 0x0x1d9d78e2d5876c9
Faulting application path: C:\WINDOWS\system32\SecurityHealthService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 531c4142-2d7b-4319-a712-c39c9e4a9e0a
Faulting package full name:
Faulting package-relative application ID:
Error: (08/26/2023 11:45:30 PM) (Source: ESENT) (EventID: 104) (User: )
Description: DllHost (12056,T,97) MicrosoftWindows.Client.CBS_cw5n1h2txyewy_NOEDP_EDGE_IDB: The database engine stopped the instance (1) with error (-1092).
Internal Timing Sequence:
[1] 0.000005 +J(0)
[2] 0.000029 +J(0)
[3] 0.000002 +J(0)
[4] 0.000002 +J(0)
[5] 0.0 +J(0)
[6] 0.000786 +J(0) +M(C:0K, Fs:3, WS:-3244K # 0K, PF:-3284K # 0K, P:-3284K)
[7] 0.000004 +J(0)
[8] 0.001004 +J(0) +M(C:0K, Fs:2, WS:-24K # 0K, PF:-60K # 0K, P:-60K)
[9] -
[10] 0.000006 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
[11] -
[12] 0.000019 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[13] 0.000426 +J(0)
[14] 0.000023 +J(0) +M(C:0K, Fs:0, WS:-132K # 0K, PF:-136K # 0K, P:-136K)
[15] 0.000001 +J(0).
Error: (08/26/2023 11:45:30 PM) (Source: ESENT) (EventID: 471) (User: )
Description: DllHost (12056,D,20) MicrosoftWindows.Client.CBS_cw5n1h2txyewy_NOEDP_EDGE_IDB: Unable to rollback operation #53 on database C:\Users\User\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb. Error: -529. All future database updates will be rejected.
Error: (08/26/2023 11:45:30 PM) (Source: ESENT) (EventID: 492) (User: )
Description: DllHost (12056,D,0) MicrosoftWindows.Client.CBS_cw5n1h2txyewy_NOEDP_EDGE_IDB: The logfile sequence in "C:\Users\User\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\Indexed DB\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.
Error: (08/26/2023 11:45:30 PM) (Source: ESENT) (EventID: 413) (User: )
Description: DllHost (12056,D,0) MicrosoftWindows.Client.CBS_cw5n1h2txyewy_NOEDP_EDGE_IDB: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529.
Error: (08/26/2023 11:45:30 PM) (Source: ESENT) (EventID: 482) (User: )
Description: DllHost (12056,D,0) MicrosoftWindows.Client.CBS_cw5n1h2txyewy_NOEDP_EDGE_IDB: An attempt to write to the file "C:\Users\User\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log" at offset 0 (0x0000000000000000) for 524288 (0x00080000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (08/26/2023 10:55:50 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (08/26/2023 10:53:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-RS11CEI.local already in use; will try DESKTOP-RS11CEI-2.local instead
System errors:
=============
Error: (08/27/2023 01:07:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (08/27/2023 08:53:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.
Error: (08/27/2023 02:14:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® SUR QC Software Asset Manager service to connect.
Error: (08/27/2023 12:03:43 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
Error: (08/26/2023 03:55:57 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
Error: (08/26/2023 02:13:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® SUR QC Software Asset Manager service to connect.
Error: (08/26/2023 12:58:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9MSSGKG348SP-MicrosoftWindows.Client.WebExperience.
Error: (08/25/2023 11:05:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® SUR QC Software Asset Manager service to connect.
Windows Defender:
================
Date: 2022-12-29 17:49:04
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Tenga
Severity: Severe
Category: Trojan
Path: file:_G:\Downloads\[ Torrent9.pe ] EaseUS Data Recovery Wizard Technician Professional 11.9.0\Patch etn.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\User\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Security intelligence Version: AV: 1.381.1327.0, AS: 1.381.1327.0, NIS: 1.381.1327.0
Engine Version: AM: 1.1.19900.2, NIS: 1.1.19900.2
CodeIntegrity:
===============
Date: 2023-08-27 13:19:13
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: LENOVO M1YKT65A 10/28/2020
Motherboard: LENOVO 313A
Processor: Intel® Core i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 54%
Total physical RAM: 16266.78 MB
Available physical RAM: 7473.93 MB
Total Virtual: 17290.78 MB
Available Virtual: 6041.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.3 GB) (Free:0.66 GB) (Model: SanDisk SSD PLUS 240GB) NTFS
Drive d: (2TB) (Fixed) (Total:1863.02 GB) (Free:13.53 GB) (Model: WDC WD20EZRZ-00Z5HB0) NTFS
Drive g: (WD-1) (Fixed) (Total:976.56 GB) (Free:115.69 GB) (Model: WD My Passport 25E1 USB Device) NTFS
Drive h: (WD-2 Seagate Backup) (Fixed) (Total:886.42 GB) (Free:128.8 GB) (Model: WD My Passport 25E1 USB Device) NTFS
\\?\Volume{c3de2114-0142-476f-b5ba-2090665cf84b}\ () (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{4f08bf55-32d7-4b53-90f1-c0314525bc46}\ () (Fixed) (Total:0.56 GB) (Free:0.05 GB) NTFS
\\?\Volume{e4379c9d-92c7-4992-ac00-5b34f2452c30}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: F4BDC482)
Partition: GPT.
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 6E5E98C8)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 715DBC50)
Partition 1: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=886.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
FRST.txt
=======
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-08-2023
Ran by User (administrator) on DESKTOP-RS11CEI (LENOVO v530-15icb 10tv) (27-08-2023 13:18:09)
Running from G:\Downloads\FRST64.exe
Loaded Profiles: User
Platform: Microsoft Windows 11 Pro Version 22H2 22621.2134 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe
(C:\Program Files\Opera\opera.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(C:\Program Files\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera\101.0.4843.43\opera_crashreporter.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe <13>
(C:\Users\User\AppData\Local\Programs\LNV\Stremio-4\stremio.exe ->) (Smart Code OOD -> Stremio Runtime) C:\Users\User\AppData\Local\Programs\LNV\Stremio-4\stremio-runtime.exe
(C:\Users\User\AppData\Local\Programs\LNV\Stremio-4\stremio.exe ->) (The Qt Company Oy -> The Qt Company Ltd.) C:\Users\User\AppData\Local\Programs\LNV\Stremio-4\QtWebEngineProcess.exe <2>
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\User\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_98728bfffafc23c2\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_98728bfffafc23c2\igfxEM.exe
(explorer.exe ->) (AgileBits Inc. -> AgileBits) [File not signed] C:\Program Files (x86)\1Password 4\1Password.exe
(explorer.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\79.0.2.0\crashpad_handler.exe <2>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(explorer.exe ->) (Smart Code OOD -> ) C:\Users\User\AppData\Local\Programs\LNV\Stremio-4\stremio.exe
(explorer.exe ->) (voidtools -> ) C:\Program Files (x86)\Everything\Everything.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <15>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.169.0813.0001\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Opera Norway AS -> Opera Software) C:\Program Files\Opera\opera.exe <27>
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_98728bfffafc23c2\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ba273d0ffb93e225\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_22dff82e7da0099b\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_f42d50ef4c9376ba\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel® Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_73592056cffa61ae\RtkAudUService64.exe <2>
(services.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5180.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2333.8.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5180.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.25873.9001.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.2061_none_e9764a2042bb8e95\TiWorker.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\1.0.2306.10002-0\SecurityHealthHost.exe
(svchost.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(SystemSettingsAdminFlows.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Dism\DismHost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_73592056cffa61ae\RtkAudUService64.exe [1231944 2021-01-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11559648 2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [3167416 2020-09-01] (ANVSOFT TECHNOLOGY CO., LIMITED -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [AutoAD] => C:\Program Files (x86)\Wondershare\MobileTrans\AutoAD.exe [83184 2022-09-29] (Wondershare Technology Group Co.,Ltd -> Wondershare)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [20719608 2020-10-14] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [ScreenRec] => C:\Users\User\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [2442288 2021-04-15] (TeddySoft Ltd. -> StreamingVideoProvider)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41584544 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4116520 2023-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [cubepdf-page-checker] => C:\Program Files\CubePDF Page\CubeChecker.exe [57368 2023-06-06] (CubeSoft, Inc. -> CubeSoft)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [cubepdf-checker] => C:\Program Files\CubePDF\CubeChecker.exe [57368 2023-04-10] (CubeSoft, Inc. -> CubeSoft)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [AutoAD] => C:\Program Files (x86)\Wondershare\MobileTrans\AutoAD.exe [83184 2022-09-29] (Wondershare Technology Group Co.,Ltd -> Wondershare)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\...\Run: [cubepdf-utility-checker] => C:\Program Files\CubePDF Utility2\CubeChecker.exe [57368 2023-05-09] (CubeSoft, Inc. -> CubeSoft)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1003\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2607536 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1732968123-2954789539-1901243787-1003\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-09] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [219648 2017-09-02] (Bullzip) [File not signed]
HKLM\...\Print\Monitors\CubeMon: C:\WINDOWS\system32\cubemon.dll [104344 2022-07-11] (CUBE SOFT, K.K. -> CubeSoft, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\116.0.5845.111\Installer\chrmstp.exe [2023-08-25] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MTWSAndroidAppHelper.lnk [2022-10-12]
ShortcutTarget: MTWSAndroidAppHelper.lnk -> C:\Program Files (x86)\Wondershare\MobileTrans\WSAndroidAppHelper.exe (Wondershare Technology Group Co.,Ltd -> Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MTWSAppHelper.lnk [2022-10-12]
ShortcutTarget: MTWSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\MobileTrans\WSAppHelper.exe (Wondershare Technology Group Co.,Ltd -> Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2019-07-20]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server) [File not signed]
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {D791332B-4089-4697-B61A-2BFAD3DA3D5F} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
Task: {132E87AF-BC2E-4C65-AD8A-16C732A3A076} - System32\Tasks\Avira_Antivirus_Systray => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min (No File)
Task: {E1D3B1FF-ED82-492E-A66B-057C4B947FCB} - System32\Tasks\Avira_FallbackUpdater => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start AviraFallbackUpdater Delayed=false
Task: {067C3245-A79E-497B-ABF7-D2D70D98C41B} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {067C3245-A79E-497B-ABF7-D2D70D98C41B} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {067C3245-A79E-497B-ABF7-D2D70D98C41B} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {04F552BC-055E-4F20-9531-E5AB619F4C70} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [262024 2023-08-16] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {C038F49D-0C13-4162-9DC5-B07826F0FD91} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1814672 2023-08-16] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {9D8C5462-81A8-40FF-966A-460DBD434021} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [81920 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {5F43A270-3247-4E8C-94C9-433AD54CDD69} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [35381016 2023-04-01] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {7FB9A476-EB83-41A8-82AD-5F28F3647B88} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {C723C161-0F3A-4C1D-A90B-42E3FCC435E5} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "048ca9ee-b12b-4323-98d3-5525a1efbc0e" --version "6.15.10623" --silent
Task: {0A3ADECE-74EE-465B-A257-D78C841DC213} - System32\Tasks\CCleanerSkipUAC - User => C:\Program Files\CCleaner\CCleaner.exe [34687904 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {0C281E81-0741-4900-ACB1-21100A9C5577} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Scheduler.exe /scheduler (No File)
Task: {6CA32FFF-DA4A-4B96-9B04-2BF115BE3C25} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {625E3B43-63CA-42FE-92FD-72399D5F521A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E20BD887-5588-429C-BE69-FA01597A3D86} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\temp\scoped_dir4244_1181014593\esetonlinescanner.exe LOGON (No File) <==== ATTENTION
Task: {34967669-F2A1-4D02-B075-8DBAA8490580} - System32\Tasks\EOSv3 Scheduler onTime => D:\temp\scoped_dir4244_1181014593\esetonlinescanner.exe SCHED (No File) <==== ATTENTION
Task: {C5B68735-0FAB-4323-929E-DEE52D3D11C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-21] (Google Inc -> Google Inc.)
Task: {161D9462-8251-4B95-A396-D6390F4DEC89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-21] (Google Inc -> Google Inc.)
Task: {4950F981-9C69-435E-8819-9F7880EEBC38} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {D44004D0-744A-45F9-ADB3-DF344A2CBD6C} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {120504DC-6D15-456D-9AC9-66DDE86F088E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {1003759A-957F-4A92-BD44-3356D106F189} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-08-17] () [File not signed]
Task: {08CA3D1D-AD72-464C-9B4B-C0C05AAE8459} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1732968123-2954789539-1901243787-1001 => C:\Users\User\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [89096 2023-04-10] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {39CAEDA7-8CD1-4C48-B553-19501D4368C5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26299360 2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4717287-F9ED-4675-A162-3464D8E7754A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26299360 2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D3DF6AE-4C0F-4D1C-BCC1-382EBAC2EF12} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144240 2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {566037D7-DC8F-48CF-A57A-F4FC4AC48DC3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144240 2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {1A2F55A1-D92B-488B-8365-76E9821C3E74} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {E80F2B79-1690-425E-8DB2-0E1B9179AEEA} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3826864 2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {21103006-334E-45E7-9CF7-CE3E0BF0F934} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {884221DE-8740-4509-A0A1-D23DEFB935A2} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {884221DE-8740-4509-A0A1-D23DEFB935A2} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {884221DE-8740-4509-A0A1-D23DEFB935A2} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {5F07BFBB-158E-4329-B9AA-C0E3490BB4D8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\13E530BB-5FFF-4FFC-8340-1274A604642E\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-08-09] (Microsoft Windows -> Microsoft Corporation)
Task: {0B6471CE-D6C2-4B50-A07A-EF3413BDA4F6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\13E530BB-5FFF-4FFC-8340-1274A604642E\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [495616 2023-08-09] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {FB286013-8607-417C-A7D2-0E5FB591780A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {BD2A6052-C3CA-4942-976C-58DE7C60D672} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File)
Task: {62CD8790-C94B-4C46-9FE0-4FE4FDF099D0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {3AA0AB55-7553-43F0-A78E-86A3D8CAA8EE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {246A0183-D36B-409F-B263-A03E0BD22978} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [709560 2022-07-15] (Mozilla Corporation -> Mozilla Foundation)
Task: {26198909-C8DB-4A3B-A10B-060E31048291} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {64D00B1F-1F10-4DB5-B593-63A2824C20AA} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1732968123-2954789539-1901243787-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A89F1416-FAA8-4C11-825D-2388BFFBF9CA} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1732968123-2954789539-1901243787-1003 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {CFFAD6BA-AC00-4F44-BB99-76EFB78B9B9C} - System32\Tasks\Opera scheduled assistant Autoupdate 1576852696 => C:\Program Files\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
Task: {6C341BA7-61A1-4965-AEAE-61B3AD43075B} - System32\Tasks\Opera scheduled Autoupdate 1555928769 => C:\Program Files\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software)
Task: {A8CED70F-B389-4316-98CC-15322B775EBE} - System32\Tasks\S-1-5-21-1732968123-2954789539-1901243787-1001\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (No File)
Task: {D6EC017F-C389-4F9D-B67C-75A27DF0C7EA} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {E4912C2E-9520-43AB-B8B9-8AE0AD036338} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1897824 2022-03-09] (Lenovo -> )
Task: {CD2F325F-6A95-409E-BA88-D2B29C65E0EF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [200704 2023-05-10] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
AutoConfigURL: [S-1-5-21-1732968123-2954789539-1901243787-1001] => hxxp://www.bgu.ac.il/bgu.pac <==== ATTENTION
Tcpip\Parameters: [DhcpNameServer] 213.57.2.5 213.57.22.5
Tcpip\..\Interfaces\{8a15ed05-065b-44bf-a104-0513659d64ca}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{aa94a3b2-d296-471a-a0ab-fdc406c293b3}: [DhcpNameServer] 213.57.2.5 213.57.22.5
ManualProxies: 0hxxp://www.bgu.ac.il/bgu.pac <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-25]
Edge Extension: (Avira Safe Shopping) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-05-03]
Edge Extension: (Avira Password Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2023-05-03]
Edge Extension: (OneTab) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2023-07-20]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-08-02]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-26]
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-08-27]
Edge Notifications: Profile 1 -> hxxps://www.messenger.com
Edge Extension: (LibKey Nomad) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\aegommgkkknipcpebmcbepdapjdojiji [2023-07-17]
Edge Extension: (Avira Safe Shopping) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-01-10]
Edge Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\elhekieabhbkpmcefcoobjddigjcaadp [2023-08-25]
Edge Extension: (Avira Password Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\emgfgdclgfeldebanedpihppahgngnle [2023-03-24]
Edge Extension: (EZProxy Redirect) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\gfhnhcbpnnnlefhobdnmhenofhfnnfhi [2022-06-21]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-08-02]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-08]
Edge Extension: (Zoom Chrome Extension) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2023-07-25]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: tjt1gqou.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjt1gqou.default [2023-08-27]
FF NetworkProxy: Mozilla\Firefox\Profiles\tjt1gqou.default -> autoconfig_url", "hxxp://www.bgu.ac.il/bgu.pac"
FF Extension: (AdBlocker Ultimate) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjt1gqou.default\Extensions\adblockultimate@adblockultimate.net.xpi [2022-07-15]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjt1gqou.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-07-15]
FF Extension: (DownThemAll!) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjt1gqou.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2022-07-15]
FF Extension: (LibKey Nomad) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjt1gqou.default\Extensions\{f282d54d-83cc-45f5-b3e5-65888de1682b}.xpi [2022-07-15]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2023-08-25]
CHR Extension: (MEGA) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2023-06-02]
CHR Extension: (DuckDuckGo Privacy Essentials) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-06-02]
CHR Extension: (Avira Safe Shopping) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2023-06-02]
CHR Extension: (AVG Web TuneUp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2020-03-26]
CHR Extension: (Tampermonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2023-03-19]
CHR Extension: (Dropbox for Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2021-09-26]
CHR Extension: (Avast Passwords) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-03-26]
CHR Extension: (Readium) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2020-03-26]
CHR Extension: (EBook Offline Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkidldjfpemdgkehdhkoehplkbkcadfa [2020-03-26]
CHR Extension: (YouTube Flash Video Player) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldkdmkgnlbehfgeifjpjabmandnchpe [2020-03-26]
CHR Extension: (Avira Browser Safety) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2023-03-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2020-03-26]
CHR Extension: (FoxyProxy Standard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2020-03-26]
CHR Extension: (Auto BCC for Gmail™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjgikgjcgdhlklibkcobckkhklaeodd [2023-03-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-06-02]
CHR Extension: (Team Liquid Streams++) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgkaggfllbomabebbgkibkmbloibgfd [2020-03-26]
CHR Extension: (Disconnect) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2020-11-12]
CHR Extension: (Notta 音声認識- Webページの音声を文字起こし) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdelkaogljjcbjffjmahedaobfjineig [2023-06-02]
CHR Extension: (LUZit - Click your text to the calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kibiiafandkfafennedegfppdgdacedj [2023-03-27]
CHR Extension: (LibKey Nomad) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkoeejijapdihgbegpljiehpnlkadljb [2023-06-02]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-03-27]
CHR Extension: (DownThemAll!) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nljkibfhlpcnanjgbnlnbjecgicbjkge [2023-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-16]
CHR Extension: (Neater Bookmarks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2020-03-26]
CHR Extension: (TunnelBear VPN) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2023-06-02]
CHR Extension: (Audio Capture) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\padjipbilemhhpppjmkabednoeiaaaac [2021-09-28]
CHR HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-1732968123-2954789539-1901243787-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2023-08-27]
OPR Notifications: Opera Stable -> hxxps://calendar.google.com; hxxps://drive.google.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-12]
OPR Extension: (EZProxy Redirect) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfhnhcbpnnnlefhobdnmhenofhfnnfhi [2022-06-22]
OPR Extension: (Opera Wallet) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-25]
OPR Extension: (Netflix Curator) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\hfaaklifbgjnnbamonkijkehbmjbmjlo [2022-06-24]
OPR Extension: (Aria) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-08-25]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-16]
OPR Extension: (Amazon Assistant for Opera) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2023-04-12]
OPR Extension: (Alitools Shopping Assistant) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkekkheibgkgeepapinkalkongndfajn [2023-08-25]
Brave:
=======
BRA Profile: C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-08-25]
BRA Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-07]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2020-03-07]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2020-03-07]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-03-07]
BRA Extension: (Brave NTP sponsored images) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\nhjdpioohdbmgmdifcpekmfjnahnkeoe [2020-03-07]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\User\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2020-03-07]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [925904 2014-01-23] (ABBYY Production LLC -> ABBYY Production LLC)
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6573192 2023-07-16] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3002640 2022-09-08] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [386864 2022-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [266384 2023-08-16] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [297392 2023-08-16] (Avira Operations GmbH -> Avira Operations GmbH)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1074080 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12513208 2023-07-22] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2023-08-22] (Dropbox, Inc -> Dropbox, Inc.)
R2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe [913408 2021-10-28] () [File not signed]
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11129000 2023-08-22] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11129000 2023-08-22] (Avira Operations GmbH -> Avira Operations GmbH)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\FileSyncHelper.exe [3516832 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-12-25] (Mixbyte Inc -> Freemake)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-08-25] (Malwarebytes Inc. -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [46416 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.169.0813.0001\OneDriveUpdaterService.exe [3853840 2023-08-23] (Microsoft Corporation -> Microsoft Corporation)
S3 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1425904 2020-10-14] (Plex, Inc. -> Plex, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402200 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3658832 2019-06-28] (TechSmith Corporation -> TechSmith Corporation)
S3 TwitchService; C:\Program Files\Common Files\Twitch\TwitchService.exe [331648 2021-01-25] (Twitch Interactive, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ANVSOFT_WaveExtensible; C:\WINDOWS\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [190712 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [233560 2023-05-25] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-11-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-11-07] (Microsoft Corporation) [File not signed]
R1 epp; D:\DATA\Desktop\bin64\epp.sys [155112 2020-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2022-06-22] (Martin Malik - REALiX -> REALiX)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1089512 2020-04-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222272 2023-08-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [112184 2022-12-15] (Avira Operations GmbH -> Avira Operations GmbH)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28616 2023-07-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
U5 rtp_filesystem_filter; C:\Windows\System32\Drivers\rtp_filesystem_filter.sys [219448 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_filter; C:\WINDOWS\System32\DRIVERS\rtp_filter.sys [358544 2023-08-22] (Avira Operations GmbH -> Avira Operations GmbH)
U5 rtp_process_monitor; C:\Windows\System32\Drivers\rtp_process_monitor.sys [199992 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\WINDOWS\system32\DRIVERS\rtp_traverse.sys [41776 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2021-01-04] (NCH Software Pty Ltd -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49568 2022-12-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [25704 2020-09-10] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [473376 2022-12-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-02] (Microsoft Windows -> Microsoft Corporation)
S4 AndnetBus; \SystemRoot\System32\drivers\lgandnetbus64.sys [X]
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-27 13:17 - 2023-08-27 13:18 - 000000000 ____D C:\FRST
2023-08-26 02:17 - 2023-08-26 02:17 - 000003792 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupVerify
2023-08-25 23:04 - 2023-08-25 23:04 - 000000000 ____D C:\ProgramData\Piriform
2023-08-25 18:56 - 2023-08-25 18:56 - 000001417 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2023-08-25 18:28 - 2023-08-25 18:28 - 000000542 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2023-08-25 17:51 - 2023-08-25 17:51 - 000000000 ____D C:\Program Files\Trend Micro
2023-08-25 17:48 - 2023-08-25 17:50 - 000000000 ____D C:\ProgramData\F-Secure
2023-08-23 16:12 - 2023-08-23 16:12 - 000003888 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Maintenance
2023-08-23 16:12 - 2023-08-23 16:12 - 000003428 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2023-08-23 16:12 - 2023-08-23 16:12 - 000002818 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Systray
2023-08-23 01:57 - 2023-08-23 01:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-08-22 01:51 - 2023-08-22 01:51 - 000046824 ____N (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2023-08-09 23:17 - 2023-08-09 23:17 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
2023-08-09 05:16 - 2023-08-09 05:21 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-27 13:02 - 2022-11-08 00:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-27 12:29 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-27 12:29 - 2019-04-21 15:02 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-27 11:53 - 2022-05-07 08:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-27 08:53 - 2022-05-07 08:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-27 08:53 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-27 00:40 - 2022-11-08 00:45 - 000003308 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{08A9276D-B1DC-4CEA-B75A-723B0FC2B06A}
2023-08-26 23:57 - 2019-09-24 13:41 - 000000000 ____D C:\Users\User\AppData\Roaming\Shareaza
2023-08-26 23:57 - 2019-08-16 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublight
2023-08-26 23:53 - 2022-05-07 08:22 - 000000000 ____D C:\WINDOWS\INF
2023-08-26 23:53 - 2019-12-04 00:08 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2023-08-26 23:52 - 2020-05-28 11:45 - 000000000 ____D C:\Users\User\AppData\Roaming\LG Electronics
2023-08-26 12:36 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\Registration
2023-08-25 23:30 - 2019-04-21 15:02 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-08-25 23:30 - 2019-04-21 15:02 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-08-25 23:06 - 2021-09-20 16:23 - 000000000 ____D C:\Program Files\CCleaner
2023-08-25 23:05 - 2022-11-08 00:45 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-08-25 23:05 - 2021-09-20 16:23 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2023-08-25 23:02 - 2021-11-27 00:31 - 000000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2023-08-25 22:59 - 2022-11-08 00:41 - 000858172 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-25 22:57 - 2020-03-04 12:11 - 000000000 ____D C:\temp
2023-08-25 22:56 - 2022-02-16 11:16 - 000000000 ___RD C:\Users\User\OneDrive - Ben Gurion University of the Negev
2023-08-25 22:55 - 2022-11-08 00:45 - 000003476 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-08-25 22:55 - 2022-11-08 00:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-25 22:55 - 2022-10-01 15:59 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-08-25 22:55 - 2022-02-05 17:04 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-08-25 22:55 - 2019-04-21 15:01 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2023-08-25 22:55 - 2019-04-21 14:50 - 000000000 ____D C:\Intel
2023-08-25 22:54 - 2023-02-19 00:42 - 016478648 _____ C:\WINDOWS\system32\rtp.db
2023-08-25 22:54 - 2022-05-07 08:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-08-25 22:54 - 2019-08-16 17:16 - 000000000 ____D C:\Users\User\AppData\Roaming\Everything
2023-08-25 22:53 - 2019-04-21 14:49 - 000000000 ___SD C:\Users\User\AppData\Roaming\Microsoft\Credentials
2023-08-25 18:27 - 2022-05-07 08:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-08-25 17:44 - 2022-03-26 22:57 - 000001381 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-08-25 17:38 - 2019-05-08 19:51 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Word
2023-08-25 17:38 - 2019-04-22 13:25 - 000000000 ____D C:\Program Files\Opera
2023-08-25 00:04 - 2019-06-28 22:55 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Excel
2023-08-23 23:36 - 2022-11-08 00:45 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1732968123-2954789539-1901243787-1003
2023-08-23 23:36 - 2022-11-08 00:45 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1732968123-2954789539-1901243787-1001
2023-08-23 23:36 - 2022-11-08 00:45 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-08-23 23:36 - 2022-02-03 17:53 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-23 23:36 - 2019-04-21 14:51 - 000000000 ___RD C:\Users\User\OneDrive
2023-08-23 18:56 - 2020-08-22 23:51 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-23 18:56 - 2020-08-22 23:51 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-08-23 16:12 - 2023-01-10 00:16 - 000003476 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2023-08-23 16:12 - 2023-01-10 00:16 - 000001078 _____ C:\Users\Public\Desktop\Avira.lnk
2023-08-23 16:12 - 2023-01-10 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2023-08-23 01:58 - 2019-06-28 12:33 - 000000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2023-08-23 01:58 - 2019-06-28 12:32 - 000000000 ____D C:\Program Files (x86)\Dropbox
2023-08-22 23:57 - 2022-02-15 11:31 - 000000000 ____D C:\Program Files\Microsoft Office
2023-08-22 23:05 - 2023-04-21 04:44 - 000358544 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_filter.sys
2023-08-19 12:04 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-08-16 13:12 - 2022-11-08 00:45 - 000003958 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1555928769
2023-08-16 13:12 - 2019-04-22 13:26 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2023-08-13 21:13 - 2021-12-14 12:26 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2023-08-11 19:07 - 2022-05-07 08:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-08-11 18:50 - 2022-11-08 00:39 - 000546048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-08-11 18:50 - 2022-09-26 21:01 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2023-08-11 18:49 - 2022-05-07 10:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\UUS
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemApps
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-08-11 18:49 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-08-09 16:48 - 2022-02-05 17:27 - 000001899 _____ C:\Users\ranch\Desktop\Google Slides.lnk
2023-08-09 16:48 - 2022-02-05 17:27 - 000001899 _____ C:\Users\ranch\Desktop\Google Sheets.lnk
2023-08-09 16:48 - 2022-02-05 17:27 - 000001887 _____ C:\Users\ranch\Desktop\Google Docs.lnk
2023-08-09 16:48 - 2021-09-28 13:22 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-08-09 16:48 - 2021-09-28 13:22 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2023-08-09 16:48 - 2021-09-28 13:22 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2023-08-09 16:48 - 2021-09-28 13:22 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2023-08-09 05:26 - 2022-11-08 00:42 - 003210752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-08-09 05:14 - 2019-04-21 15:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-08-09 05:08 - 2019-04-21 15:10 - 175983240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-08-02 12:24 - 2022-11-08 00:45 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-08-02 12:24 - 2022-11-08 00:45 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-30 11:55 - 2019-06-28 18:05 - 000000000 ____D C:\Users\User\AppData\Roaming\AgileBits
==================== Files in the root of some directories ========
2021-04-15 20:08 - 2021-04-15 20:08 - 000000060 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2021-04-15 20:08 - 2021-04-15 20:08 - 000000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2021-04-15 20:08 - 2021-04-15 20:08 - 000000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2021-04-15 20:08 - 2021-04-15 20:08 - 000004552 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2021-04-15 19:37 - 2021-04-15 19:37 - 000000096 _____ () C:\Users\User\AppData\Roaming\version2.xml
2022-07-20 15:24 - 2022-07-20 15:24 - 000000716 ____H () C:\Users\User\AppData\Roaming\{BAAE307A-D080-A872-97DA-0692CE837D4E}
2020-03-07 20:14 - 2023-08-25 18:10 - 000000000 _____ () C:\Users\User\AppData\Local\ars.cache
2020-03-07 20:15 - 2023-08-25 18:15 - 000000000 _____ () C:\Users\User\AppData\Local\census.cache
2021-02-15 00:46 - 2023-08-15 05:14 - 000043008 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-03-07 19:20 - 2020-03-07 19:20 - 000000036 _____ () C:\Users\User\AppData\Local\housecall.guid.cache
2020-07-28 17:06 - 2020-08-14 17:28 - 000000811 _____ () C:\Users\User\AppData\Local\MZD-AIO-TI.log
2020-07-30 13:47 - 2020-07-30 13:47 - 000000754 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2020-03-07 19:24 - 2020-03-07 19:42 - 000000010 _____ () C:\Users\User\AppData\Local\sponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Waiting for your instructions.