Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    BORN Ontario child registry data breach affects 3.4 million people

Featured Deal: Get started in AI or make your own with this $19.97 course bundle

Latest Buyer's Guide:    Best VPNs to unblock Stan outside Australia in 2023

Generic User Avatar

windows server 2022, seems like infected with something

Started by bidav , Aug 30 2023 06:00 AM

  • Please log in to reply
4 replies to this topic

#1 bidav

bidav

  • Avatar image
  • Members
  • 32 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 30 August 2023 - 06:00 AM

*admins* this is not the same machine as my other thread, thank you

 

Hi all,

lately the performance on this machine became really sluggish. after it's turned on without reboots for say 3 days, all it's 128gb of ram are being 100% in use while windows task manager says that 80gb are "hardware assigned". after a reboot its better, memory is free but general performance is not the same while not being heavily used at all.

Malwerbytes is the AV in use.

FRST files are attached

Attached Files


BC AdBot (Login to Remove)

 

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Avatar image
  • Bots
  • 13,064 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:24 PM

Posted 04 September 2023 - 06:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/789206 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Avatar image
  • Bots
  • 13,064 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:09:24 PM

Posted 09 September 2023 - 06:10 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Avatar image
  • Moderator
  • 8,285 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:06:24 PM

Posted 22 September 2023 - 07:24 PM

This topic has been re-opened at the request of the person who originally posted.
Boredom Software

#5 bidav

bidav
  • Topic Starter

  • Avatar image
  • Members
  • 32 posts
  • OFFLINE
    •  
  • Local time:09:24 PM

Posted 23 September 2023 - 11:37 AM

new frst scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2023
Ran by Administrator (administrator) on FRESHUK2 (23-09-2023 19:33:08)
Running from C:\Users\Administrator\Downloads\FRST64.exe
Loaded Profiles: yad2 & Administrator & PBIEgwService & SQLTELEMETRY & MSSQLSERVER
Platform: Microsoft Windows Server 2022 Standard Version 21H2 20348.1970 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\FastExecuteScript.exe
() [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\FastExecuteScript.exe
() [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SIDc696ea40\engine\mongod.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe <2>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe <2>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Adobe Crash Processor.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <7>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe <2>
(C:\Program Files\NVIDIA Corporation\nview\nviewMain64.exe ->) (NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\nview\nviewMain.exe
(C:\Program Files\Open Source\MeshCentral\winservice\daemon\meshcentral.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\nodejs\node.exe <3>
(cmd.exe ->) (Python Software Foundation -> Python Software Foundation) D:\downloads\ChatGPTTelegram\pydist\python.exe
(D:\downloads\ChatGPTTelegram\main.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\FastExecuteScript.exe ->) () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\Worker.exe
(D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\Worker.exe ->) (The Chromium Authors) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\worker.exe <5>
(D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\FastExecuteScript.exe ->) () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\Worker.exe <3>
(D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\Worker.exe ->) (The Chromium Authors) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\worker.exe <18>
(explorer.exe ->) () [File not signed] D:\downloads\ChatGPTTelegram\main.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.191.0912.0001\Microsoft.SharePoint.exe
(NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\nview\nviewMain64.exe <2>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (CloudBees, Inc.) [File not signed] C:\Program Files\Open Source\MeshCentral\winservice\daemon\meshcentral.exe
(services.exe ->) (DEVSCOPE - SOLUÇÕES DE SISTEMAS E TECNOLOGIAS DE INFORMAÇÃO, S.A -> ) C:\Program Files\Devscope\PBIRobots\PBIRobots.Agent.ProcessStation.Service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Azure Recovery Services Agent\bin\cbengine.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Azure Recovery Services Agent\bin\OBRecoveryServicesManagementAgent.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Admin Center\sme.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlceip.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) D:\Program Files\On-premises data gateway\Microsoft.PowerBI.EnterpriseGateway.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\Display.NvContainer\NVDisplay.Container.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\NVWMI\nvWmi64.exe <2>
(services.exe ->) (PhaseFive Systems LLC -> Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnect.exe
(services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <3>
(services.exe ->) (Rainer Döpke -> Speed-Soft) C:\Program Files (x86)\Time-Sync\TimeSyncServiceClient.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [113784 2023-04-09] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-09-20] (Adobe Inc. -> Adobe Inc.)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3240025226-2610930385-1699277903-1000\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\tamar\AppData\Local\Microsoft\Teams\Update.exe [2588640 2023-09-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\yad2\AppData\Local\Microsoft\Teams\Update.exe [2587416 2022-12-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\benny\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-80-1835761534-3291552707-3889884660-1303793167-3990676079\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-12] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdmin
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUser
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Lsa: [Notification Packages] rassfm scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2023-03-26]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
Startup: C:\Users\yad2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChatGPTelegram.lnk [2023-07-01]
ShortcutTarget: ChatGPTelegram.lnk -> D:\downloads\ChatGPTTelegram\main.exe () [File not signed]
Startup: C:\Users\yad2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Silent - Shortcut.lnk [2023-04-13]
ShortcutTarget: Silent - Shortcut.lnk -> D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\Silent.exe () [File not signed]
Startup: C:\Users\yad2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SilentTabit - Shortcut.lnk [2023-04-13]
ShortcutTarget: SilentTabit - Shortcut.lnk -> D:\downloads\tabitExportBot\tabitExportBot\SilentTabit.exe () [File not signed]
BootExecute: autocheck autochk /q /v * 
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {DA928F32-8D53-4075-BC76-C6C117FE1DAF} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A7E6F22E-99FF-44ED-92A9-FD04B9282B73} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B884EE4A-E1C6-43EC-85A5-FFBC73FC59B4} - System32\Tasks\GoogleUpdateTaskMachineCore{83733CC4-E87A-4794-9F68-A167CC2A36CF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-16] (Google LLC -> Google LLC)
Task: {CC02596F-1DA7-4DBE-866D-EF57C8CB1A27} - System32\Tasks\GoogleUpdateTaskMachineUA{3EBFF4AC-EF4F-478E-BF1A-870F68C163A7} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-16] (Google LLC -> Google LLC)
Task: {C3AED200-428C-40C5-8008-6E501823620C} - System32\Tasks\Microsoft\AutoUpdateAgent\AutoUpdateAgent Poll => C:\Program Files\Microsoft Azure Recovery Services Agent\bin\AutoUpdateAgent.exe [129424 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {25820F83-40A2-4A44-BBF7-70B02DC79BC4} - System32\Tasks\Microsoft\AutoUpdateAgent\AutoUpdateAgent Status Check => C:\Program Files\Microsoft Azure Recovery Services Agent\bin\AutoUpdateAgent.exe [129424 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2B39C04-4A2C-4436-BDE7-5A01B0A817DC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {C9415E44-79B4-44BB-9E2D-A9CBDCF8C547} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C74CC6D-3595-4738-A877-FC2543EDBC83} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {59B5544C-8DFE-43D5-A387-E7F5032E07FA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2700E55-8914-421F-B8F2-E390D99FB788} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {11C47841-4839-42BA-A0DD-CF4777243924} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4377392 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {F954FB20-7907-48DF-9887-CFB66F943FC8} - System32\Tasks\Microsoft\OnlineBackup\Microsoft-OnlineBackup => C:\Windows\system32\windowspowershell\v1.0\powershell.exe [450560 2023-09-19] (Microsoft Windows -> Microsoft Corporation) -> -command Import-Module MSOnlineBackup; Start-OBBackup -Name "a96fa6dc-f65a-475f-9239-4776cd449b7a
Task: {40EBCF15-C370-417C-8E02-EA99A0222474} - System32\Tasks\Microsoft\OnlineBackup\Microsoft-OnlineBackup-RetryFailedJobs => C:\Windows\system32\windowspowershell\v1.0\powershell.exe [450560 2023-09-19] (Microsoft Windows -> Microsoft Corporation) -> -command Import-Module MSOnlineBackup;[Microsoft.Internal.CloudBackup.Client.Common.CBClientCommon]::RetryFailedJobs()
Task: {5098A7E3-5E45-4EDA-A7DD-4BDA99412CE0} - System32\Tasks\Microsoft\OnlineBackup\Microsoft-OnlineBackup-SystemStateBackup => C:\Windows\system32\windowspowershell\v1.0\powershell.exe [450560 2023-09-19] (Microsoft Windows -> Microsoft Corporation) -> -command Import-Module MSOnlineBackup; Start-OBBackup -Name "1a63366b-b92f-4ba2-98e3-8a84bb610fc4
Task: {CF47F7C6-44AF-4D17-9A5E-6C1E02565958} - System32\Tasks\Microsoft\Windows\Network Controller\SDN Diagnostics Task => C:\Windows\System32\SDNDiagnosticsTask.exe [307200 2023-02-16] (Microsoft Windows -> Microsoft)
Task: {91B1E4F0-8148-4664-8904-EA5D10E49090} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => C:\Windows\system32\rundll32.exe [73728 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {84048B57-AFBE-4B3D-A8EA-F724964476F1} - System32\Tasks\Microsoft\Windows\Server Initial Configuration Task => C:\Windows\system32\srvinitconfig.exe [73728 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
Task: {7EFD047A-8E80-492B-AA8E-DFC30158D60F} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => C:\Windows\system32\cscript.exe [167936 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {243E7C02-BF8F-4E23-8850-E15425668A69} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [114688 2022-12-16] (Microsoft Windows -> Microsoft Corporation)
Task: {6D138ACC-146C-4A3F-A33C-EA5D126F52B0} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => C:\Windows\system32\cmd.exe [331776 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> /d /c %systemroot%\system32\silcollector.cmd publish <==== ATTENTION
Task: {B4BE303F-ADA3-4568-90A4-CEAA61167DBA} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => C:\Windows\system32\cmd.exe [331776 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> /d /c %systemroot%\system32\silcollector.cmd configure <==== ATTENTION
Task: {E22FAE16-B34A-4962-9361-D72EC062D4C7} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [94208 2023-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {E0C349B7-9DDE-4125-BCD0-5383F168D9B1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UUS Failover Task => %systemroot%\system32\failover.exe  (No File)
Task: {C3262AA7-6D51-4466-A998-60F0ABD69A82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {19E60E62-512A-4C82-BBFF-26C280109EC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A2FE1A31-62BE-4F05-87D5-8A543E4BE068} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A184B3C1-1B90-446A-9A75-ABFDC5852418} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F5B6B367-EC13-4F4E-94F1-A3AD937B1563} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [722336 2023-09-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {5FFA5599-756D-4393-8D6A-2BFFF988896B} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
Task: {70CFF774-677F-4BAD-9188-E50C5D9834CA} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [974872 2023-07-14] (NVIDIA Corporation -> )
Task: {FD48ABFA-7F46-4AEA-A562-30562472255C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {56EB485D-FBCD-44FD-8259-0E03F82DF477} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE89EF5C-A760-4C0A-8C48-4FC4BA5074C1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EBC8FB9-84B1-4142-BBD6-7BDD46C132B2} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1003 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D43F1B6-AD99-4061-8F3E-D9E5C470FA2D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {BEA07A1B-D6A3-43FA-AC41-0C256EAF7D73} - System32\Tasks\ShadowCopyVolume{6351c82a-0000-0000-007e-000000000000} => C:\Windows\system32\vssadmin.exe [163840 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> Create Shadow /AutoRetry=15 /For=\\?\Volume{6351c82a-0000-0000-007e-000000000000}\
Task: {A1C5FE13-D103-463B-9EE0-E27B1E13D26E} - System32\Tasks\ShadowCopyVolume{b00757b2-7d71-451c-9d00-1559d4b61cd9} => C:\Windows\system32\vssadmin.exe [163840 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> Create Shadow /AutoRetry=15 /For=\\?\Volume{b00757b2-7d71-451c-9d00-1559d4b61cd9}\
Task: {547DEFD4-D965-4C8A-A901-BB25A615F36A} - System32\Tasks\Yad2 => D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\Silent.exe [601600 2021-10-09] () [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\ShadowCopyVolume{6351c82a-0000-0000-007e-000000000000}.job => C:\Windows\system32\vssadmin.exe
Task: C:\Windows\Tasks\ShadowCopyVolume{b00757b2-7d71-451c-9d00-1559d4b61cd9}.job => C:\Windows\system32\vssadmin.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 15 C:\Windows\SysWOW64\vsocklib.dll [26512 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\vsocklib.dll [26512 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [31120 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [31120 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Tcpip\..\Interfaces\{e8ee854c-ca4e-4c33-adb4-cb673218c123}: [NameServer] 8.8.8.8,4.4.4.4
ManualProxies: 1http=127.0.0.1:60322;https=127.0.0.1:60322;socks=127.0.0.1:60321 <==== ATTENTION
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-15]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2023-06-14]
Edge Extension: (Freshmarketer-A/B Testing & Heatmap Software) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnkifneleaknlodbdncgnpbdffngdgjo [2023-04-24]
Edge Extension: (McAfee® WebAdvisor) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2023-06-14]
Edge Extension: (VWO) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gllemfmjnjodckfckbikkajnblcdfihd [2023-04-24]
Edge Extension: (Cisco Webex Extension) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2023-04-24]
Edge Extension: (Edge relevant text changes) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-14]
Edge Extension: (Video Downloader by ODM) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opjjpmhoiojifppkkcdabiobhakljdgm [2023-04-24]
Edge Extension: (Visual Tagger Extension) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pejbgeckhkmcjnijdhmpjgcbnogmmcef [2023-04-24]
 
FireFox:
========
FF DefaultProfile: lkycfrm1.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lkycfrm1.default [2023-06-25]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release [2023-09-21]
FF Extension: (English (US) Dictionary) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release\Extensions\en-US-mozilla@dictionaries.addons.mozilla.org.xpi [2023-06-25]
FF Extension: (Language: English (US)) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2023-09-19]
FF Extension: (Language: עברית (Hebrew)) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release\Extensions\langpack-he@firefox.mozilla.org.xpi [2023-09-20]
FF Extension: (SmartProxy) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release\Extensions\smartproxy@salarcode.com.xpi [2023-07-19]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-09-20] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-09-20] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2023-08-06]
CHR DownloadDir: D:\downloads
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-16]
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-11]
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-09-03]
CHR Notifications: Profile 1 -> hxxp://127.0.0.1; hxxps://127.0.0.1; hxxps://freshuk2
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-02-14]
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-03]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [4040776 2023-09-06] (philandro Software GmbH -> AnyDesk Software GmbH)
R2 AzureAttestService; C:\Program Files\Microsoft\AzureAttestService\AzureAttestService.dll [152312 2019-08-20] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncHelper.exe [3513264 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnect.exe [154032 2023-05-02] (PhaseFive Systems LLC -> Phase Five Systems)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [253952 2022-12-16] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-09-11] (Malwarebytes Inc. -> Malwarebytes)
R2 meshcentral.exe; C:\Program Files\Open Source\MeshCentral\winservice\daemon\meshcentral.exe [36352 2023-04-16] (CloudBees, Inc.) [File not signed]
R2 MSSQLSERVER; d:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [722848 2023-01-23] (Microsoft Corporation -> Microsoft Corporation)
R2 NVWMI; C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\NVWMI\nvWmi64.exe [4513320 2023-07-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 obengine; C:\Program Files\Microsoft Azure Recovery Services Agent\bin\cbengine.exe [27552 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [45384 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.191.0912.0001\OneDriveUpdaterService.exe [3850144 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 PBIEgwService; D:\Program Files\On-premises data gateway\Microsoft.PowerBI.EnterpriseGateway.exe [127984 2023-06-13] (Microsoft Corporation -> Microsoft)
R2 PBIRobots.Agent.ProcessStation.Service.exe; C:\Program Files\Devscope\PBIRobots\PBIRobots.Agent.ProcessStation.Service.exe [127832 2023-02-06] (DEVSCOPE - SOLUÇÕES DE SISTEMAS E TECNOLOGIAS DE INFORMAÇÃO, S.A -> )
R2 RecoveryServicesManagementAgent; C:\Program Files\Microsoft Azure Recovery Services Agent\bin\OBRecoveryServicesManagementAgent.exe [31136 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [143360 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [104448 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
R3 sacsvr; C:\Windows\system32\sacsvr.dll [40960 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402368 2023-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ServerManagementGateway; C:\Program Files\Windows Admin Center\sme.exe [16264 2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
S3 ServerManagementGatewayAccount; C:\Program Files\Windows Admin Center\smea.exe [62904 2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
R2 ServiceTimeSyncClient; C:\Program Files (x86)\Time-Sync\TimeSyncServiceClient.exe [1703984 2023-01-28] (Rainer Döpke -> Speed-Soft)
S3 SQLSERVERAGENT; d:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [726952 2023-01-23] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY; d:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [300968 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
R2 TermServLicensing; C:\Windows\System32\lserver.dll [1019904 2023-09-19] (Microsoft Windows -> Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [368640 2023-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64632 2023-04-09] (VMware, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ASTGRP; C:\Windows\System32\drivers\astkmd.sys [151416 2018-10-07] (Microsoft Windows Hardware Compatibility Publisher -> ASPEED Technology Inc.)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2279248 2021-05-08] (Microsoft Windows -> QLogic Corporation)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2279248 2021-05-08] (Microsoft Windows -> QLogic Corporation)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [285008 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [546640 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [758584 2021-05-08] (Microsoft Windows -> Emulex)
S0 elxstor; C:\Windows\System32\drivers\elxstor.sys [949560 2021-05-08] (Microsoft Windows -> Broadcom)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 FancyCcV; C:\Windows\System32\DRIVERS\rxfcv.sys [169048 2023-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Romex Software)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [199640 2023-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-09-22] (Malwarebytes Inc. -> Malwarebytes)
S3 MsLbfoProvider; C:\Windows\System32\drivers\MsLbfoProvider.sys [147456 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [78376 2023-04-27] (Insecure.Com LLC -> Insecure.Com LLC.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S0 qebdrv; C:\Windows\System32\drivers\qevbda.sys [2231120 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 qefcoe; C:\Windows\System32\drivers\qefcoe.sys [270160 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 qeois; C:\Windows\System32\drivers\qeois.sys [673592 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1703760 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475472 2021-05-08] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300304 2021-05-08] (Microsoft Windows -> QLogic Corporation)
R3 RasGre; C:\Windows\System32\drivers\rasgre.sys [77824 2022-12-16] (Microsoft Windows -> Microsoft Corporation)
S4 RsFx0700; C:\Windows\System32\DRIVERS\RsFx0700.sys [298392 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
R0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [131400 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
R0 secnvme; C:\Windows\System32\drivers\secnvme.sys [133944 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R2 TSFairShare; C:\Windows\System32\drivers\TSFairShare.sys [106496 2022-12-16] (Microsoft Windows -> Microsoft Corporation)
S3 tsvip; C:\Windows\System32\drivers\tsvip.sys [77824 2023-09-19] (Microsoft Windows -> )
S3 tsvip; C:\Windows\SysWOW64\drivers\tsvip.sys [36864 2023-09-19] (Microsoft Windows -> )
R2 UnionFS; C:\Windows\system32\drivers\UnionFS.sys [513360 2023-08-20] (Microsoft Windows -> Microsoft Corporation)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [254616 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [60344 2022-11-16] (VMware, Inc. -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31128 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53656 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [103672 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-23 05:15 - 2023-09-23 05:15 - 000074108 _____ C:\Users\yad2\AppData\Local\Temp\wct8A87.tmp
2023-09-23 04:30 - 2023-09-23 04:30 - 000074108 _____ C:\Users\yad2\AppData\Local\Temp\wct5297.tmp
2023-09-23 04:30 - 2023-09-23 04:30 - 000074108 _____ C:\Users\Administrator\AppData\Local\Temp\wct5297.tmp
2023-09-22 16:03 - 2023-09-23 19:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\4
2023-09-22 16:03 - 2023-09-22 16:03 - 000000000 ____D C:\Users\yad2\AppData\LocalLow\Adobe
2023-09-22 16:02 - 2023-09-23 19:35 - 000000000 ____D C:\Users\yad2\AppData\Local\Temp\1
2023-09-22 16:02 - 2023-09-22 16:02 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-09-22 15:30 - 2023-09-22 15:30 - 000000000 ____D C:\Users\yad2\AppData\Local\Temp\mbam
2023-09-22 04:30 - 2023-09-22 04:30 - 000074103 _____ C:\Users\yad2\AppData\Local\Temp\wct8CD9.tmp
2023-09-22 04:30 - 2023-09-22 04:30 - 000074103 _____ C:\Users\tamar\AppData\Local\Temp\wct87E8.tmp
2023-09-22 04:30 - 2023-09-22 04:30 - 000074103 _____ C:\Users\Administrator\AppData\Local\Temp\wct8846.tmp
2023-09-22 03:25 - 2023-09-22 03:25 - 000074102 _____ C:\Users\yad2\AppData\Local\Temp\wctB6F3.tmp
2023-09-21 17:55 - 2023-09-21 17:55 - 000074101 _____ C:\Users\yad2\AppData\Local\Temp\wctEA92.tmp
2023-09-21 15:14 - 2023-09-21 15:14 - 004229097 _____ C:\Users\tamar\Downloads\roy1 copy.psd
2023-09-21 14:21 - 2023-09-21 14:21 - 004123921 _____ C:\Users\tamar\Downloads\roy12.psd
2023-09-21 13:51 - 2023-09-21 13:51 - 003734893 _____ C:\Users\tamar\Downloads\roy1.psd
2023-09-21 04:30 - 2023-09-21 04:30 - 000074101 _____ C:\Users\Administrator\AppData\Local\Temp\wct335A.tmp
2023-09-21 04:25 - 2023-09-21 04:25 - 000074101 _____ C:\Users\yad2\AppData\Local\Temp\wct37CF.tmp
2023-09-21 03:30 - 2023-09-21 03:30 - 000074068 _____ C:\Users\yad2\AppData\Local\Temp\wct60CE.tmp
2023-09-20 19:13 - 2023-09-20 19:13 - 000003459 _____ C:\Users\yad2\AppData\Local\Temp\wctAAC2.tmp
2023-09-20 19:13 - 2023-09-20 19:13 - 000003459 _____ C:\Users\yad2\AppData\Local\Temp\wct45B5.tmp
2023-09-20 11:38 - 2023-09-20 11:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\{E26AAC90-A867-4D7C-A195-661505907DD6}
2023-09-20 11:35 - 2023-09-20 11:35 - 000000000 ____D C:\Users\yad2\AppData\Local\Temp\Adobe
2023-09-20 06:50 - 2023-09-20 06:50 - 000074058 _____ C:\Users\yad2\AppData\Local\Temp\wctEFA8.tmp
2023-09-20 06:10 - 2023-09-20 06:10 - 000074058 _____ C:\Users\yad2\AppData\Local\Temp\wct2E54.tmp
2023-09-19 23:42 - 2023-09-19 23:42 - 000000327 _____ C:\Users\Administrator\AppData\Local\Temp\tmp6B07.tmp
2023-09-19 18:10 - 2023-09-19 18:10 - 000074087 _____ C:\Users\yad2\AppData\Local\Temp\wct8338.tmp
2023-09-19 13:14 - 2023-09-19 13:14 - 001408871 _____ C:\Users\yad2\Downloads\VMMap.zip
2023-09-19 13:08 - 2023-09-19 13:08 - 000687327 _____ C:\Users\yad2\Downloads\RAMMap.zip
2023-09-19 12:46 - 2023-09-19 12:46 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog
2023-09-19 12:46 - 2023-09-19 12:46 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2023-09-19 12:46 - 2023-09-19 12:46 - 000000000 ____D C:\Windows\system32\Npcap
2023-09-19 12:46 - 2023-09-19 12:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\waf_fileupload
2023-09-19 12:23 - 2023-09-19 12:35 - 276921920 _____ (Zoho Corporation Pvt. Ltd.) C:\Users\Administrator\Downloads\ManageEngine_OpManager_Free_64bit.exe
2023-09-19 12:19 - 2023-09-19 12:19 - 000687327 _____ C:\Users\Administrator\Downloads\RAMMap.zip
2023-09-19 12:19 - 2023-09-19 12:19 - 000000000 ____D C:\Users\Administrator\Downloads\RAMMap
2023-09-19 12:00 - 2023-09-19 12:00 - 000000000 ___HD C:\$WinREAgent
2023-09-19 11:25 - 2023-09-19 11:25 - 000074087 _____ C:\Users\tamar\AppData\Local\Temp\wct35E3.tmp
2023-09-19 06:05 - 2023-09-19 06:05 - 000074087 _____ C:\Users\yad2\AppData\Local\Temp\wct23F5.tmp
2023-09-19 06:05 - 2023-09-19 06:05 - 000074087 _____ C:\Users\tamar\AppData\Local\Temp\wct1D3E.tmp
2023-09-19 06:05 - 2023-09-19 06:05 - 000074087 _____ C:\Users\Administrator\AppData\Local\Temp\wct22DB.tmp
2023-09-19 05:10 - 2023-09-19 05:10 - 000074087 _____ C:\Users\yad2\AppData\Local\Temp\wctE862.tmp
2023-09-19 05:10 - 2023-09-19 05:10 - 000074087 _____ C:\Users\yad2\AppData\Local\Temp\wct64F1.tmp
2023-09-19 02:59 - 2023-09-19 02:59 - 000002619 _____ C:\Users\yad2\AppData\Local\Temp\wctD890.tmp
2023-09-19 02:59 - 2023-09-19 02:59 - 000002619 _____ C:\Users\yad2\AppData\Local\Temp\wct417B.tmp
2023-09-18 18:20 - 2023-09-18 18:20 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct2A42.tmp
2023-09-18 11:05 - 2023-09-18 11:05 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wctDC7D.tmp
2023-09-18 06:05 - 2023-09-18 06:05 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct6497.tmp
2023-09-18 06:05 - 2023-09-18 06:05 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wct568D.tmp
2023-09-18 06:05 - 2023-09-18 06:05 - 000074468 _____ C:\Users\Administrator\AppData\Local\Temp\wct5F38.tmp
2023-09-18 05:05 - 2023-09-18 05:05 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct90C6.tmp
2023-09-17 18:20 - 2023-09-17 18:20 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wctD1A9.tmp
2023-09-17 11:20 - 2023-09-17 11:20 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wct8348.tmp
2023-09-17 06:05 - 2023-09-17 06:05 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wctF6.tmp
2023-09-17 06:05 - 2023-09-17 06:05 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wctFFFC.tmp
2023-09-17 06:05 - 2023-09-17 06:05 - 000074468 _____ C:\Users\Administrator\AppData\Local\Temp\wct4BF.tmp
2023-09-17 05:05 - 2023-09-17 05:05 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct39D6.tmp
2023-09-16 18:20 - 2023-09-16 18:20 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct77B8.tmp
2023-09-16 11:20 - 2023-09-16 11:20 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wct2A43.tmp
2023-09-16 06:10 - 2023-09-16 06:10 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wctAED9.tmp
2023-09-16 06:10 - 2023-09-16 06:10 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wctAA36.tmp
2023-09-16 06:10 - 2023-09-16 06:10 - 000074468 _____ C:\Users\Administrator\AppData\Local\Temp\wctAEE9.tmp
2023-09-16 05:10 - 2023-09-16 05:10 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wctE0A4.tmp
2023-09-15 11:20 - 2023-09-15 11:20 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wctD19B.tmp
2023-09-15 06:10 - 2023-09-15 06:10 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wct5395.tmp
2023-09-15 06:10 - 2023-09-15 06:10 - 000074458 _____ C:\Users\Administrator\AppData\Local\Temp\wct5848.tmp
2023-09-15 03:45 - 2023-09-15 03:45 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wct4071.tmp
2023-09-15 03:45 - 2023-09-15 03:45 - 000074458 _____ C:\Users\Administrator\AppData\Local\Temp\wct47D4.tmp
2023-09-14 11:25 - 2023-09-14 11:25 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wct7473.tmp
2023-09-14 03:45 - 2023-09-14 03:45 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wctED99.tmp
2023-09-14 03:45 - 2023-09-14 03:45 - 000074458 _____ C:\Users\Administrator\AppData\Local\Temp\wctF1FE.tmp
2023-09-13 11:20 - 2023-09-13 11:20 - 000074425 _____ C:\Users\tamar\AppData\Local\Temp\wctEE0.tmp
2023-09-13 03:30 - 2023-09-13 03:30 - 000074425 _____ C:\Users\tamar\AppData\Local\Temp\wct2BC.tmp
2023-09-13 03:30 - 2023-09-13 03:30 - 000074425 _____ C:\Users\Administrator\AppData\Local\Temp\wct2BC.tmp
2023-09-12 11:25 - 2023-09-12 11:25 - 000074419 _____ C:\Users\tamar\AppData\Local\Temp\wct99E6.tmp
2023-09-12 03:30 - 2023-09-12 03:30 - 000074419 _____ C:\Users\tamar\AppData\Local\Temp\wctB86F.tmp
2023-09-12 03:30 - 2023-09-12 03:30 - 000074419 _____ C:\Users\Administrator\AppData\Local\Temp\wctB86F.tmp
2023-09-11 11:25 - 2023-09-11 11:25 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct377B.tmp
2023-09-11 03:30 - 2023-09-11 03:30 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct52FA.tmp
2023-09-11 03:30 - 2023-09-11 03:30 - 000078176 _____ C:\Users\Administrator\AppData\Local\Temp\wct55B9.tmp
2023-09-10 11:20 - 2023-09-10 11:20 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctDA9D.tmp
2023-09-10 03:30 - 2023-09-10 03:30 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctFC1A.tmp
2023-09-10 03:30 - 2023-09-10 03:30 - 000078176 _____ C:\Users\Administrator\AppData\Local\Temp\wct707.tmp
2023-09-09 11:25 - 2023-09-09 11:25 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct8178.tmp
2023-09-09 03:50 - 2023-09-09 03:50 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctF5E7.tmp
2023-09-09 03:30 - 2023-09-09 03:30 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctA663.tmp
2023-09-09 03:30 - 2023-09-09 03:30 - 000078176 _____ C:\Users\Administrator\AppData\Local\Temp\wctA942.tmp
2023-09-08 11:20 - 2023-09-08 11:20 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct27B7.tmp
2023-09-08 05:10 - 2023-09-08 05:10 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct2194.tmp
2023-09-08 03:30 - 2023-09-08 03:30 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct4F84.tmp
2023-09-08 03:30 - 2023-09-08 03:30 - 000078176 _____ C:\Users\Administrator\AppData\Local\Temp\wct5233.tmp
2023-09-07 11:20 - 2023-09-07 11:20 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctCE73.tmp
2023-09-07 03:30 - 2023-09-07 03:30 - 000078171 _____ C:\Users\tamar\AppData\Local\Temp\wctFB35.tmp
2023-09-07 03:30 - 2023-09-07 03:30 - 000078171 _____ C:\Users\Administrator\AppData\Local\Temp\wctFBD1.tmp
2023-09-07 01:35 - 2023-09-07 01:35 - 000078171 _____ C:\Users\tamar\AppData\Local\Temp\wctFD9.tmp
2023-09-07 01:35 - 2023-09-07 01:35 - 000078171 _____ C:\Users\Administrator\AppData\Local\Temp\wct12E7.tmp
2023-09-06 09:09 - 2023-09-20 11:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Word
2023-09-06 09:09 - 2023-09-06 09:09 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Proof
2023-09-06 01:35 - 2023-09-06 01:35 - 000078171 _____ C:\Users\tamar\AppData\Local\Temp\wctC118.tmp
2023-09-06 01:35 - 2023-09-06 01:35 - 000078171 _____ C:\Users\Administrator\AppData\Local\Temp\wctC118.tmp
2023-09-04 11:39 - 2023-09-04 11:38 - 000058659 _____ C:\Users\Administrator\Desktop\WhatsApp Image 2023-09-03 at 22.29.19.jpeg
2023-09-04 09:17 - 2023-09-04 09:17 - 000006385 _____ C:\Users\yad2\Downloads\Webshare 150 proxies (1).txt
2023-09-03 16:17 - 2023-09-03 16:17 - 000004298 __RSH C:\ProgramData\ntuser.pol
2023-09-03 13:21 - 2023-09-18 12:18 - 000000000 ____D C:\Users\yad2\Desktop\proxies
2023-09-03 12:26 - 2023-09-03 12:26 - 015111157 _____ C:\Users\Administrator\Desktop\1.pdf
2023-09-03 12:18 - 2023-09-03 12:25 - 015106599 _____ C:\Users\Administrator\Desktop\doc00445620230903111840.pdf
2023-09-03 09:48 - 2023-09-22 16:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-30 14:07 - 2023-08-30 14:08 - 616478828 _____ C:\Users\Administrator\Downloads\AMD_VGA(v21.30.02.210727a_0827).zip
2023-08-30 14:07 - 2023-08-30 14:07 - 052771519 _____ C:\Users\Administrator\Downloads\Chipset(v3.10.22.706).zip
2023-08-30 14:07 - 2023-08-30 14:07 - 001050514 _____ C:\Users\Administrator\Downloads\ASPEED_VGA(v1.10.01).zip
2023-08-30 14:07 - 2023-08-30 14:07 - 000369685 _____ C:\Users\Administrator\Downloads\AM4_SATA_Floppy_CC(v9.3.0.296).zip
2023-08-30 13:54 - 2023-09-23 19:32 - 000000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wctF76.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wctC37E.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wctBA0E.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wct7402.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wct6F2A.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wct1184.tmp
2023-08-30 03:00 - 2023-08-30 03:00 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wctB52A.tmp
2023-08-29 19:03 - 2023-08-29 19:03 - 000000000 _____ C:\Users\Administrator\AppData\Local\Temp\{384836B7-2C0A-49D8-88CE-B5A70009B431} - OProcSessId.dat
2023-08-29 14:55 - 2023-08-29 14:55 - 000078148 _____ C:\Users\tamar\AppData\Local\Temp\wctC6D4.tmp
2023-08-29 03:10 - 2023-08-29 03:10 - 000078143 _____ C:\Users\tamar\AppData\Local\Temp\wct1E88.tmp
2023-08-29 03:10 - 2023-08-29 03:10 - 000078143 _____ C:\Users\Administrator\AppData\Local\Temp\wct2389.tmp
2023-08-28 14:55 - 2023-08-28 14:55 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wct6EC8.tmp
2023-08-28 03:10 - 2023-08-28 03:10 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wct732F.tmp
2023-08-28 03:10 - 2023-08-28 03:10 - 000078142 _____ C:\Users\Administrator\AppData\Local\Temp\wct734F.tmp
2023-08-27 14:55 - 2023-08-27 14:55 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wct166E.tmp
2023-08-27 03:10 - 2023-08-27 03:10 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wct1D79.tmp
2023-08-27 03:10 - 2023-08-27 03:10 - 000078142 _____ C:\Users\Administrator\AppData\Local\Temp\wct1DC7.tmp
2023-08-26 14:55 - 2023-08-26 14:55 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wctBDA7.tmp
2023-08-26 03:10 - 2023-08-26 03:10 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wctC7C2.tmp
2023-08-26 03:10 - 2023-08-26 03:10 - 000078142 _____ C:\Users\Administrator\AppData\Local\Temp\wctC830.tmp
2023-08-25 14:55 - 2023-08-25 14:55 - 000078109 _____ C:\Users\tamar\AppData\Local\Temp\wct64F0.tmp
2023-08-25 03:10 - 2023-08-25 03:10 - 000078109 _____ C:\Users\tamar\AppData\Local\Temp\wct72A8.tmp
2023-08-25 03:10 - 2023-08-25 03:10 - 000078109 _____ C:\Users\Administrator\AppData\Local\Temp\wct7306.tmp
2023-08-24 14:55 - 2023-08-24 14:55 - 000078099 _____ C:\Users\tamar\AppData\Local\Temp\wctCB6.tmp
2023-08-24 03:10 - 2023-08-24 03:10 - 000078099 _____ C:\Users\tamar\AppData\Local\Temp\wct1B7A.tmp
2023-08-24 03:10 - 2023-08-24 03:10 - 000078099 _____ C:\Users\Administrator\AppData\Local\Temp\wct1BE8.tmp
2023-08-24 01:55 - 2023-08-24 01:55 - 000078099 _____ C:\Users\tamar\AppData\Local\Temp\wct75ED.tmp
2023-08-24 01:55 - 2023-08-24 01:55 - 000078099 _____ C:\Users\Administrator\AppData\Local\Temp\wct761C.tmp
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-09-23 19:34 - 2023-08-20 14:50 - 000043130 _____ C:\Users\Administrator\Downloads\FRST.txt
2023-09-23 19:33 - 2023-08-20 14:50 - 000000000 ____D C:\FRST
2023-09-23 19:32 - 2023-08-20 14:39 - 002382848 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2023-09-23 19:22 - 2022-12-16 07:36 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-23 19:22 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\SystemTemp
2023-09-23 16:01 - 2023-07-11 13:56 - 000000468 _____ C:\Users\Administrator\AppData\Local\Temp\InterOP_CCD_Logs.txt
2023-09-23 16:01 - 2022-12-16 07:50 - 000000000 ____D C:\Program Files\Adobe
2023-09-23 14:31 - 2023-03-23 18:09 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-09-23 05:18 - 2023-08-16 16:47 - 000000053 _____ C:\Users\yad2\AppData\Local\Temp\.ses
2023-09-23 04:33 - 2022-12-16 05:25 - 000000053 _____ C:\Users\Administrator\AppData\Local\Temp\.ses
2023-09-23 04:02 - 2021-05-08 11:20 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-22 16:41 - 2021-05-08 11:06 - 000000000 ____D C:\Windows\CbsTemp
2023-09-22 16:36 - 2022-12-15 13:47 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Excel
2023-09-22 16:06 - 2022-12-16 03:49 - 001027444 _____ C:\Windows\system32\PerfStringBackup.INI
2023-09-22 16:06 - 2021-05-08 11:18 - 000000000 ____D C:\Windows\INF
2023-09-22 16:03 - 2022-12-16 09:13 - 000000000 ___RD C:\Users\yad2\OneDrive
2023-09-22 16:03 - 2022-12-16 07:53 - 000000000 ___RD C:\Users\Administrator\Creative Cloud Files
2023-09-22 16:03 - 2022-12-16 06:52 - 000000000 ____D C:\ProgramData\NVIDIA
2023-09-22 16:03 - 2022-12-16 03:51 - 000000000 ____D C:\Users\Administrator
2023-09-22 16:03 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\ServiceState
2023-09-22 16:02 - 2023-06-25 12:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-22 16:02 - 2023-03-29 10:59 - 000000000 ____D C:\ProgramData\VMware
2023-09-22 16:02 - 2022-12-16 13:38 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-22 16:02 - 2022-12-16 08:01 - 000000000 ____D C:\Windows\system32\lserver
2023-09-22 16:02 - 2022-12-16 03:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-22 16:00 - 2021-05-08 11:06 - 000131072 _____ C:\Windows\system32\config\BBI
2023-09-22 15:59 - 2023-04-04 15:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VMware
2023-09-21 13:47 - 2023-06-25 12:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-21 13:42 - 2022-12-15 13:40 - 000000000 ____D C:\Users\tamar\AppData\Roaming\Microsoft\Teams
2023-09-21 12:59 - 2022-12-22 12:47 - 000000000 ___RD C:\Users\tamar\Creative Cloud Files
2023-09-21 12:59 - 2022-12-15 13:40 - 000000000 ____D C:\Users\tamar
2023-09-21 11:36 - 2022-12-16 09:13 - 000000000 ____D C:\Users\yad2\AppData\Roaming\Adobe
2023-09-21 11:36 - 2022-12-16 08:05 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2023.lnk
2023-09-21 11:36 - 2022-12-16 07:50 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-09-21 06:28 - 2022-12-16 03:45 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-21 06:28 - 2021-05-08 11:20 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-21 06:28 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\AppReadiness
2023-09-21 03:33 - 2023-03-27 08:57 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1003
2023-09-21 03:33 - 2022-12-16 09:14 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1001
2023-09-21 03:33 - 2022-12-15 13:40 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1000
2023-09-21 03:33 - 2022-12-15 13:33 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-500
2023-09-21 03:33 - 2022-12-15 13:33 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-21 03:33 - 2022-12-15 13:33 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-20 11:39 - 2023-03-30 14:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2023-09-20 11:37 - 2022-12-16 07:50 - 000001310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2023-09-20 11:37 - 2022-12-16 07:50 - 000001280 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2023-09-20 11:37 - 2022-12-16 07:50 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-09-20 11:35 - 2023-06-25 12:17 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-20 11:35 - 2022-12-16 09:14 - 000000000 ____D C:\Users\yad2\AppData\Roaming\com.adobe.dunamis
2023-09-19 23:48 - 2022-12-16 09:13 - 000000000 ____D C:\Users\yad2
2023-09-19 23:47 - 2023-05-04 14:50 - 000000000 ____D C:\Program Files\Npcap
2023-09-19 23:46 - 2022-12-16 03:37 - 000511800 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-19 23:46 - 2022-12-15 13:31 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-19 23:43 - 2021-05-08 12:39 - 000000000 ___SD C:\Windows\system32\AppV
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\SystemResources
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\system32\setup
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\system32\oobe
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-09-19 12:50 - 2022-12-16 03:37 - 000000000 ____D C:\Windows\ServiceProfiles
2023-09-19 12:46 - 2022-12-16 05:34 - 000000000 ____D C:\ProgramData\Package Cache
2023-09-19 12:41 - 2022-12-16 03:54 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\MMC
2023-09-19 12:06 - 2022-12-16 03:47 - 002993152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-19 12:00 - 2022-12-16 05:28 - 000000000 ____D C:\Windows\system32\MRT
2023-09-19 11:57 - 2022-12-16 05:28 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-19 05:14 - 2023-01-11 09:56 - 000000053 _____ C:\Users\tamar\AppData\Local\Temp\.ses
2023-09-19 04:17 - 2022-12-16 07:36 - 000003820 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{3EBFF4AC-EF4F-478E-BF1A-870F68C163A7}
2023-09-19 04:17 - 2022-12-16 07:36 - 000003696 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{83733CC4-E87A-4794-9F68-A167CC2A36CF}
2023-09-15 20:53 - 2022-12-15 13:40 - 000002368 _____ C:\Users\tamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2023-09-12 23:17 - 2022-12-16 07:36 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-12 23:17 - 2022-12-16 07:36 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-11 14:01 - 2023-07-29 07:31 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-09-11 14:01 - 2023-03-23 18:11 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2023-09-11 11:32 - 2023-05-07 10:30 - 000222272 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2023-09-09 20:21 - 2023-06-27 22:35 - 000000000 ____D C:\Users\tamar\AppData\Local\Temp\CreativeCloud
2023-09-06 21:48 - 2023-03-26 09:03 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2023-09-04 08:55 - 2022-12-16 16:33 - 000435517 _____ C:\Users\yad2\Documents\tabit_export_xls.xml
2023-09-03 21:15 - 2022-12-18 15:37 - 000002850 _____ C:\Users\yad2\Documents\alla.aviv@gmail.com.txt
2023-09-03 16:19 - 2023-07-13 07:23 - 001569386 _____ C:\Users\yad2\Documents\yad2.co.il_alert_api_db.xml
2023-08-31 19:26 - 2022-12-16 03:37 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-30 16:37 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\LiveKernelReports
2023-08-30 13:57 - 2023-08-20 14:54 - 000062759 _____ C:\Users\Administrator\Downloads\Addition.txt
2023-08-29 19:15 - 2022-12-16 03:37 - 000012288 ___SH C:\DumpStack.log.tmp
2023-08-29 19:02 - 2023-08-21 11:43 - 000000000 ____D C:\Users\tamar\AppData\Local\Temp\2
2023-08-29 18:56 - 2023-04-24 14:28 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2023-08-27 13:42 - 2022-12-16 07:51 - 000000059 _____ C:\Users\Administrator\AppData\Local\Temp\crash_repo_pref.txt
2023-08-27 13:29 - 2022-12-25 16:59 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
 
==================== Files in the root of some directories ========
 
2023-04-16 09:49 - 2023-03-28 03:09 - 006166960 _____ (Cloud Software Group, Inc.) C:\Program Files (x86)\ClnD190.tmp
2022-12-15 15:02 - 2022-12-15 15:02 - 000000114 _____ () C:\Users\Administrator\AppData\Roaming\pmj4wc3x.fgn.vbs
2022-12-15 15:02 - 2022-12-15 15:02 - 000000133 _____ () C:\Users\Administrator\AppData\Roaming\tvzf4y2k.cuy.url
2023-03-27 09:04 - 2023-03-27 09:04 - 000000000 _____ () C:\Users\Administrator\AppData\Local\oobelibMkey.log
2022-12-16 07:52 - 2023-09-19 22:50 - 000007616 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
 
==================== FCheck ================================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
FCheck: C:\Windows\system32\vmcompute.exe [2023-06-27] <==== ATTENTION (zero byte File/Folder)
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2023-09-18 04:21
==================== End of FRST.txt ========================

and new addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by Administrator (23-09-2023 19:36:12)
Running from C:\Users\Administrator\Downloads
Microsoft Windows Server 2022 Standard Version 21H2 20348.1970 (X64) (2022-12-16 00:49:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3240025226-2610930385-1699277903-500 - Administrator - Enabled) => C:\Users\Administrator
benny (S-1-5-21-3240025226-2610930385-1699277903-1003 - Limited - Enabled) => C:\Users\benny
DefaultAccount (S-1-5-21-3240025226-2610930385-1699277903-503 - Limited - Disabled)
Guest (S-1-5-21-3240025226-2610930385-1699277903-501 - Limited - Disabled)
tamar (S-1-5-21-3240025226-2610930385-1699277903-1000 - Limited - Enabled) => C:\Users\tamar
WDAGUtilityAccount (S-1-5-21-3240025226-2610930385-1699277903-504 - Limited - Disabled)
yad2 (S-1-5-21-3240025226-2610930385-1699277903-1001 - Limited - Enabled) => C:\Users\yad2
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe After Effects 2023 (HKLM-x32\...\AEFT_23_6) (Version: 23.6 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.0.0.571 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.)
Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_9) (Version: 27.9 - Adobe Inc.)
Adobe Media Encoder 2023 (HKLM-x32\...\AME_23_6) (Version: 23.6 - Adobe Inc.)
Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_7) (Version: 24.7.0.643 - Adobe Inc.)
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.1.16 - AnyDesk Software GmbH)
asrrmgmttool v2.6.0 (HKLM-x32\...\{53ACA7A9-C692-4A79-8E74-34FEC358749C}_is1) (Version: 2.6.0 - ASRockRack Inc.)
Browser for SQL Server 2022 (HKLM-x32\...\{FDB357D5-CC78-480A-8D26-C15D1A877642}) (Version: 16.0.1000.6 - Microsoft Corporation)
BrowserAutomationStudio (HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\BrowserAutomationStudio) (Version: 24.3.1.0 - BrowserAutomationStudio)
Burp Suite Professional 2023.4.3 (HKLM\...\7318-9294-3757-1226) (Version: 2023.4.3 - PortSwigger Web Security)
CPUID CPU-Z 2.03 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.03 - CPUID, Inc.)
GatewayComponents (HKLM\...\{41C6C666-5B47-430F-9784-83C78094E54C}) (Version: 15.178.9 - Microsoft Corporation) Hidden
GDR 1050 for SQL Server 2022 (KB5021522) (64-bit) (HKLM\...\KB5021522) (Version: 16.0.1050.5 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
GraphDataSetComponents (HKLM\...\{7117E6EC-BA12-4D6B-874C-DFFCBB2E4556}) (Version: 15.178.9 - Microsoft Corporation) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Network Connections 28.2.0.0 (HKLM\...\{23326CB1-CBD7-49A7-803C-BCEB7E8BCB07}) (Version: 28.2.0.0 - Intel) Hidden
Intel® Network Connections 28.2.0.0 (HKLM\...\PROSetDX) (Version: 28.2.0.0 - Intel)
Jump Desktop (HKLM\...\{70ECB083-F2B2-4660-A587-77F130E1D509}) (Version: 8.5.2.0 - Phase Five Systems)
Jump Desktop Connect (HKLM-x32\...\{31BEBB68-1DB7-44B2-A889-30A4CC70026A}) (Version: 6.10.11.0 - Phase Five Systems)
Magic Bullet Suite (HKLM\...\Magic Bullet Suite v2023.0.0) (Version:  - Maxon Computer GmbH)
Malwarebytes version 4.6.1.280 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes)
Maxon Cinema 4D 2023 (HKLM\...\Maxon Cinema 4D 2023) (Version: 2023 - Maxon)
Microsoft Azure Recovery Services Agent (HKLM\...\{FFE6D16C-3F87-4192-AF94-DDBEFF165106}) (Version: 2.0.9250.0 - Microsoft Corporation) Hidden
Microsoft Azure Recovery Services Agent (HKLM\...\Windows Azure Backup) (Version: 2.0.9250.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{CBA9B46D-5C8E-46F9-94B4-7024400EDE52}) (Version: 17.10.3.1 - Microsoft Corporation)
Microsoft OLE DB Driver for SQL Server (HKLM\...\{77E9E138-0D4C-495E-BE77-761E1797BA16}) (Version: 18.2.4.0 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.191.0912.0001 - Microsoft Corporation)
Microsoft Power BI Desktop (x64) (HKLM\...\{22c320c9-e8b5-4bb6-887d-7641425d1a91}) (Version: 2.118.1063.0 - Microsoft Corporation) Hidden
Microsoft PowerBI Desktop (x64) (HKLM-x32\...\{40d9ac63-0b2d-4f7f-9f8d-7940d4a537cb}) (Version: 2.118.1063.0 - Microsoft Corporation)
Microsoft SQL Server 2022 (64-bit) (HKLM\...\Microsoft SQL Server SQL2022) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2022 RsFx Driver (HKLM\...\{629C8FC9-3763-4C58-8264-5288AE34AFEF}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
Microsoft SQL Server 2022 Setup (English) (HKLM\...\{1D9EE2F2-148E-46B8-ABC8-A9055B4D936C}) (Version: 16.0.1050.5 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3240025226-2610930385-1699277903-1000\...\Teams) (Version: 1.6.00.24078 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\Teams) (Version: 1.5.00.33362 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft VSS Writer for SQL Server 2022 (HKLM\...\{AB5D8778-81F3-47E2-87A4-35E776CD664B}) (Version: 16.0.1000.6 - Microsoft Corporation)
MiniTool Partition Wizard 12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited)
Mozilla Firefox (x64 ru) (HKLM\...\Mozilla Firefox 117.0.1 (x64 ru)) (Version: 117.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 114.0.2 - Mozilla)
Node.js (HKLM\...\{12C3946E-D830-40C5-9524-3A45D6BFDD19}) (Version: 14.17.1 - Node.js Foundation)
Npcap OEM (HKLM-x32\...\NpcapInst) (Version: 1.75 - Nmap Project)
NVIDIA Graphics Driver 536.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.67 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA RTX Desktop Manager 204.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 204.26 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040D-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
On-premises data gateway (HKLM-x32\...\{93dbfca5-c9a9-4037-86e3-12724ca32b17}) (Version: 3000.178.9 - Microsoft Corporation)
PBIRobots (HKLM\...\{92298F40-8F99-4ECF-B5FF-D9F4BD74BC36}) (Version: 3.3.20.0 - Devscope) Hidden
PBIRobots (HKLM\...\PBIRobots 3.3.20.0) (Version: 3.3.20.0 - Devscope)
PrimoCache 4.3.0 (HKLM\...\{7A37EA43-BF6F-4DB7-83DB-97AA19BF9408}_is1) (Version: 4.3.0 - Romex Software)
SQL Server 2022 Batch Parser (HKLM\...\{7EFD8B19-A9E6-41CF-A96F-B9B6E30EC345}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Common Files (HKLM\...\{6A68D32C-4C0D-4847-B70C-58E6B4D76A12}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Common Files (HKLM\...\{8770AF64-BB4B-4404-BDD6-6AF8E4C461FC}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Connection Info (HKLM\...\{770DA7F2-817B-4AA6-9160-08BB658ABDC6}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Connection Info (HKLM\...\{EAC54B82-7A37-4A9E-8953-474316BD40F6}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Database Engine Services (HKLM\...\{6621C765-569C-4D46-A8E9-C69A47971357}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Database Engine Services (HKLM\...\{C4CF167C-4739-4A3A-8D75-59C9C5F135CA}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Database Engine Shared (HKLM\...\{161B8D12-C41B-4ACF-9BB5-E1FEE6788869}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Database Engine Shared (HKLM\...\{D6E82158-05B9-4A18-A624-EA135BC77766}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 DMF (HKLM\...\{5AB77D4E-9E5F-4627-B78B-129A5EC2858A}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 DMF (HKLM\...\{DCA0C2D6-83BF-41AE-B1AB-C4181002DE40}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Shared Management Objects (HKLM\...\{12618131-AA9A-4DAE-9387-CE4417955B9F}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Shared Management Objects (HKLM\...\{6F8242AA-1B25-421C-8E45-FC5978D9AA3A}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Shared Management Objects Extensions (HKLM\...\{35EC6145-E333-42DB-BCB3-380DF6140C11}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Shared Management Objects Extensions (HKLM\...\{A0F7ACBA-075F-4BC7-A85A-5DC301FCEC74}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 SQL Diagnostics (HKLM\...\{0CEFE958-E71A-4171-9DEF-77E9234A5613}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 XEvent (HKLM\...\{94AEB0A0-365C-449B-B573-D2ECB353EB06}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 XEvent (HKLM\...\{BD8B7339-7559-4FC3-95E6-264324D45235}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation)
Time-Sync (HKLM-x32\...\Time-Sync) (Version: 1.89 - Speed-Soft)
TreeSize Free V4.6.2 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.6.2 - JAM Software)
TreeSize V9.0.2 (HKLM\...\TreeSize_is1) (Version: 9.0.2 - JAM Software)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
Windows Admin Center (HKLM\...\{CB7E54F9-AE9E-401E-83DC-29C1BC189539}) (Version: 1.5.6593.0 - Microsoft Corporation)
WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
XEvil 6 (HKLM-x32\...\{77EE27F2-C9B0-408B-A39A-F5AA8191ECA3}) (Version: 6.0.35.1007 - Botmaster Labs) Hidden
XEvil 6 (HKLM-x32\...\XEvil 6 6.0.35.1007) (Version: 6.0.35.1007 - Botmaster Labs)
יישומי Microsoft 365 לעסקים - he-il (HKLM\...\O365BusinessRetail - he-il) (Version: 16.0.16731.20234 - Microsoft Corporation)
 
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-06-27] (Adobe Systems Incorporated)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-01] (NVIDIA Corp.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\yad2\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\yad2\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A60F94A42F24} -> [Creative Cloud Files] => C:\Users\Administrator\Creative Cloud Files [2022-12-16 07:53]
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22349.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{d4737846-a892-2f78-d0cd-b8fbcacdf3bc}\localserver32 -> "C:\Program Files\PowerBI tips Business Ops\resources\static\external-tools\010__SQL_BI\BravoV0\app\Bravo.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\nvshext.dll [2023-07-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [NvQuadroView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2023-07-14] (NVIDIA Corporation -> )
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Приватный просмотр Firefox.lnk -> C:\Program Files\Mozilla Firefox\private_browsing.exe (Mozilla Corporation) <==== Cyrillic
ShortcutWithArgument: C:\Users\Administrator\Desktop\Benny (Person 1) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
 
==================== Loaded Modules (Whitelisted) =============
 
2023-07-01 21:57 - 2023-07-01 17:20 - 000037888 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\aiohttp\_helpers.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000207872 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\aiohttp\_http_parser.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000034816 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\aiohttp\_http_writer.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000024064 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\aiohttp\_websocket.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000010752 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\charset_normalizer\md.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000115712 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000051712 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\frozenlist\_frozenlist.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000046592 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\multidict\_multidict.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000067072 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\yarl\_quoting_c.cp311-win_amd64.pyd
2023-09-19 23:48 - 2023-09-19 23:48 - 005816320 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Engine.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000053760 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\CurlWrapper\curlwrapper64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000025600 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\DateTime\datetime64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000032256 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\FileSystem\filesystem64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 001007616 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\ImageProcessing\imageprocessing64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000023552 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\Processes\processmanager64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000022016 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\RegularExpression\regexp64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000047616 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\Timezones\timezones64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000013312 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\UserNotification\usernotification64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000334848 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\libegl.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 005735936 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\libglesv2.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 102108160 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\libcef.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 006004224 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Engine.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000060928 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\CurlWrapper\curlwrapper64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000025600 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\DateTime\datetime64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000032256 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\FileSystem\filesystem64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 001007616 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\ImageProcessing\imageprocessing64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000023552 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\Processes\processmanager64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000022016 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\RegularExpression\regexp64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000047616 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\Timezones\timezones64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000013312 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\UserNotification\usernotification64.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 000366592 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\libegl.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 005673472 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\libglesv2.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 003677184 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\vk_swiftshader.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 102108160 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\libcef.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 005561200 _____ (Artem Shevchenko -> The Qt Company Ltd) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Qt5Core.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 005561200 _____ (Artem Shevchenko -> The Qt Company Ltd) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Qt5Core.dll
2023-09-19 23:59 - 2023-09-19 23:59 - 003884544 _____ (Newtonsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\f6d76a590480061da2e4a0467f310de2\Newtonsoft.Json.ni.dll
2023-05-02 13:53 - 2023-05-02 13:53 - 014191104 _____ (Phase Five Systems) [File not signed] C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnectCore.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000681472 _____ (Taro Labs) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\Proxy.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 000681472 _____ (Taro Labs) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\Proxy.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 138794496 _____ (The Chromium Authors) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\chrome.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000870400 _____ (The Chromium Authors) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\chrome_elf.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000825856 _____ (The Chromium Authors) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome_elf.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 157236224 _____ (The Chromium Authors) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\chrome.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 000963584 _____ (The Chromium Authors) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\chrome_elf.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 000825856 _____ (The Chromium Authors) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome_elf.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 002761728 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\libcurl.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 002761728 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\libcurl.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup (1).exe:MBAM.Zone.Identifier [391]
AlternateDataStreams: C:\Users\Administrator\Downloads\ManageEngine_OpManager_Free_64bit.exe:MBAM.Zone.Identifier [169]
AlternateDataStreams: C:\Users\Administrator\Downloads\meshagent64-amd1.exe:MBAM.Zone.Identifier [159]
AlternateDataStreams: C:\Users\Administrator\Downloads\MeshCentralInstaller-2.11.exe:MBAM.Zone.Identifier [150]
AlternateDataStreams: C:\Users\Administrator\Downloads\MeshCentralRouter.exe:MBAM.Zone.Identifier [88]
AlternateDataStreams: C:\Users\Administrator\Downloads\NVIDIA_UEFI_Firmware_Updater_1.2-x64.exe:MBAM.Zone.Identifier [170]
AlternateDataStreams: C:\Users\Administrator\Downloads\PhysX_9.21.0713_SystemSoftware.exe:MBAM.Zone.Identifier [156]
AlternateDataStreams: C:\Users\Administrator\Downloads\pw-setup.exe:MBAM.Zone.Identifier [407]
AlternateDataStreams: C:\Users\Administrator\Downloads\Samsung_Magician_DC_Windows_64bit.exe:MBAM.Zone.Identifier [215]
AlternateDataStreams: C:\Users\Administrator\Downloads\Samsung_SSD_DC_Toolkit_for_Windows_1.exe:MBAM.Zone.Identifier [218]
AlternateDataStreams: C:\Users\Administrator\Downloads\SQL2022-SSEI-Eval.exe:MBAM.Zone.Identifier [205]
AlternateDataStreams: C:\Users\Administrator\Downloads\SSMS-Setup-ENU.exe:MBAM.Zone.Identifier [179]
AlternateDataStreams: C:\Users\Administrator\Downloads\TeamViewer_Setup_x64.exe:MBAM.Zone.Identifier [330]
AlternateDataStreams: C:\Users\Administrator\Downloads\VMware-workstation-full-17.0.0-20800274.exe:MBAM.Zone.Identifier [168]
AlternateDataStreams: C:\Users\benny\Downloads\AnyDesk.exe:MBAM.Zone.Identifier [110]
AlternateDataStreams: C:\Users\benny\Downloads\Samsung_NVM_Express_Driver_3.3.exe:MBAM.Zone.Identifier [218]
AlternateDataStreams: C:\Users\benny\Downloads\spsetup132.exe:MBAM.Zone.Identifier [119]
AlternateDataStreams: C:\Users\benny\Downloads\VMware-workstation-full-17.0.0-20800274.exe:MBAM.Zone.Identifier [168]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\sharepoint.com -> hxxps://yevula-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\sharepoint.com -> hxxps://yevula-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3240025226-2610930385-1699277903-500\...\sharepoint.com -> hxxps://yevula-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2021-05-08 11:20 - 2021-05-08 11:18 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
2023-04-20 15:44 - 2023-06-27 11:02 - 000000497 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.137.1 FRESHUK2.mshome.net # 2028 6 0 25 8 2 2 95
192.168.137.206 WinDev2305Eval.mshome.net # 2023 7 2 4 8 2 2 94
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Microsoft SQL Server\160\Tools\Binn\;C:\Program Files\Microsoft SQL Server\160\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files\Microsoft SQL Server\160\DTS\Binn\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\nodejs\
HKU\S-1-5-21-3240025226-2610930385-1699277903-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3240025226-2610930385-1699277903-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-80-1835761534-3291552707-3889884660-1303793167-3990676079\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 4.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Ethernet 4: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 4: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet 2: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled) 
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled) 
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3240025226-2610930385-1699277903-500\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WindowsServerBackup-wbengine-In-TCP-NoScope] => (Allow) C:\Windows\system32\wbengine.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SLBM-MUX-IN-TCP] => (Allow) %SystemRoot%\system32\MuxSvcHost.exe => No File
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) C:\Windows\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{413125E9-346B-43CA-B270-0BD7C9747612}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{B9AB21DE-9855-424B-9C58-66F2CC9EAFD4}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{4A1374C6-DCA4-482D-915E-9438E7DF2997}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{D2DBB9D5-AA37-408B-B338-8A06751EF07C}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{D8B6A019-C2F7-4794-A176-06A2F02BA8F9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{C4A62CEF-81DB-47A3-B652-C45783C09EC3}] => (Allow) LPort=7070
FirewallRules: [{6AC245A1-9658-4A63-B4AF-04959618AF9B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0FBE0F67-71E6-4D2C-A16A-5707BACA34C9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{965C5EEE-9371-4F4A-ACCE-39E004EA02FE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{88BCC4EC-D8B4-4A2F-831A-347DA4AF45F3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A938BE53-5C08-4F3A-B148-568B87C74C0F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7D285AC1-4201-43F5-B05E-40AF6EFF4624}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnect.exe (PhaseFive Systems LLC -> Phase Five Systems)
FirewallRules: [{319E405D-2296-4201-A12F-153B97F68A8E}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnect.exe (PhaseFive Systems LLC -> Phase Five Systems)
FirewallRules: [{E5C7F6CA-C7CC-4A02-8E8F-0158D3942D1E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{6D399055-BB51-41B0-8546-6EA4640F423D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{182C0633-A0B6-46B9-A103-0095A848EC71}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\24.3.1\worker\chrome\worker.exe] => (Allow) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\24.3.1\worker\chrome\worker.exe => No File
FirewallRules: [UDP Query User{1A69F94E-81A1-4F54-AFB2-4080ED549D57}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\24.3.1\worker\chrome\worker.exe] => (Allow) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\24.3.1\worker\chrome\worker.exe => No File
FirewallRules: [TCP Query User{2F1DA9D3-472D-4BB6-A703-C31D47475E7F}D:\downloads\sdio_1.12.13.754\sdio_x64_r754.exe] => (Allow) D:\downloads\sdio_1.12.13.754\sdio_x64_r754.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [UDP Query User{B9369E07-A4AF-4EE8-82D1-9A7195F57EA9}D:\downloads\sdio_1.12.13.754\sdio_x64_r754.exe] => (Allow) D:\downloads\sdio_1.12.13.754\sdio_x64_r754.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [{754D95C9-3A5E-4DDB-BA9F-B8F0E47B514D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CF700D45-E7C7-43F4-879C-41EB752A42EE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{F018C854-CF66-4A21-BC09-96BE536F05DC}C:\program files\jam software\treesize\treesize.exe] => (Allow) C:\program files\jam software\treesize\treesize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [UDP Query User{41179B4E-824E-4C50-AA96-1D916BA5948A}C:\program files\jam software\treesize\treesize.exe] => (Allow) C:\program files\jam software\treesize\treesize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [{1E6517B4-7CD9-41F4-BD37-E53992522E92}] => (Block) C:\program files\jam software\treesize\treesize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [{23F5366E-564F-4879-B949-BC1AA3837D11}] => (Block) C:\program files\jam software\treesize\treesize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [TCP Query User{2D05D679-F461-4092-9BED-66AFB8BFE3D7}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.8.0\worker.3\chrome\worker.exe] => (Block) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.8.0\worker.3\chrome\worker.exe (Artem Shevchenko -> The Chromium Authors)
FirewallRules: [UDP Query User{00F18E21-3BD3-4D31-BA93-C482AA0DA938}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.8.0\worker.3\chrome\worker.exe] => (Block) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.8.0\worker.3\chrome\worker.exe (Artem Shevchenko -> The Chromium Authors)
FirewallRules: [TCP Query User{E63D1E15-C0A5-4353-8C4E-3630B86CBD09}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8dd4cb65\engine\worker\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8dd4cb65\engine\worker\chrome\worker.exe (The Chromium Authors) [File not signed]
FirewallRules: [UDP Query User{4D4B2573-40C2-4CD3-BCEA-E82628D6A6E6}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8dd4cb65\engine\worker\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8dd4cb65\engine\worker\chrome\worker.exe (The Chromium Authors) [File not signed]
FirewallRules: [{5D6F7E6A-7856-4AA7-B633-50525CAEB4D2}] => (Allow) D:\Program Files\Microsoft Power BI Desktop\bin\msmdsrv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3DFAED7E-CE0E-4656-89F3-39332F838E72}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.4.1\worker\chrome\worker.exe] => (Allow) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.4.1\worker\chrome\worker.exe (Artem Shevchenko -> The Chromium Authors)
FirewallRules: [UDP Query User{B57ECD65-25F1-41C6-933E-9A6543C12EE0}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.4.1\worker\chrome\worker.exe] => (Allow) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.4.1\worker\chrome\worker.exe (Artem Shevchenko -> The Chromium Authors)
FirewallRules: [TCP Query User{464503F3-D18F-4FBA-947C-50DE91261E29}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8748447e\engine\worker\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8748447e\engine\worker\chrome\worker.exe => No File
FirewallRules: [UDP Query User{C1A40703-9983-49C0-A65B-69B044843CCB}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8748447e\engine\worker\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8748447e\engine\worker\chrome\worker.exe => No File
FirewallRules: [{BD40FE59-F1B7-4FA0-9281-3CDFFC545E16}] => (Allow) LPort=6655
FirewallRules: [{8697FCC7-52CA-404C-BCFF-DC2588F8A6FA}] => (Allow) LPort=8082
FirewallRules: [TCP Query User{BD882A8E-1FEC-457E-92B1-93584B22EE42}C:\users\administrator\downloads\sdio_1.12.14.755\sdio_x64_r755.exe] => (Allow) C:\users\administrator\downloads\sdio_1.12.14.755\sdio_x64_r755.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [UDP Query User{B1D3EFAB-FA04-452C-88C5-F316AB851410}C:\users\administrator\downloads\sdio_1.12.14.755\sdio_x64_r755.exe] => (Allow) C:\users\administrator\downloads\sdio_1.12.14.755\sdio_x64_r755.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [{3E3D5829-3CEF-4500-A9B2-7F3A5AD4C8FF}] => (Allow) C:\Program Files\JAM Software\TreeSize\TreeSize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [TCP Query User{381EF5D3-669E-4761-9B36-E84403A57C50}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sidc696ea40\engine\worker.4\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sidc696ea40\engine\worker.4\chrome\worker.exe => No File
FirewallRules: [UDP Query User{E9B0CAAB-01DA-4720-808F-62803DC47DAC}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sidc696ea40\engine\worker.4\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sidc696ea40\engine\worker.4\chrome\worker.exe => No File
FirewallRules: [{C204A82B-BA07-4D3A-B9F1-477E916F5F70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{5284C9E0-F195-4A7E-969D-3D659C19EADC}C:\users\administrator\appdata\local\temp\3\{6791e6b1-13fa-4f69-bab5-8ab58093f085}\manageengine_opmanager_free_64bit.exe] => (Allow) C:\users\administrator\appdata\local\temp\3\{6791e6b1-13fa-4f69-bab5-8ab58093f085}\manageengine_opmanager_free_64bit.exe => No File
FirewallRules: [UDP Query User{22AC3436-142F-47E1-BA5E-551EC6C8362E}C:\users\administrator\appdata\local\temp\3\{6791e6b1-13fa-4f69-bab5-8ab58093f085}\manageengine_opmanager_free_64bit.exe] => (Allow) C:\users\administrator\appdata\local\temp\3\{6791e6b1-13fa-4f69-bab5-8ab58093f085}\manageengine_opmanager_free_64bit.exe => No File
FirewallRules: [TCP Query User{871126E6-7B50-44EE-B8B2-392CD162DBA0}D:\program files\manageengine\opmanager\jre\bin\javaw.exe] => (Allow) D:\program files\manageengine\opmanager\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A947A3DC-99C3-4399-988E-12CB2717B40F}D:\program files\manageengine\opmanager\jre\bin\javaw.exe] => (Allow) D:\program files\manageengine\opmanager\jre\bin\javaw.exe => No File
FirewallRules: [{AEE1881C-4B16-44C1-B941-5605CF8DE572}] => (Allow) LPort=22
FirewallRules: [{FE73A02A-33F5-46DE-8C42-6D08C2229D25}] => (Allow) LPort=69
FirewallRules: [{D4DAF495-D0EE-43B0-A592-A9085DD811D7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{A502CA4C-09BA-4124-91EB-E6AD51D571CD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{DC1E4500-D049-4AFF-8FC9-477101FCBAE3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{6AFE5B66-6CA9-45FE-9AA4-59D7273E09A9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{864A92BF-65B9-4522-A139-F0655CEDC532}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{E188F867-8BEC-493A-A2E6-C5AA91FFA217}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{7CE09FD7-7550-4BBF-BF05-417736CB5546}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:423.44 GB) (Free:53.41 GB) (13%)
Check "VSS" service
 
 
==================== Faulty Device Manager Devices ============
 
Name: Intel® I210 Gigabit Network Connection
Description: Intel® I210 Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1rexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® I210 Gigabit Network Connection #2
Description: Intel® I210 Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1rexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® Ethernet Server Adapter I350-T2
Description: Intel® Ethernet Server Adapter I350-T2
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1rexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/23/2023 12:16:21 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
 
Error: (09/23/2023 07:00:00 AM) (Source: VSS) (EventID: 7001) (User: )
Description: VssAdmin: Unable to create a shadow copy: Either the specified volume was not found or it is not a local volume. 
Command-line: '"C:\Windows\system32\vssadmin.exe" Create Shadow /AutoRetry=15 /For=\\?\Volume{6351c82a-0000-0000-007e-000000000000}\'.
 
Error: (09/22/2023 10:34:54 PM) (Source: nview) (EventID: 1) (User: )
Description: too many errors. stop logging.
 
Error: (09/22/2023 10:34:54 PM) (Source: nview) (EventID: 1) (User: )
Description: Failed to update display data in shared memory. Continue with stale data.
 
Error: (09/22/2023 10:33:51 PM) (Source: nview) (EventID: 1) (User: )
Description: failed to update data. try again...
 
Error: (09/22/2023 10:33:51 PM) (Source: nview) (EventID: 1) (User: )
Description: Failed to update display data in shared memory. Continue with stale data.
 
Error: (09/22/2023 10:32:49 PM) (Source: nview) (EventID: 1) (User: )
Description: failed to update data. try again...
 
Error: (09/22/2023 10:32:49 PM) (Source: nview) (EventID: 1) (User: )
Description: Failed to update display data in shared memory. Continue with stale data.
 
 
System errors:
=============
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2023-06-21 09:32:00
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Exploit:Win32/CVE-2012-5076
Severity: Severe
Category: Exploit
Path: file:_C:\Users\Administrator\Downloads\CANVAS_7.27+D2ExploitationPack_v2.55+WhitePhosphorus_1.28_(Umbreon_leak_at_breached.to).7z; webfile:_C:\Users\Administrator\Downloads\CANVAS_7.27+D2ExploitationPack_v2.55+WhitePhosphorus_1.28_(Umbreon_leak_at_breached.to).7z|https://cdn-153.anonfiles.com/BbzbKc6ay9/222928b5-1687329109/CANVAS_7.274.18.23050.5BD2ExploitationPack_v2.554.18.23050.5BWhitePhosphorus_1.28_FastPathUmbreon_leak_at_breached.to0.7z|pid:58420,ProcessStart:133318027118999713
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.391.2087.0, AS: 1.391.2087.0, NIS: 1.391.2087.0
Engine Version: AM: 1.1.23050.3, NIS: 1.1.23050.3
Event[0]
 
Date: 2023-06-26 23:33:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.2720.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2023-06-26 21:10:43
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.2720.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2023-06-26 20:55:59
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.2720.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2023-06-26 20:27:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.391.2720.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23050.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2023-04-24 13:15:27
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===============
Date: 2023-09-22 20:07:26
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2023-09-22 15:59:54
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends International, LLC. P1.50 08/01/2022
Motherboard: ASRockRack X570D4U
Processor: AMD Ryzen 9 5950X 16-Core Processor 
Percentage of memory in use: 17%
Total physical RAM: 130996.4 MB
Available physical RAM: 108455.36 MB
Total Virtual: 200628.4 MB
Available Virtual: 170507 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:423.44 GB) (Free:53.41 GB) (Model: Samsung SSD 970 PRO 512GB) NTFS
Drive d: () (Fixed) (Total:843.05 GB) (Free:275.41 GB) (Model: Samsung SSD 860 PRO 1TB) NTFS
Drive e: () (Fixed) (Total:15.43 GB) (Free:15.34 GB) (Model: Samsung SSD 860 PRO 1TB) NTFS
Drive f: () (Fixed) (Total:5.51 GB) (Free:5.42 GB) (Model: Samsung SSD 970 PRO 512GB) NTFS
 
\\?\Volume{6b76aac0-2710-0000-72a7-806e6f6e6963}\ () (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 6351C82A)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 6350E47A)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

Back to Virus, Trojan, Spyware, and Malware Removal Help


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·