Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

strange keyboard behavior

suspected malware

  • Please log in to reply

#1
tanjiroo

tanjiroo

    New Member

  • Member
  • Pip
  • 3 posts

every once a while i get MITM attack warnings on sites 

Like proboards sites or youtube that doesn't go away when using free vpn 

 

also lately i'm having a strange keyboard presses on my laptop 

 

steps i've done so far 

MBAM scan

KVRT scan 

Emsisoft scan 

HMP scan

NPE  scan 

Trendmicro Housecall scan 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-08.2024
Ran by Mohammad abd allah (administrator) on DESKTOP-Q3O86VF (LENOVO 80EW) (28-08-2024 12:59:25)
Running from C:\Users\User\Desktop\FRST64.exe
Loaded Profiles: Mohammad abd allah & User
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4780 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1724782727\fshoster64.exe ->) (WithSecure Oyj -> WithSecure Corporation) C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1724782727\FsPisces.exe
(C:\Program Files\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera\112.0.5197.53\opera_crashreporter.exe
(C:\Program Files\Sandboxie-Plus\SandboxieRpcSs.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) C:\Program Files\Sandboxie-Plus\SandboxieDcomLaunch.exe
(C:\Program Files\Sandboxie-Plus\SbieSvc.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) C:\Program Files\Sandboxie-Plus\SandboxieRpcSs.exe
(DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera\opera.exe <18>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie-Plus\SandMan.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe
(services.exe ->) (Comodo Security Solutions Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe <2>
(services.exe ->) (Comodo Security Solutions Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files\F-Secure\TOTAL\FSNifWeb\1724316925\fshoster64.exe
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files\F-Secure\TOTAL\x64\fshoster64.exe <3>
(services.exe ->) (F-Secure Corporation -> F-Secure Corporation) C:\Program Files\F-Secure\TOTAL\x64\fsvpnservice_64.exe
(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (NoVirusThanks Company Srl -> NoVirusThanks Company Srl) C:\Program Files (x86)\NoVirusThanks\NVT License Manager\NVTLicenseManager.exe
(services.exe ->) (Pango LLC -> Pango Inc.) C:\Program Files (x86)\Hotspot Shield\12.9.1\bin\cmw_srv.exe
(services.exe ->) (Shanghai Microvirt Software Technology Co., Ltd. -> ) D:\Program Files\Microvirt\MEmu\MemuService.exe
(services.exe ->) (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) C:\Program Files\Sandboxie-Plus\SbieSvc.exe <3>
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(services.exe ->) (WithSecure Oyj -> WithSecure Corporation) C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1724782727\fshoster64.exe <2>
(services.exe ->) (WithSecure Oyj -> WithSecure Corporation) C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1724782727\fsulprothoster.exe
(svchost.exe ->) (Comodo Security Solutions Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(svchost.exe ->) (Comodo Security Solutions Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1408752 2015-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1408752 2015-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1408752 2015-08-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3947704 2015-08-13] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13280792 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
HKLM\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3896224 2024-08-22] (Opera Norway AS -> Opera Software)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [113784 2023-04-09] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [665384 2019-12-05] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\Mohammad abd allah\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)
HKLM\...\RunOnce: [!BCILauncher] => C:\WINDOWS\Temp\MUBSTemp\BCILauncher.EXE [18464 2024-06-24] (Microsoft Corporation -> ) <==== ATTENTION
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [DontDisplayNetworkSelectionUI] 1
HKU\S-1-5-21-2420854201-3687077090-4221634867-1001\...\Run: [MicrosoftEdgeAutoLaunch_873CAE476AAB3B9A717FC5BDDEEF2E0A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3741224 2024-08-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2420854201-3687077090-4221634867-1001\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-2420854201-3687077090-4221634867-1001\...\Policies\Explorer: [NoPreviewPane] 1
HKU\S-1-5-21-2420854201-3687077090-4221634867-1001\...\Policies\Explorer: [NoReadingPane] 1
HKU\S-1-5-21-2420854201-3687077090-4221634867-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-2420854201-3687077090-4221634867-1002\...\Run: [SandboxiePlus_AutoRun] => C:\Program Files\Sandboxie-Plus\SandMan.exe [3286480 2024-07-30] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-2420854201-3687077090-4221634867-1002\...\Run: [MicrosoftEdgeAutoLaunch_C46CFC0629905CC775E70B50EA8A519C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3741224 2024-08-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2420854201-3687077090-4221634867-1002\...\Policies\Explorer: [] 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\128.0.6613.85\Installer\chrmstp.exe [2024-08-23] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\128.1.69.153\Installer\chrmstp.exe [2024-08-22] (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {16986872-FDC2-4C42-8DC2-4026F35141C7} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{A0AE8B6F-2F6B-4FB7-8047-A4CDD5FC96F6} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167448 2024-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D4ECC7B7-93A2-45BD-8038-27749492E403} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{DE11BE40-5C59-446F-900E-FFAEBFA76BED} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167448 2024-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {BB4B8FFA-5D0C-4AD2-BBD4-4CD7C0797E53} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13280792 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
Task: {64D84F3D-D69A-4932-AFA7-F3B64E40FF13} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5801376 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
Task: {6B2A6856-DADC-45D6-91BB-0EB4F574BC8C} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5801376 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
Task: {84C6FA9A-FE5E-4014-B891-746F09CDED5B} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5801376 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
Task: {09F75C6A-54F2-48BC-BD70-0133EB167C46} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13280792 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
Task: {811C139D-76CA-4C69-9487-8A8D317431E9} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5801376 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
Task: {8F51EA85-2E0D-4C22-9CFA-7DF3004B45AB} - System32\Tasks\F-Secure\F-Secure Hotfix => C:\Program Files\F-Secure\TOTAL\x64\fs_hotfix_64.exe [517000 2024-06-13] (F-Secure Corporation -> F-Secure Corporation)
Task: {7E873023-AB00-4474-91D6-42D281804A4E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6597.0{C0EB9139-947F-43BC-AF99-B07C5CA2E38E} => C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe [4889704 2024-07-15] (Google LLC -> Google LLC)
Task: {0E6B934C-B1EB-476A-9E4A-530E0E7B8D7A} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2420854201-3687077090-4221634867-1002 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676936 2024-08-21] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {610E3A09-D301-41CF-AD3D-EAFF3FEB00B3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-08-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {9D336902-8B62-4B0B-82DE-990646EA53CE} - System32\Tasks\Opera scheduled assistant Autoupdate 1719002747 => C:\Program Files\Opera\autoupdate\opera_autoupdate.exe [5770656 2024-08-06] (Opera Norway AS -> Opera Software) -> --scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Program Files\Opera\assistant" --producttype=assistant $(Arg0)
Task: {15AAD714-8AEF-491B-A175-0CFF82681EC2} - System32\Tasks\Opera scheduled Autoupdate 1719002733 => C:\Program Files\Opera\autoupdate\opera_autoupdate.exe [5770656 2024-08-06] (Opera Norway AS -> Opera Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [26512 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [26512 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [31120 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [31120 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Tcpip\..\Interfaces\{71ae9a12-11bd-448a-a980-7528c75d5800}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9504a728-b04e-4b85-865a-53bd111790c1}: [NameServer] 1.1.1.1,8.8.4.4
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
 
Edge: 
=======
Edge Profile: C:\Users\Mohammad abd allah\AppData\Local\Microsoft\Edge\User Data\Default [2024-08-24]
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-09] (VideoLAN -> VideoLAN)
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\opera.exe
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1047416 2019-12-05] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167448 2024-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\128.1.69.153\elevation_service.exe [2658840 2024-08-22] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167448 2024-07-15] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11427000 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
R2 CmdAgentProt; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11427000 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2649200 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
R2 fshoster; C:\Program Files\F-Secure\TOTAL\x64\fshoster64.exe [257416 2024-06-13] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files\F-Secure\TOTAL\x64\fshoster64.exe [257416 2024-06-13] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnifwebhoster; C:\Program Files\F-Secure\TOTAL\FSNifWeb\1724316925\fshoster64.exe [409992 2024-08-27] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1724782727\fshoster64.exe [738272 2024-08-28] (WithSecure Oyj -> WithSecure Corporation)
R2 fsulnethoster; C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1724782727\fshoster64.exe [738272 2024-08-28] (WithSecure Oyj -> WithSecure Corporation)
R2 fsulprothoster; C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1724782727\fsulprothoster.exe [738272 2024-08-28] (WithSecure Oyj -> WithSecure Corporation)
R2 fsvpnsvc; C:\Program Files\F-Secure\TOTAL\x64\fsvpnservice_64.exe [2223496 2024-06-13] (F-Secure Corporation -> F-Secure Corporation)
R2 hshld_12.9.1; C:\Program Files (x86)\Hotspot Shield\12.9.1\bin\cmw_srv.exe [259088 2024-05-08] (Pango LLC -> Pango Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8965728 2024-08-15] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-22] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MEmuSVC; D:\Program Files\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> )
R2 NVTLicenseManager; C:\Program Files (x86)\NoVirusThanks\NVT License Manager\NVTLicenseManager.exe [5333048 2024-03-29] (NoVirusThanks Company Srl -> NoVirusThanks Company Srl)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.3.0\ProtonVPNService.exe [474848 2024-07-29] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.3.0\ProtonVPN.WireGuardService.exe [474336 2024-07-29] (Proton AG -> ProtonVPN)
R2 SbieSvc; C:\Program Files\Sandboxie-Plus\SbieSvc.exe [414672 2024-07-30] (Tonalio GmbH -> Sandboxie-Plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522096 2024-08-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64632 2023-04-09] (VMware, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [568944 2024-08-27] (Windscribe Limited -> Windscribe Limited)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [16368 2022-02-14] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [54984 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
R1 cmdGuard; C:\WINDOWS\System32\drivers\cmdguard.sys [880248 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
R1 cmdhlp; C:\WINDOWS\System32\drivers\cmdhlp.sys [63384 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
R3 F-Secure Gatekeeper; C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1724782727\fsulgk.sys [484008 2024-08-28] (Microsoft Windows Hardware Compatibility Publisher -> WithSecure Corporation)
S0 fselms; C:\WINDOWS\System32\drivers\fselms.sys [17400 2024-08-27] (Microsoft Windows Early Launch Anti-malware Publisher -> WithSecure Corporation)
R2 fsnif2; C:\Program Files\F-Secure\TOTAL\Ultralight\nif2\1718779863\nif2s64.sys [186024 2024-08-27] (Microsoft Windows Hardware Compatibility Publisher -> WithSecure Corporation)
R3 fsvpnwintun; C:\WINDOWS\System32\drivers\fsvpnwintun.sys [31256 2024-06-05] (Microsoft Windows Hardware Compatibility Publisher -> F-Secure Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [42040 2024-08-24] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 hsstap; C:\WINDOWS\System32\drivers\hsstap.sys [39424 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Pango)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [151384 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
R1 intelTDT; C:\WINDOWS\System32\DRIVERS\intelTDT.sys [165008 2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [231504 2024-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-08-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [320360 2021-01-04] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R1 pango_netfilter2; C:\WINDOWS\System32\drivers\pango_netfilter2.sys [89088 2024-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Pango Inc)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.3.0\Resources\ProtonVPN.CalloutDriver.sys [37768 2024-07-29] (Proton AG -> Proton Technologies AG)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-09-23] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie-Plus\SbieDrv.sys [250024 2024-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
R0 vmci; C:\WINDOWS\System32\drivers\vmci.sys [104888 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [31128 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [53656 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\DRIVERS\vmnetuserif.sys [30664 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\DRIVERS\vmx86.sys [100776 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [88976 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [22080 2024-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [602504 2024-08-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-08-09] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [38152 2024-08-27] (Windscribe Limited -> )
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2024-08-27] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-08-15] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-08-28 12:59 - 2024-08-28 13:02 - 000025840 _____ C:\Users\User\Desktop\FRST.txt
2024-08-28 12:55 - 2024-08-28 12:56 - 002397184 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2024-08-27 15:24 - 2024-08-27 15:25 - 009252384 _____ (Open Text) C:\Users\User\Downloads\wsanabtrav.exe
2024-08-27 11:21 - 2024-08-27 11:22 - 000000000 ____D C:\Users\User\AppData\Local\F-Secure
2024-08-27 11:21 - 2024-08-27 11:21 - 000002211 _____ C:\Users\Public\Desktop\F-Secure.lnk
2024-08-27 11:21 - 2024-08-27 11:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\F-Secure
2024-08-27 11:21 - 2024-08-27 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2024-08-27 11:21 - 2024-08-27 11:21 - 000000000 ____D C:\Program Files\F-Secure
2024-08-27 11:20 - 2024-08-28 10:30 - 000000000 ____D C:\Program Files\dotnet
2024-08-27 11:11 - 2024-08-27 11:27 - 000000000 ____D C:\ProgramData\F-Secure
2024-08-27 11:11 - 2024-08-27 11:24 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Local\F-Secure
2024-08-27 11:05 - 2024-08-27 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2024-08-27 11:04 - 2024-08-27 11:05 - 000000000 ____D C:\Program Files\qBittorrent
2024-08-27 10:44 - 2024-08-27 10:44 - 000000000 ____D C:\Users\User\AppData\Local\Windscribe
2024-08-27 10:43 - 2024-08-27 11:28 - 000000000 ____D C:\Program Files\Windscribe
2024-08-27 10:43 - 2024-08-27 10:43 - 000038152 _____ C:\WINDOWS\system32\Drivers\windscribesplittunnel.sys
2024-08-27 10:43 - 2024-08-27 10:43 - 000001062 _____ C:\Users\Public\Desktop\Windscribe.lnk
2024-08-27 10:43 - 2024-08-27 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2024-08-25 12:46 - 2024-08-25 12:46 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Roaming\WinRAR
2024-08-24 17:23 - 2024-08-24 17:23 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Local\D3DSCache
2024-08-24 17:21 - 2024-08-24 17:23 - 000332586 _____ C:\TDSSKiller.3.1.0.28_24.08.2024_17.21.22_log.txt
2024-08-24 17:17 - 2024-08-24 17:38 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Local\CrashDumps
2024-08-21 21:47 - 2024-08-21 21:47 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\MMC
2024-08-21 21:44 - 2024-08-22 19:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-08-20 11:30 - 2024-08-27 11:05 - 000000907 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2024-08-20 11:04 - 2024-07-31 10:50 - 004402104 _____ (AhnLab, Inc.) C:\WINDOWS\system32\btscan.exe
2024-08-20 11:02 - 2024-08-20 11:02 - 000000000 ____D C:\Temp
2024-08-20 10:41 - 2024-08-27 11:08 - 000000000 ____D C:\ProgramData\AhnLab
2024-08-18 21:11 - 2024-08-18 21:11 - 000000000 ___HD C:\$WinREAgent
2024-08-18 20:57 - 2024-08-18 21:01 - 000323652 _____ C:\TDSSKiller.3.1.0.28_18.08.2024_20.57.42_log.txt
2024-08-18 13:44 - 2024-08-18 13:44 - 000849283 _____ C:\Users\Mohammad abd allah\AppData\Local\census.cache
2024-08-18 13:42 - 2024-08-18 13:42 - 000411618 _____ C:\Users\Mohammad abd allah\AppData\Local\ars.cache
2024-08-18 12:53 - 2024-08-18 12:53 - 000000036 _____ C:\Users\Mohammad abd allah\AppData\Local\housecall.guid.cache
2024-08-15 21:00 - 2024-08-22 08:51 - 000001308 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-08-15 20:55 - 2024-08-24 17:38 - 000136764 _____ C:\WINDOWS\ntbtlog.txt
2024-08-15 20:21 - 2024-08-15 20:28 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Local\NPE
2024-08-15 20:21 - 2024-08-15 20:21 - 000000000 ____D C:\Users\User\AppData\Local\ToastNotificationManagerCompat
2024-08-15 20:21 - 2024-08-15 20:21 - 000000000 ____D C:\ProgramData\Norton
2024-08-15 20:03 - 2024-08-28 12:36 - 000014370 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2024-08-15 19:46 - 2024-08-15 19:47 - 000000000 ____D C:\ProgramData\Emsisoft
2024-08-15 19:45 - 2024-08-24 16:55 - 000000000 ____D C:\EEK
2024-08-12 14:20 - 2024-08-12 14:20 - 000000000 ____D C:\Users\User\AppData\Roaming\WinRAR
2024-08-08 16:38 - 2024-08-08 16:40 - 000000000 ____D C:\Users\User\AppData\Local\ProtonVPN
2024-08-08 16:37 - 2024-08-08 16:37 - 000001050 _____ C:\Users\Public\Desktop\Proton VPN.lnk
2024-08-08 16:37 - 2024-08-08 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2024-08-08 16:37 - 2024-08-08 16:37 - 000000000 ____D C:\Program Files\Proton
2024-08-06 15:54 - 2024-08-15 21:05 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2024-08-04 15:22 - 2024-08-04 15:23 - 000163999 _____ C:\Users\User\Documents\save0b5c7f76.tmp
2024-08-02 17:52 - 2024-08-04 15:23 - 000167849 _____ C:\Users\User\Documents\mnin.bak
2024-08-02 17:51 - 2024-08-04 15:23 - 000164031 _____ C:\Users\User\Documents\mnin.dwg
2024-08-02 11:12 - 2024-08-02 11:12 - 000002643 _____ C:\Users\User\Desktop\YouTube.lnk
2024-08-02 11:12 - 2024-08-02 11:12 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2024-08-01 13:59 - 2024-08-01 13:59 - 000000000 ____D C:\ProgramData\FLEXnet
2024-08-01 13:57 - 2024-08-01 13:57 - 000000000 ____D C:\Users\User\AppData\Local\CEF
2024-08-01 13:56 - 2024-08-01 13:56 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-08-01 13:55 - 2024-08-01 16:02 - 000000000 ____D C:\Users\User\AppData\Roaming\Autodesk
2024-08-01 13:55 - 2024-08-01 16:02 - 000000000 ____D C:\Users\User\AppData\Local\Autodesk
2024-08-01 13:53 - 2024-08-01 13:53 - 000001441 _____ C:\Users\Public\Desktop\Autodesk Desktop App.lnk
2024-08-01 13:53 - 2024-08-01 13:53 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Local\CEF
2024-08-01 13:52 - 2024-08-01 13:52 - 000000000 ____D C:\Program Files (x86)\Autodesk
2024-08-01 13:51 - 2024-08-01 14:03 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Local\Autodesk
2024-08-01 13:51 - 2024-08-01 13:55 - 000001932 _____ C:\Users\Public\Desktop\AutoCAD 2021 - English.lnk
2024-08-01 13:51 - 2024-08-01 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2021 - English
2024-08-01 13:50 - 2024-08-01 13:50 - 000000000 ____D C:\Users\Mohammad abd allah\Documents\Inventor Server for AutoCAD
2024-08-01 13:45 - 2024-08-01 13:54 - 000000000 ____D C:\Program Files\Autodesk
2024-08-01 13:45 - 2024-08-01 13:50 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2024-08-01 13:39 - 2024-08-01 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2024-08-01 13:34 - 2024-08-01 13:34 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Roaming\Adobe
2024-08-01 13:31 - 2024-08-01 16:02 - 000000000 ____D C:\ProgramData\Autodesk
2024-08-01 13:31 - 2024-08-01 13:53 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Roaming\Autodesk
2024-07-31 17:26 - 2024-07-31 17:26 - 000000000 ____D C:\Users\User\AppData\Local\MEmu
2024-07-31 16:47 - 2024-07-31 16:47 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2024-07-31 16:47 - 2024-07-31 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2024-07-31 16:47 - 2024-07-31 16:47 - 000000000 ____D C:\Program Files\CPUID
2024-07-31 16:23 - 2024-07-31 16:23 - 000001527 _____ C:\Users\User\Desktop\Adhd meditation - Shortcut.lnk
2024-07-29 09:06 - 2024-07-29 09:06 - 000000441 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\New Volume (D).lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-08-28 13:01 - 2024-06-22 06:45 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-08-28 13:01 - 2024-05-04 06:07 - 000000000 ____D C:\FRST
2024-08-28 12:56 - 2024-06-21 22:52 - 000000000 ____D C:\Users\User\AppData\Local\Sandboxie-Plus
2024-08-28 12:53 - 2023-06-21 01:24 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2024-08-28 12:52 - 2024-06-21 21:02 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-08-28 12:44 - 2024-06-22 05:55 - 000000000 ____D C:\Users\User\AppData\Roaming\qBittorrent
2024-08-28 11:19 - 2024-06-21 20:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-08-28 10:31 - 2024-06-21 23:09 - 000000000 ____D C:\ProgramData\Package Cache
2024-08-28 10:23 - 2024-06-22 06:45 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-08-27 15:48 - 2023-06-21 13:42 - 000000000 ____D C:\Users\User\Downloads\[Torrents]
2024-08-27 15:48 - 2023-06-21 13:42 - 000000000 ____D C:\Users\User\Downloads\[Incomplete Torrents]
2024-08-27 11:53 - 2024-06-22 06:45 - 000000000 ___HD C:\Program Files\WindowsApps
2024-08-27 11:53 - 2024-06-22 06:45 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-08-27 11:35 - 2024-06-21 22:52 - 000006714 _____ C:\WINDOWS\Sandboxie.ini
2024-08-27 11:28 - 2024-07-16 21:33 - 000000000 ____D C:\ProgramData\VMware
2024-08-27 11:28 - 2024-06-21 20:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-08-27 11:28 - 2023-06-21 02:20 - 000008192 ___SH C:\DumpStack.log.tmp
2024-08-27 11:27 - 2024-06-22 06:27 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-08-27 11:26 - 2024-06-22 06:45 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-08-27 11:24 - 2024-06-22 06:42 - 000000000 ____D C:\WINDOWS\INF
2024-08-27 11:06 - 2024-06-22 06:27 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-08-25 15:16 - 2024-07-16 21:40 - 000000000 ____D C:\Users\User\AppData\Local\VMware
2024-08-25 15:16 - 2024-07-16 21:39 - 000000000 ____D C:\Users\User\AppData\Roaming\VMware
2024-08-25 12:09 - 2024-06-21 21:02 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-08-25 12:09 - 2023-06-21 02:22 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-08-24 17:46 - 2024-06-22 06:37 - 000000000 ____D C:\Users\User\AppData\Local\Malwarebytes
2024-08-24 17:42 - 2024-06-27 20:04 - 000000000 ____D C:\Users\Mohammad abd allah\AppData\Roaming\Comodo
2024-08-24 16:55 - 2024-06-22 06:37 - 000239568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-08-24 15:07 - 2024-07-05 18:05 - 000000000 ____D C:\KVRT2020_Data
2024-08-23 10:59 - 2024-06-22 00:08 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-08-23 10:59 - 2024-06-22 00:08 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-08-23 10:21 - 2024-06-21 23:45 - 000004258 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1719002747
2024-08-22 21:32 - 2024-07-15 11:00 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-08-22 21:32 - 2024-07-15 11:00 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2024-08-22 19:45 - 2024-06-21 23:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-08-22 18:33 - 2024-06-22 05:30 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2024-08-22 09:54 - 2024-06-22 05:33 - 000000000 ____D C:\Users\User\AppData\Local\Google
2024-08-22 08:51 - 2024-06-21 23:34 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-08-21 22:07 - 2023-06-21 10:25 - 000000000 ___RD C:\Users\User\Desktop\[Application]
2024-08-19 11:55 - 2024-06-21 23:44 - 000000000 ____D C:\Program Files\Opera
2024-08-19 04:19 - 2024-06-22 06:45 - 000000000 ____D C:\WINDOWS\SystemResources
2024-08-19 04:19 - 2024-06-22 06:45 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-08-19 04:19 - 2024-06-22 06:45 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-08-19 04:19 - 2024-06-22 06:45 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-08-18 22:24 - 2024-06-22 06:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-08-18 22:02 - 2024-06-21 21:01 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-08-17 11:09 - 2024-07-05 21:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-08-17 11:05 - 2024-07-05 21:18 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-08-15 21:26 - 2024-06-21 22:49 - 000000888 _____ C:\Users\Mohammad abd allah\Desktop\Sandboxie-Plus.lnk
2024-08-15 21:26 - 2024-06-21 22:49 - 000000000 ____D C:\Program Files\Sandboxie-Plus
2024-08-15 21:26 - 2023-06-21 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie-Plus
2024-08-15 21:18 - 2024-06-21 22:55 - 000000837 _____ C:\Users\Public\Desktop\UCheck.lnk
2024-08-15 21:18 - 2024-06-21 22:55 - 000000000 ____D C:\Program Files\UCheck
2024-08-15 21:18 - 2023-11-21 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2024-08-15 21:04 - 2024-06-21 23:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-08-15 20:51 - 2024-06-21 21:45 - 000799886 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-08-15 20:31 - 2024-06-21 20:30 - 000353352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-08-15 19:49 - 2024-06-22 06:45 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-08-15 19:43 - 2024-06-21 22:18 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2024-08-15 11:05 - 2024-07-05 03:32 - 000000000 ____D C:\Users\User\AppData\Roaming\IrfanView
2024-08-12 11:22 - 2024-06-21 23:45 - 000004018 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1719002733
2024-08-12 11:22 - 2024-06-21 23:45 - 000001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2024-08-09 11:40 - 2024-06-21 20:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-08-06 16:12 - 2024-06-22 05:29 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-08-01 13:57 - 2024-06-21 22:20 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2024-07-31 16:49 - 2024-07-06 11:36 - 000000000 ____D C:\Users\User\.MemuHyperv
2024-07-29 14:18 - 2024-07-06 11:36 - 000000000 ____D C:\Users\User\Downloads\MEmu Download
2024-07-29 12:44 - 2024-06-21 21:00 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-07-29 12:44 - 2024-06-21 21:00 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
 
==================== Files in the root of some directories ========
 
2024-08-18 13:42 - 2024-08-18 13:42 - 000411618 _____ () C:\Users\Mohammad abd allah\AppData\Local\ars.cache
2024-08-18 13:44 - 2024-08-18 13:44 - 000849283 _____ () C:\Users\Mohammad abd allah\AppData\Local\census.cache
2024-08-18 12:53 - 2024-08-18 12:53 - 000000036 _____ () C:\Users\Mohammad abd allah\AppData\Local\housecall.guid.cache
 
==================== SigCheckExt =========================
 
2024-08-28 12:55 - 2024-08-28 12:56 - 002397184 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08.2024
Ran by Mohammad abd allah (28-08-2024 13:11:49)
Running from C:\Users\User\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4780 (X64) (2024-06-21 19:15:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2420854201-3687077090-4221634867-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2420854201-3687077090-4221634867-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2420854201-3687077090-4221634867-1000 - Limited - Disabled)
Guest (S-1-5-21-2420854201-3687077090-4221634867-501 - Limited - Enabled)
Mohammad abd allah (S-1-5-21-2420854201-3687077090-4221634867-1001 - Administrator - Enabled) => C:\Users\Mohammad abd allah
User (S-1-5-21-2420854201-3687077090-4221634867-1002 - Limited - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2420854201-3687077090-4221634867-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: F-Secure (Enabled - Up to date) {DA5F8466-F00B-8E6B-6CB8-5AE55C9EBDCD}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {105DB448-E308-3928-5A33-7F1271C1AC84}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AutoCAD 2021 - English (HKLM\...\{28B89EEF-4101-0409-2102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Autodesk App Manager 2020-2021 (HKLM-x32\...\{DB92FEA7-F78C-469E-B138-E2303220F0C4}) (Version: 3.1.0 - Autodesk)
Autodesk AutoCAD 2021 - English (HKLM\...\AutoCAD 2021 - English) (Version: 24.0.47.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.21.17 - Autodesk)
Autodesk Featured Apps 2020-2021 (HKLM-x32\...\{2CBD494D-0A3E-4CB3-AFB3-8CE1734613B0}) (Version: 3.1.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{54A00624-3EF9-49A2-92A9-7244EADD0212}) (Version: 3.2.18 - Autodesk)
Autodesk Material Library 2021 (HKLM-x32\...\{6774FD60-7D4B-4D57-BE56-2702A07C9701}) (Version: 19.1.22.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{6EFAD582-86C1-4AB2-97C5-2070D0B90E08}) (Version: 19.1.22.0 - Autodesk)
Autodesk Save to Web and Mobile (HKLM\...\{A9005AC0-4AD8-4E84-B1F7-EE38BB6BCC2D}) (Version: 3.0.26 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{951BB060-1350-4C93-BD83-D966C51D4005}) (Version: 11.2.0.1802 - Autodesk)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 128.1.69.153 - Brave Software Inc)
COMODO Firewall (HKLM\...\{D0C6C6DD-D90F-4499-8153-5FD680F07F6E}) (Version: 12.3.3.8140 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security 2025 Premium (HKLM\...\COMODO Internet Security) (Version: 12.3.3.8140 - COMODO Security Solutions Inc.)
CPUID HWMonitor 1.54 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.54 - CPUID, Inc.)
F-Secure (HKLM\...\{84725365-C2A5-4729-8E67-2F35CB4C94FB}) (Version: 19.5 - F-Secure Corporation)
Google Chrome (HKLM\...\{C55CC4EB-C63D-3C4A-BC46-A1FBE98A0AD5}) (Version: 128.0.6613.85 - Google LLC)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.36.332 - SurfRight B.V.)
Hotspot Shield 12.9.1 (HKLM-x32\...\{2d959229-4a5c-465a-9b5d-83aef5874155}) (Version: 12.9.1.12236 - Pango Inc.)
Hotspot Shield 12.9.1 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-492511B7C2EF}) (Version: 12.9.1.12236 - Pango Inc.) Hidden
Hotspot Shield 12.9.1 (HKLM-x32\...\HotspotShield) (Version: 12.9.1 - Pango Inc.) Hidden
HotspotShield TAP-Windows 9.24.4 (HKLM\...\HotspotShield TAP-Windows) (Version: 9.24.4 - Pango Inc.) Hidden
IrfanView 4.67 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.67 - Irfan Skiljan)
Malwarebytes version 5.1.8.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.8.123 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 9.1.5.0 - Microvirt Software Technology Co., Ltd.)
Microsoft .NET Host - 6.0.33 (x64) (HKLM\...\{8584855C-3B2B-4F95-BE1D-CCA5B6DE2815}) (Version: 48.132.18378 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.33 (x64) (HKLM\...\{62A8E894-9FD1-45A0-A4D0-BD9FA854818D}) (Version: 48.132.18378 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.33 (x64) (HKLM\...\{07BE9B02-0247-471C-B06F-A3B1A8FA9216}) (Version: 48.132.18378 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 128.0.2739.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 128.0.2739.42 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.33 (x64) (HKLM\...\{A59F43A6-AADB-42EB-883B-2FE4E3AA3A69}) (Version: 48.132.18374 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.33 (x64) (HKLM-x32\...\{ecb94bc3-963d-412a-b141-8b7c32ef103f}) (Version: 6.0.33.33916 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 129.0.2 (x64 en-US)) (Version: 129.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.12.1 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 115.13.0 (x64 en-US)) (Version: 115.13.0 - Mozilla)
NoVirusThanks License Manager v1.8.0 (HKLM-x32\...\NoVirusThanks License Manager_is1) (Version: 1.8.0.0 - NoVirusThanks Company Srl)
NoVirusThanks SysHardener v2.9 (HKLM\...\NoVirusThanks SysHardener_is1) (Version: 2.9.0.0 - NoVirusThanks Company Srl)
Opera Stable 112.0.5197.53 (HKLM-x32\...\Opera 112.0.5197.53) (Version: 112.0.5197.53 - Opera Software)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 3.3.0 - Proton AG)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.6 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Sandboxie-Plus v1.14.6 (HKLM\...\Sandboxie-Plus_is1) (Version: 1.14.6 - hxxp://xanasoft.com/)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.5.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1256 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.7 - Synaptics Incorporated)
UCheck version 5.6.0.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 5.6.0.0 - Adlice Software)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
Windscribe (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.10.16 - Windscribe Limited)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
 
Chrome apps:
============
YouTube (HKU\S-1-5-21-2420854201-3687077090-4221634867-1002\...\7281aa95a1372a6705c996759cd85ce3) (Version: 1.0 - Google\Chrome)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2420854201-3687077090-4221634867-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2420854201-3687077090-4221634867-1002_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2420854201-3687077090-4221634867-1002_Classes\CLSID\{446889A0-340F-4CC6-84B2-77A832AE2176}\localserver32 -> C:\Program Files\F-Secure\TOTAL\x64\fshoster64.exe (F-Secure Corporation -> F-Secure Corporation)
CustomCLSID: HKU\S-1-5-21-2420854201-3687077090-4221634867-1002_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v3.3.0\ProtonVPN.exe (Proton AG -> )
CustomCLSID: HKU\S-1-5-21-2420854201-3687077090-4221634867-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2420854201-3687077090-4221634867-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2420854201-3687077090-4221634867-1002_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> D:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2420854201-3687077090-4221634867-1002_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-2420854201-3687077090-4221634867-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Program Files\Autodesk\AutoCAD 2021\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2020-01-22] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2020-01-22] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2024-05-13] (Comodo Security Solutions Inc. -> COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-06-21 23:09 - 2021-11-30 15:52 - 001380864 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\NoVirusThanks\NVT License Manager\libeay32.dll
2024-06-21 23:09 - 2019-12-21 11:55 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\NoVirusThanks\NVT License Manager\ssleay32.dll
2024-07-28 12:34 - 2024-07-28 16:31 - 004890624 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Sandboxie-Plus\libcrypto-3-x64.dll
2024-07-28 12:34 - 2024-07-28 16:31 - 001250816 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Sandboxie-Plus\libssl-3-x64.dll
2024-06-21 22:49 - 2024-07-28 16:31 - 001490432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Sandboxie-Plus\platforms\qwindows.dll
2024-06-21 22:49 - 2024-07-28 16:31 - 006146560 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Sandboxie-Plus\Qt5Core.dll
2024-06-21 22:49 - 2024-07-28 16:31 - 006808576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Sandboxie-Plus\Qt5Gui.dll
2024-06-21 22:49 - 2024-07-28 16:31 - 001306624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Sandboxie-Plus\Qt5Network.dll
2024-06-21 22:49 - 2024-07-28 16:31 - 003614720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Sandboxie-Plus\Qt5Qml.dll
2024-06-21 22:49 - 2024-07-28 16:31 - 005540352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Sandboxie-Plus\Qt5Widgets.dll
2024-06-21 22:49 - 2024-07-28 16:31 - 000230400 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Sandboxie-Plus\Qt5WinExtras.dll
2024-06-21 22:49 - 2024-07-28 16:31 - 000137728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Sandboxie-Plus\styles\qwindowsvistastyle.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR540 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR540.SYS => ""="Driver"
 
==================== Association (Whitelisted) =================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.cmd:  =>  <==== ATTENTION
HKLM\...\.com:  =>  <==== ATTENTION
HKLM\...\.scr:  =>  <==== ATTENTION
HKU\S-1-5-21-2420854201-3687077090-4221634867-1002\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
 
==================== Internet Explorer (Whitelisted) =============
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2024-08-27 10:51 - 2024-08-27 10:51 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-2420854201-3687077090-4221634867-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2420854201-3687077090-4221634867-1002\Control Panel\Desktop\\Wallpaper -> D:\[Wallpapers]\521718.jpg
DNS Servers: 1.1.1.1 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
Network Binding:
=============
Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys
HotspotShield Network Adapter: HotspotShield TAP-Windows Adapter V9 -> hsstap.sys
FSVpnSDKVPNConnection: F-Secure VPN Wintun Userspace Tunnel #2 -> fsvpnwintun.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Local Area Connection: F-Secure VPN Wintun Userspace Tunnel -> fsvpnwintun.sys
 
inspect: COMODO Internet Security Firewall Driver
vmware_bridge: VMware Bridge Protocol
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{44B03D71-4FE4-4F91-B2AF-124AED51320D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EEDBBABF-69F6-43BE-8C66-71FE0A90CE7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{22832B8D-C446-4951-A40E-238EF093CB79}] => (Block) C:\WINDOWS\system32\AtBroker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9313A836-E110-4A78-8CB4-ADE8A84786B4}] => (Block) C:\WINDOWS\SysWOW64\AtBroker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{996C3155-3003-4B82-91E1-78DCA235A2D4}] => (Block) C:\WINDOWS\system32\Audiodg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0A1A22E4-8454-432B-B431-FB11400B7FB7}] => (Block) C:\WINDOWS\system32\BackgroundTransferHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5946F9A6-753A-4D33-AB6B-E31F6BA40C72}] => (Block) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6A1D68A0-B240-484F-B768-F8BB3590885C}] => (Block) C:\WINDOWS\system32\Bash.exe => No File
FirewallRules: [{186FE3EC-A03D-49DA-BAA7-DEBC56CCAF84}] => (Block) C:\WINDOWS\system32\Bitsadmin.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4580EFFA-3FCB-4116-9980-9DE9C825D804}] => (Block) C:\WINDOWS\SysWOW64\Bitsadmin.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E52C29DC-74A1-442C-8A90-5E3481E454EA}] => (Block) C:\WINDOWS\system32\Bitsadmin.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{41556497-D3B3-4E92-B9BA-48E408F436B3}] => (Block) C:\WINDOWS\SysWOW64\Calc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{42EC28AA-87E7-4745-AABB-9367B729C2FF}] => (Block) C:\WINDOWS\system32\Certoc.exe => No File
FirewallRules: [{788035D2-47AF-4387-AA14-EAD87FB9AFC1}] => (Block) C:\WINDOWS\system32\Certreq.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5750802F-242E-4A69-9971-8A40D8438D25}] => (Block) C:\WINDOWS\SysWOW64\Certreq.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6E406020-3581-44B0-B639-081FB521D13D}] => (Block) C:\WINDOWS\system32\Certutil.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8EE971CC-6CA1-43D1-9A43-19C466B44437}] => (Block) C:\WINDOWS\SysWOW64\Certutil.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F5824F89-6FA7-4554-9E41-D32CE936216F}] => (Block) C:\WINDOWS\system32\Cmd.exe
FirewallRules: [{E8B0B79D-74D9-4DC7-9813-2D48F8EEE18E}] => (Block) C:\WINDOWS\SysWOW64\Cmd.exe
FirewallRules: [{41B0CCC0-CF9E-4816-B260-F4574D1EF221}] => (Block) C:\WINDOWS\system32\Cmdl32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{62F1BF5B-8E26-4FDA-B544-4E7BEE1C9BD1}] => (Block) C:\WINDOWS\SysWOW64\Cmdl32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AC1B079F-0EFF-4A98-A1C4-8B481F01FAB9}] => (Block) C:\WINDOWS\system32\CompatTelRunner.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CF1EA063-D174-4A86-9BA8-A56EEA58F865}] => (Block) C:\WINDOWS\system32\Conhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{02429B46-8977-47C8-AF8C-B9181B405640}] => (Block) C:\WINDOWS\system32\Consent.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4849CED0-549B-4EC1-8370-12A76E15B1CA}] => (Block) C:\WINDOWS\system32\Control.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A8457F38-7F8A-4889-A82B-8145546670FC}] => (Block) C:\WINDOWS\SysWOW64\Control.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AB135277-64C4-41CB-9419-B3873CA75CD0}] => (Block) C:\WINDOWS\system32\Cscript.exe
FirewallRules: [{2449D5E2-4F64-46D8-808F-FDDDFC1A53D7}] => (Block) C:\WINDOWS\SysWOW64\Cscript.exe
FirewallRules: [{30050E33-80B7-4A47-9F63-05BE03346D71}] => (Block) C:\WINDOWS\system32\Csrss.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{BFEB1B73-9145-42CB-889C-EB851B6714D0}] => (Block) C:\WINDOWS\system32\Ctfmon.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{48768844-2E98-4F3A-95D8-D9995A56D4C7}] => (Block) C:\WINDOWS\SysWOW64\Ctfmon.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2986192E-67E1-4F87-8DBE-B01202389F45}] => (Block) C:\WINDOWS\system32\Curl.exe (Microsoft 3rd Party Application Component -> curl, hxxps://curl.se/)
FirewallRules: [{357FC742-AD82-44A2-98B2-3828E7870E50}] => (Block) C:\WINDOWS\SysWOW64\Curl.exe (Microsoft 3rd Party Application Component -> curl, hxxps://curl.se/)
FirewallRules: [{D58BEC05-275C-422A-A820-A15A2691B333}] => (Block) C:\WINDOWS\system32\Desktopimgdownldr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{037ECB14-EA16-4295-9AFC-D41993243557}] => (Block) C:\WINDOWS\system32\Diantz.exe => No File
FirewallRules: [{2589649C-108E-4A86-B66E-662079578C77}] => (Block) C:\WINDOWS\system32\Dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D91861EF-5274-477C-B71C-F398FF0403FA}] => (Block) C:\WINDOWS\SysWOW64\Dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7777604D-2BFD-402D-8FA5-0D8402A6EA31}] => (Block) C:\WINDOWS\system32\Dwm.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7C003423-BA7D-4304-9218-45E1745C4B0E}] => (Block) C:\WINDOWS\system32\Esentutl.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{84CB3720-29FA-4A1D-9FE0-7E909F09F65A}] => (Block) C:\WINDOWS\SysWOW64\Esentutl.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{960363D9-A7A7-4E34-8DB0-E71CCF4E8C26}] => (Block) C:\WINDOWS\system32\Eventvwr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{35DE58C5-5E26-48D9-A2F9-C1E1A97FC1F6}] => (Block) C:\WINDOWS\SysWOW64\Eventvwr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{964E3435-E8C4-4F9A-A5B8-2359A62150F7}] => (Block) C:\WINDOWS\system32\Expand.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{ADFDD4DD-E662-4F66-840D-3A18AB33E163}] => (Block) C:\WINDOWS\SysWOW64\Expand.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{243B1D2F-2D66-446C-B237-E27B35BA354C}] => (Block) C:\WINDOWS\Explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E4F91A92-D5A6-46D0-9964-39E3722C93BF}] => (Block) C:\Program Files\Internet Explorer\ExtExport.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C083279B-D0C7-4E1F-9627-F94BB23DC72A}] => (Block) C:\WINDOWS\system32\Extract32.exe => No File
FirewallRules: [{7E6274D2-6530-4214-B7F8-49196B8C3C31}] => (Block) C:\WINDOWS\system32\Findstr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9241EC9B-12F3-4A60-9804-99B724BDB3D7}] => (Block) C:\WINDOWS\SysWOW64\Findstr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A659FF67-E7E8-4CCC-93AB-5BE46D38BD31}] => (Block) C:\WINDOWS\system32\Finger.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BA2B09E8-7B5E-4A0B-A4B4-0294D7DCC1AE}] => (Block) C:\WINDOWS\SysWOW64\Finger.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{58A0450B-068F-4812-8F05-207F65C61285}] => (Block) C:\WINDOWS\system32\Fontdrvhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FD9BC7DD-8A88-4EAF-AF56-73803F29B819}] => (Block) C:\WINDOWS\SysWOW64\Fontdrvhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{64E6721F-AAFA-4D99-87A1-0E2B703490A8}] => (Block) C:\WINDOWS\system32\Ftp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{31A84C4A-BE55-4AA9-8036-92550E4BF8AB}] => (Block) C:\WINDOWS\SysWOW64\Ftp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3A506972-D46A-459E-B55C-0039CAC2A9CE}] => (Block) C:\WINDOWS\HH.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3F4E19D3-B845-437C-8786-BEF47D378BA2}] => (Block) C:\WINDOWS\system32\Ie4uinit.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{94B759DC-2406-4274-9B4B-EC2DA942A6CD}] => (Block) C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6716F372-FD89-4133-8B77-C748A4F077B8}] => (Block) C:\Program Files (x86)\Internet Explorer\Iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{458C2D6A-87C8-417B-85AD-745809C63894}] => (Block) C:\WINDOWS\system32\IME\SHARED\IMEWDBLD.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{748EFDC9-DE9E-4F92-8CDB-8947699F1705}] => (Block) C:\WINDOWS\system32\Lsass.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{04C46F94-1C08-4D38-A1C6-FDADC1AE15C4}] => (Block) C:\WINDOWS\system32\Makecab.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF096AF5-C4B0-4346-8D22-103CC6157371}] => (Block) C:\WINDOWS\SysWOW64\Makecab.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D216B596-C325-4AE4-AF2B-E512E4CD63AC}] => (Block) C:\WINDOWS\system32\Mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5D253E12-D819-4FA1-8D0E-146CA1348990}] => (Block) C:\WINDOWS\SysWOW64\Mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6C8B6ACC-D11F-4E16-8055-7B5EBBC1A3A7}] => (Block) C:\Program Files\Microsoft\Edge\Application\msedge.exe => No File
FirewallRules: [{C60B2F42-0054-4D98-926C-4AFD8EC1F52C}] => (Block) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C85E157D-BADC-4965-BE49-9F006A4E1172}] => (Block) C:\WINDOWS\system32\Mshta.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{77B65530-C363-4F1B-95DD-A1D68F1F39DD}] => (Block) C:\WINDOWS\SysWOW64\Mshta.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{658AA177-605E-487D-A43D-05CC95456A75}] => (Block) C:\WINDOWS\system32\Msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{37930BC6-F04C-4FD4-8912-2A93CDA5F899}] => (Block) C:\WINDOWS\SysWOW64\Msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{21DCF5B5-B62B-4735-A6C6-20AAEDF4F237}] => (Block) C:\WINDOWS\system32\Msinfo32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B32E26C0-581F-4537-9100-E901B904C1A4}] => (Block) C:\WINDOWS\SysWOW64\Msinfo32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{10AB2519-6916-4A68-8C7C-21D392D1A0F7}] => (Block) C:\WINDOWS\system32\Notepad.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8330C945-D560-4F4D-9696-196E14295D9A}] => (Block) C:\WINDOWS\Notepad.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A805503E-317B-48DA-8403-F7CBD50EFD32}] => (Block) C:\WINDOWS\SysWOW64\Notepad.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D8A5B645-6298-46D1-8B2B-116DF4773C32}] => (Block) C:\WINDOWS\system32\Odbcconf.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F2C083EF-36C5-4E69-BC2B-A4015ADD1FF9}] => (Block) C:\WINDOWS\SysWOW64\Odbcconf.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BEBBAE6A-86BE-4343-B3F0-68AE91E2716F}] => (Block) C:\WINDOWS\system32\Pcalua.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9B29CF5D-C922-43CB-BFCD-AA07AF3C3CBF}] => (Block) powershell.exe => No File
FirewallRules: [{4A28881E-7C44-43C1-8CAE-961FCC9CFCCA}] => (Block) powershell.exe => No File
FirewallRules: [{2B318C85-29B1-4946-87C1-437516C6053E}] => (Block) C:\WINDOWS\system32\PresentationHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{35924A09-C004-40FF-AA03-14906C79DC59}] => (Block) C:\WINDOWS\SysWOW64\PresentationHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CCDFDAEB-500A-4CE8-BF0D-483B818F6C2F}] => (Block) C:\WINDOWS\system32\Prevhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4ED79BDA-DE3B-4CCE-B3A5-FBC5E7DB2470}] => (Block) C:\WINDOWS\SysWOW64\Prevhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{86DC1718-02BB-4B79-8F63-C093A6B27D3F}] => (Block) C:\WINDOWS\system32\Quickassist.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E3EA3555-7ABE-4837-B1DF-3377ED7EA487}] => (Block) C:\WINDOWS\SysWOW64\Quickassist.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CEB54EDF-E021-46A2-B12C-DB63730CC9FB}] => (Block) C:\WINDOWS\system32\Regsvr32.exe
FirewallRules: [{76E42C38-28A9-45EC-94C3-29EB19E2A760}] => (Block) C:\WINDOWS\SysWOW64\Regsvr32.exe
FirewallRules: [{DA04E987-9BF5-4DBE-B73B-CF9B6E9D9803}] => (Block) C:\WINDOWS\system32\Rundll32.exe
FirewallRules: [{286DF04B-1997-4928-A29C-C34E626DF733}] => (Block) C:\WINDOWS\SysWOW64\Rundll32.exe
FirewallRules: [{AC957274-0CF9-445B-95E0-C1A0ED134C6F}] => (Block) C:\WINDOWS\system32\RuntimeBroker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{65D52D65-2C5D-4E49-A603-1CA9A005E939}] => (Block) C:\WINDOWS\system32\wbem\Scrcons.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{376BDA4D-1C1F-4EC6-8545-D4AA35645D55}] => (Block) C:\WINDOWS\system32\ScriptRunner.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E86895E8-E510-4635-BA02-44707E11182B}] => (Block) C:\WINDOWS\system32\SearchIndexer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CAA3A9DB-2EE8-46B2-A6F4-1E63173D1C5E}] => (Block) C:\WINDOWS\SysWOW64\SearchIndexer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8E12DB8A-D9E1-4555-AEF9-EF6E7BBB800E}] => (Block) C:\WINDOWS\system32\Services.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{DD2C6C6D-CB4A-4DBB-931F-EFC6F6E87B33}] => (Block) C:\WINDOWS\system32\Sihost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{528AD0B7-D639-49D3-A372-4416E857E0EB}] => (Block) C:\WINDOWS\system32\Smss.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{3BE4980F-B7DE-4B9C-A3A4-180E88A4AB15}] => (Block) C:\WINDOWS\system32\SyncAppvPublishingServer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{6538BC90-3FA3-4FF0-97EA-850E4EFD00AA}] => (Block) C:\WINDOWS\system32\Taskhostw.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9C790A91-9B6F-4B9B-ACC8-37EFD77ED46A}] => (Block) C:\WINDOWS\system32\Telnet.exe => No File
FirewallRules: [{64210762-7842-4419-8631-13445E184466}] => (Block) C:\WINDOWS\system32\Tftp.exe => No File
FirewallRules: [{03B56FCF-ACFF-4515-9A5D-3C2020EA430D}] => (Block) C:\WINDOWS\system32\WerFault.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF213DA8-3CD3-4FE0-A7E7-8B6AE73D6418}] => (Block) C:\WINDOWS\SysWOW64\WerFault.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5CD11593-5AC0-42C5-A723-E17F3AC11573}] => (Block) C:\WINDOWS\system32\Wermgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{064E006F-66FB-4ADF-AE81-142FA0EB5FC0}] => (Block) C:\WINDOWS\SysWOW64\Wermgr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{EABD55D4-A749-43C4-9A71-59D4244F4775}] => (Block) C:\WINDOWS\system32\Wininit.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{9B7FEF58-2FFA-481E-A30A-354E636610B0}] => (Block) C:\WINDOWS\system32\Winlogon.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{556B5D19-95EF-4017-8AFE-C7EFD21131BC}] => (Block) C:\WINDOWS\system32\WinSAT.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F1804E60-59F7-4910-813C-6779F4D6C82B}] => (Block) C:\WINDOWS\system32\Wmic.exe => No File
FirewallRules: [{BC30D956-A725-4256-8177-B06D1ACD1EBB}] => (Block) C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0B25A934-A2BC-4547-8452-685B689308F0}] => (Block) C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{FB612BCD-53A8-4D0F-AF11-4F3381386A8C}] => (Block) C:\Program Files\Windows NT\Accessories\Wordpad.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8E7E5312-B5A9-47F0-8C47-07817F37F561}] => (Block) C:\Program Files (x86)\Windows NT\Accessories\Wordpad.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9B04C3AA-81E4-44C6-8DC9-3FDCA9B507A2}] => (Block) C:\WINDOWS\system32\Wsl.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F14BEFFF-C521-4D49-94CA-F37D383FB92B}] => (Block) C:\WINDOWS\system32\Wscript.exe
FirewallRules: [{1E670AFA-3641-491F-847A-DE806DF9CD16}] => (Block) C:\WINDOWS\SysWOW64\Wscript.exe
FirewallRules: [{9582A2D2-A358-42CE-B2DE-D7C0C89A88B6}] => (Block) C:\WINDOWS\system32\Xwizard.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F5512BEB-ED9A-4F2C-8DEA-E7BB45766874}] => (Block) C:\WINDOWS\SysWOW64\Xwizard.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{802963BB-DD98-4CA0-B40F-D4AC3A70146E}] => (Block) C:\Program Files\WindowsApps\microsoft.zunemusic_11.2405.8.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe => No File
FirewallRules: [{3F0E4C61-BE22-477F-8CD0-4F81095B4340}] => (Block) C:\WINDOWS\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{82900273-20DB-455F-A2EA-087BF7FDD710}] => (Block) C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A78554ED-998E-4BC0-85C4-3EF47076DFFE}] => (Block) C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DFD49686-D80C-49FA-B020-43AC2647EA2E}] => (Block) C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe (Microsoft Windows -> )
FirewallRules: [{1A6E7E19-BEC3-48FE-925C-F78FE66A1536}] => (Block) C:\Program Files\WindowsApps\microsoft.zunevideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe => No File
FirewallRules: [{AFD06A47-6111-4F6D-82A5-31281D89D1FF}] => (Block) C:\Program Files\WindowsApps\microsoft.windowscamera_2024.2405.18.0_x64__8wekyb3d8bbwe\WindowsCamera.exe => No File
FirewallRules: [{9F49DC0A-B3C5-48E9-BBB8-23DACD80907C}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB9C1CF8-E60B-4E1B-861D-3EE61CE9931A}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{00927B67-06DE-4AEC-99D5-1E9D8447811E}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4028C2B7-4EBF-4119-A8DE-1AF967D7ED88}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\csc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{32A7BC07-0C08-4116-B228-72C92E975234}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3BB248EC-8B73-49D8-8A58-2F566DBE0CB4}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E83BF3BF-E212-4C9E-8A6D-7CF8DC2826A4}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68D0158D-3DF2-467F-B47E-B29CB0952628}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F31E8A3A-B05E-441C-87E9-AE5C88657645}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{41420214-D6C5-4EB8-9FBA-6761228D5222}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{376CBF67-E076-4D9D-9A44-A1A93C89E08B}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ilasm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20C232C3-ABEF-46F8-8019-C389BD3F143F}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D662519E-3385-487E-A68D-5ACF9AC96E96}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06AA562A-3A5C-4DA1-A108-4BFDA8F252EB}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D447A074-68A6-4F1B-B116-5A35B42649CD}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B7A7105-CE7F-4F5C-B39E-E6C1C569F281}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\jsc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13CE411B-407D-4683-A09F-7417EA8EA3A3}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F382CEA8-B51B-4C02-AF79-5D0DC52ADDF9}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9188F506-A474-4B4F-B025-321A6063DF91}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B774F6AA-630D-4D66-B098-66EE1521E26F}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{46D53051-554B-4A37-BAD7-37642D0D5B3B}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
FirewallRules: [{4B51A421-A3ED-4019-80A8-C5851DE1E6CE}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
FirewallRules: [{217444ED-AF93-4F5E-8CFF-DF49C3D59E5E}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D7192488-7550-462B-9479-612CFB67DD98}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\ngen.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D2C2D813-6553-4236-97A5-9786A36E5C52}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngentask.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE4DD154-8374-4607-8340-0BE3CBE359D5}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DFD72E6E-1ABA-4B33-992C-63D6F9336951}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
FirewallRules: [{3538DAD8-ADE7-4178-9859-E62EE6CE0113}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
FirewallRules: [{2B1F3F0C-2755-4D9E-B1E3-A53F71AF37FE}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
FirewallRules: [{A6F7A9B7-A2CC-471B-AB09-C07D1C8CE463}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
FirewallRules: [{CE9BB4E2-D9BB-44DC-B22A-41D03C159315}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33514A8C-B76F-45E6-868A-9D116B4BDE21}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7A3C0B8E-45BE-4FC2-A804-4B86F36E4DA4}] => (Block) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6521E7C-2029-4608-99E7-142A23271F96}] => (Block) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D6FB3A49-B532-4BAF-A93E-E1A36A58A2AB}] => (Block) C:\Program Files\Common Files\Microsoft Shared\Equation\Eqnedt32.exe => No File
FirewallRules: [{A0DADFCA-B845-4235-8863-C1FFDBD63BB3}] => (Block) C:\Program Files (x86)\Common Files\Microsoft Shared\Equation\Eqnedt32.exe => No File
FirewallRules: [{BF0AFA03-710C-412E-B944-9B6455B73279}] => (Block) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Equation\Eqnedt32.exe => No File
FirewallRules: [{469FC67E-7B99-4D77-8A60-C949D47DDB20}] => (Block) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Equation\Eqnedt32.exe => No File
FirewallRules: [{AF43A252-4A78-40E0-8AA3-44A8A32EBBC8}] => (Block) C:\Program Files\Microsoft Office\Office11\Excel.exe => No File
FirewallRules: [{18AF2844-8645-414C-A339-F9A4F97794D5}] => (Block) C:\Program Files\Microsoft Office\Office12\Excel.exe => No File
FirewallRules: [{FDD15A4E-3897-4295-AAC7-C550D76E7889}] => (Block) C:\Program Files\Microsoft Office\Office14\Excel.exe => No File
FirewallRules: [{DFE75FA9-41B4-4C3A-8FC6-30E79508EF86}] => (Block) C:\Program Files\Microsoft Office\Office15\Excel.exe => No File
FirewallRules: [{DE7423D4-45E1-45B6-9E77-02A4DF89815F}] => (Block) C:\Program Files\Microsoft Office\Office16\Excel.exe => No File
FirewallRules: [{1A27A1F4-F890-49EB-ACA8-4A38088D7DB8}] => (Block) C:\Program Files (x86)\Microsoft Office\Office11\Excel.exe => No File
FirewallRules: [{9C5EC9FA-2B2C-445D-A32D-C3784C98ECAD}] => (Block) C:\Program Files (x86)\Microsoft Office\Office12\Excel.exe => No File
FirewallRules: [{0D29A4E6-6A29-4A0E-BA34-4C6348E04EAB}] => (Block) C:\Program Files (x86)\Microsoft Office\Office14\Excel.exe => No File
FirewallRules: [{D65B57EC-5CC3-473F-AC14-DC114862F5FC}] => (Block) C:\Program Files (x86)\Microsoft Office\Office15\Excel.exe => No File
FirewallRules: [{D47302FD-DE37-4453-9452-9B8F7895DE70}] => (Block) C:\Program Files (x86)\Microsoft Office\Office16\Excel.exe => No File
FirewallRules: [{DCDA5BD7-F7B0-4F44-A992-C3BE6EC4FBD3}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office11\Excel.exe => No File
FirewallRules: [{78C6A539-0FD3-4DE0-BE9F-59DFB4CFD21F}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office12\Excel.exe => No File
FirewallRules: [{696DDE24-5C74-4221-9BF5-A5C4D205C9A2}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office14\Excel.exe => No File
FirewallRules: [{9E4E42C3-6234-4A69-98AD-8CC7CE2E5CBD}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office15\Excel.exe => No File
FirewallRules: [{DA12856C-B016-41E9-AB57-EE4E35C50236}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office16\Excel.exe => No File
FirewallRules: [{538D6C68-9A3A-4665-97EF-6DCF28B7C0EB}] => (Block) C:\Program Files\Microsoft Office\root\Office11\Excel.exe => No File
FirewallRules: [{53B93177-18F0-4B79-9841-5F674A3E2905}] => (Block) C:\Program Files\Microsoft Office\root\Office12\Excel.exe => No File
FirewallRules: [{EB121163-FFC0-4B2C-BB75-85EB4E03512A}] => (Block) C:\Program Files\Microsoft Office\root\Office14\Excel.exe => No File
FirewallRules: [{6E4B41A3-488A-44AA-917C-819B507FF706}] => (Block) C:\Program Files\Microsoft Office\root\Office15\Excel.exe => No File
FirewallRules: [{883C321B-570B-4AF6-9221-D18E1E82ED36}] => (Block) C:\Program Files\Microsoft Office\root\Office16\Excel.exe => No File
FirewallRules: [{BC8B84A0-B2F3-49DE-8F53-0E8F75759F55}] => (Block) C:\Program Files\Microsoft Office 14\ClientX64\Root\Office14\Excel.exe => No File
FirewallRules: [{594EB5E0-1685-465B-AB66-526AECF057B1}] => (Block) C:\Program Files\Microsoft Office 15\ClientX64\Root\Office15\Excel.exe => No File
FirewallRules: [{5CFF0838-36C1-4427-ACB7-3366327EE0F6}] => (Block) C:\Program Files\Microsoft Office 16\ClientX64\Root\Office16\Excel.exe => No File
FirewallRules: [{7BC6F1C1-3FE4-49C7-B9BF-63C8CDDFDA1C}] => (Block) C:\Program Files (x86)\Microsoft Office 14\ClientX86\Root\Office14\Excel.exe => No File
FirewallRules: [{67A8AB89-5C32-4B21-B4D4-7BE898140D64}] => (Block) C:\Program Files (x86)\Microsoft Office 15\ClientX86\Root\Office15\Excel.exe => No File
FirewallRules: [{E073277D-F92F-4FB9-BA70-7ED347D77678}] => (Block) C:\Program Files (x86)\Microsoft Office 16\ClientX86\Root\Office16\Excel.exe => No File
FirewallRules: [{DC08EAB6-3D16-466C-A97C-9F7549D32C49}] => (Block) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE => No File
FirewallRules: [{3AE8263E-65C8-4CFA-A814-60E761EC19F2}] => (Block) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE => No File
FirewallRules: [{7638DD05-BD99-487F-9CC6-A5014CBA6837}] => (Block) C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE => No File
FirewallRules: [{3E93616E-5E83-44A9-B3A5-90FE32F007E9}] => (Block) C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLED.EXE => No File
FirewallRules: [{F98A08EB-78E7-447A-AC6E-35FF92DAAC26}] => (Block) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSOXMLED.EXE => No File
FirewallRules: [{078DB312-7FF8-4B03-A994-A8250438A8E8}] => (Block) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE => No File
FirewallRules: [{C311B063-F409-4B8E-A661-AD84EBA3AF9E}] => (Block) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE => No File
FirewallRules: [{08B6804B-B6D7-4D5E-AA86-C24038E2DC7D}] => (Block) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE => No File
FirewallRules: [{5142E6E6-31F7-47AE-A0FA-08755D1D255F}] => (Block) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLED.EXE => No File
FirewallRules: [{1A4D0383-B892-42BE-985A-9E0BCFA29773}] => (Block) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLED.EXE => No File
FirewallRules: [{6409EC29-41E9-4569-B24A-7ABF65F675F2}] => (Block) C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE14\MSOXMLED.EXE => No File
FirewallRules: [{A3BE5558-5909-4DAF-8FA0-23E0CE541E37}] => (Block) C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOXMLED.EXE => No File
FirewallRules: [{D2C13612-CEB5-4A22-8F50-D19B84B032EB}] => (Block) C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE => No File
FirewallRules: [{7650D62E-81DD-48EE-9800-2EAA6963C895}] => (Block) C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE14\MSOXMLED.EXE => No File
FirewallRules: [{73D1692D-6DE0-4A5C-B222-66A75DAAC386}] => (Block) C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOXMLED.EXE => No File
FirewallRules: [{AE569649-252C-4DCF-AC8F-4549D330ABF0}] => (Block) C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLED.EXE => No File
FirewallRules: [{38F5D074-B587-4A35-A435-ABD8B4D7C6C6}] => (Block) C:\Program Files\Microsoft Office\Office11\MsPub.exe => No File
FirewallRules: [{FC518323-CB56-4895-94DC-C3EE030903BF}] => (Block) C:\Program Files\Microsoft Office\Office12\MsPub.exe => No File
FirewallRules: [{7DC4A9E5-4DD3-45AA-A11E-6808CDF2EAD7}] => (Block) C:\Program Files\Microsoft Office\Office14\MsPub.exe => No File
FirewallRules: [{70ED1D9C-5B2C-4331-B4B2-2AE6D85912A6}] => (Block) C:\Program Files\Microsoft Office\Office15\MsPub.exe => No File
FirewallRules: [{0192373E-8924-465C-AE74-74EE017F166D}] => (Block) C:\Program Files\Microsoft Office\Office16\MsPub.exe => No File
FirewallRules: [{C0B926A3-BFFC-4D5E-A621-D10C31383C53}] => (Block) C:\Program Files (x86)\Microsoft Office\Office11\MsPub.exe => No File
FirewallRules: [{37C8A1F4-F03E-45D6-BC22-8130F735BDEF}] => (Block) C:\Program Files (x86)\Microsoft Office\Office12\MsPub.exe => No File
FirewallRules: [{EE1718E2-8021-4C79-B10A-6F80DC71CAE1}] => (Block) C:\Program Files (x86)\Microsoft Office\Office14\MsPub.exe => No File
FirewallRules: [{7F2EC963-6A83-4BB3-AB2D-4EBB02180331}] => (Block) C:\Program Files (x86)\Microsoft Office\Office15\MsPub.exe => No File
FirewallRules: [{E762B869-CBCD-4A81-92D3-3708D881F353}] => (Block) C:\Program Files (x86)\Microsoft Office\Office16\MsPub.exe => No File
FirewallRules: [{CEDC09B4-9B4F-46AE-B59D-54345EE54931}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office11\MsPub.exe => No File
FirewallRules: [{239FB2B4-E512-480F-9A7C-3923F316CFEC}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office12\MsPub.exe => No File
FirewallRules: [{23F03DCC-CBE9-4D34-92EB-D8DE3FDA15BE}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office14\MsPub.exe => No File
FirewallRules: [{DBA5F9A8-605D-41A1-B5A5-7E39859A25A7}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office15\MsPub.exe => No File
FirewallRules: [{DB6DB34D-69F2-4C12-9AD5-D35D53E9D25B}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office16\MsPub.exe => No File
FirewallRules: [{98DFB328-DDC0-43A9-A8C1-94869BA7EF7C}] => (Block) C:\Program Files\Microsoft Office\root\Office11\MsPub.exe => No File
FirewallRules: [{C75446CD-A639-43D8-9ABF-2788D329D11B}] => (Block) C:\Program Files\Microsoft Office\root\Office12\MsPub.exe => No File
FirewallRules: [{21231C1D-5400-4A3D-B1A1-BCCA440D0BFB}] => (Block) C:\Program Files\Microsoft Office\root\Office14\MsPub.exe => No File
FirewallRules: [{D8619249-0E68-494F-938B-C0F8918E71E6}] => (Block) C:\Program Files\Microsoft Office\root\Office15\MsPub.exe => No File
FirewallRules: [{1926DF0C-63BE-42E5-8445-5AB73218DD00}] => (Block) C:\Program Files\Microsoft Office\root\Office16\MsPub.exe => No File
FirewallRules: [{2D76F710-1397-4E7C-B2C3-2B72B8D51DA6}] => (Block) C:\Program Files\Microsoft Office 14\ClientX64\Root\Office14\MsPub.exe => No File
FirewallRules: [{F2DBAE40-83B4-4C19-B6D0-3E80103C7966}] => (Block) C:\Program Files\Microsoft Office 15\ClientX64\Root\Office15\MsPub.exe => No File
FirewallRules: [{8075783C-E1D7-404C-A828-0721AD4F5C1A}] => (Block) C:\Program Files\Microsoft Office 16\ClientX64\Root\Office16\MsPub.exe => No File
FirewallRules: [{945AFC77-01F1-4CAC-A8C5-098CDA650F9F}] => (Block) C:\Program Files (x86)\Microsoft Office 14\ClientX86\Root\Office14\MsPub.exe => No File
FirewallRules: [{2B84876B-8EBF-40C8-9CCA-F7EB07917584}] => (Block) C:\Program Files (x86)\Microsoft Office 15\ClientX86\Root\Office15\MsPub.exe => No File
FirewallRules: [{629791A5-54A8-43A0-986F-5B39FB5EAC1C}] => (Block) C:\Program Files (x86)\Microsoft Office 16\ClientX86\Root\Office16\MsPub.exe => No File
FirewallRules: [{923F2AC4-C8EE-4286-B28E-338A362DABD3}] => (Block) C:\Program Files\Microsoft Office\Office11\OneNote.exe => No File
FirewallRules: [{7DDCC8F3-8964-4BA5-9773-258C69701FE4}] => (Block) C:\Program Files\Microsoft Office\Office12\OneNote.exe => No File
FirewallRules: [{60B09230-1267-4E0B-BACA-C9F903BE181A}] => (Block) C:\Program Files\Microsoft Office\Office14\OneNote.exe => No File
FirewallRules: [{F5E0705B-4A9F-45C9-9509-D1183E44C257}] => (Block) C:\Program Files\Microsoft Office\Office15\OneNote.exe => No File
FirewallRules: [{021DB843-2267-4CB1-BBB1-AF6119A770C7}] => (Block) C:\Program Files\Microsoft Office\Office16\OneNote.exe => No File
FirewallRules: [{9A9A724F-36CB-4839-AE89-AE78D04CA051}] => (Block) C:\Program Files (x86)\Microsoft Office\Office11\OneNote.exe => No File
FirewallRules: [{E5BD19B1-885B-4778-99F7-A4C8C2415404}] => (Block) C:\Program Files (x86)\Microsoft Office\Office12\OneNote.exe => No File
FirewallRules: [{A4AE8272-2A1D-4A26-B3BE-5408A54C2186}] => (Block) C:\Program Files (x86)\Microsoft Office\Office14\OneNote.exe => No File
FirewallRules: [{8B1BC4A7-BB3A-4816-A0CB-F6E8B643B6A8}] => (Block) C:\Program Files (x86)\Microsoft Office\Office15\OneNote.exe => No File
FirewallRules: [{B4B1C39B-F8ED-46DF-91CC-1432C11D2DBD}] => (Block) C:\Program Files (x86)\Microsoft Office\Office16\OneNote.exe => No File
FirewallRules: [{5F4E5057-F1FA-478B-B4CB-D04402E49381}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office11\OneNote.exe => No File
FirewallRules: [{E4BA680C-2994-41C0-9FC5-616A06220153}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office12\OneNote.exe => No File
FirewallRules: [{C9922650-A7FE-4148-A4F0-A13D6BE05AAC}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office14\OneNote.exe => No File
FirewallRules: [{3EA14B87-6687-4C8E-8DED-56B133FD65C9}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office15\OneNote.exe => No File
FirewallRules: [{8ED27C99-BC6E-429A-A520-5E33C2BA208C}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office16\OneNote.exe => No File
FirewallRules: [{F2B91DF4-1F97-4B33-9152-C6F9C7AE2BEA}] => (Block) C:\Program Files\Microsoft Office\root\Office11\OneNote.exe => No File
FirewallRules: [{67449949-B7AA-42F7-BA96-D55FE6C4431D}] => (Block) C:\Program Files\Microsoft Office\root\Office12\OneNote.exe => No File
FirewallRules: [{D79B3E8D-F7A2-4FEB-88FB-91EE79877DAA}] => (Block) C:\Program Files\Microsoft Office\root\Office14\OneNote.exe => No File
FirewallRules: [{3B9C25CA-ADAD-4CB6-BC59-3DC3092E9259}] => (Block) C:\Program Files\Microsoft Office\root\Office15\OneNote.exe => No File
FirewallRules: [{BC38501D-1454-43DF-AAB6-51B9BEC6A836}] => (Block) C:\Program Files\Microsoft Office\root\Office16\OneNote.exe => No File
FirewallRules: [{63F22018-6BAA-402C-A1C9-72F2F9759328}] => (Block) C:\Program Files\Microsoft Office 14\ClientX64\Root\Office14\OneNote.exe => No File
FirewallRules: [{3CAD175B-A0B8-4D44-9DFB-AFE628E43166}] => (Block) C:\Program Files\Microsoft Office 15\ClientX64\Root\Office15\OneNote.exe => No File
FirewallRules: [{BCBD3895-C04B-43C1-B727-BBB26218C6DA}] => (Block) C:\Program Files\Microsoft Office 16\ClientX64\Root\Office16\OneNote.exe => No File
FirewallRules: [{35F40C94-2953-4020-96AA-0782F8529C82}] => (Block) C:\Program Files (x86)\Microsoft Office 14\ClientX86\Root\Office14\OneNote.exe => No File
FirewallRules: [{33B5D5FD-27B8-48F7-A229-445DE8E1A6E0}] => (Block) C:\Program Files (x86)\Microsoft Office 15\ClientX86\Root\Office15\OneNote.exe => No File
FirewallRules: [{1886EB8E-F09C-4D38-AC7E-8496C56E7C4F}] => (Block) C:\Program Files (x86)\Microsoft Office 16\ClientX86\Root\Office16\OneNote.exe => No File
FirewallRules: [{98B264EB-52DF-4D33-96C5-827296B19A70}] => (Block) C:\Program Files\Microsoft Office\Office11\Powerpnt.exe => No File
FirewallRules: [{50053F0E-17D7-4EA8-877A-0AFE5F015DF6}] => (Block) C:\Program Files\Microsoft Office\Office12\Powerpnt.exe => No File
FirewallRules: [{0AF0BAFD-9809-449D-AD13-1CE41DEE97C9}] => (Block) C:\Program Files\Microsoft Office\Office14\Powerpnt.exe => No File
FirewallRules: [{EA0465D5-6CDE-43D3-9651-C370750F8C5F}] => (Block) C:\Program Files\Microsoft Office\Office15\Powerpnt.exe => No File
FirewallRules: [{27DA9DEB-9142-48E6-8381-F5C74EDC7246}] => (Block) C:\Program Files\Microsoft Office\Office16\Powerpnt.exe => No File
FirewallRules: [{BFFDECA2-D555-4003-9E7E-C306000F3F3E}] => (Block) C:\Program Files (x86)\Microsoft Office\Office11\Powerpnt.exe => No File
FirewallRules: [{BBF4DAF9-794D-427E-A7B4-B874DC1F162E}] => (Block) C:\Program Files (x86)\Microsoft Office\Office12\Powerpnt.exe => No File
FirewallRules: [{D89B7436-0203-446B-AA5F-9D4A541D2613}] => (Block) C:\Program Files (x86)\Microsoft Office\Office14\Powerpnt.exe => No File
FirewallRules: [{0CFB8CDF-50A5-403D-8A22-7AFB94838FD4}] => (Block) C:\Program Files (x86)\Microsoft Office\Office15\Powerpnt.exe => No File
FirewallRules: [{E37539C1-9C73-4C37-B9A2-784D9DAFB7A2}] => (Block) C:\Program Files (x86)\Microsoft Office\Office16\Powerpnt.exe => No File
FirewallRules: [{59049184-9952-4AE1-ADD2-1CD3DACA497C}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office11\Powerpnt.exe => No File
FirewallRules: [{885C8BD5-585B-4011-9CF6-256AE6C06920}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office12\Powerpnt.exe => No File
FirewallRules: [{75999DFC-9741-40DA-94E8-37C1D71D29D0}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office14\Powerpnt.exe => No File
FirewallRules: [{1718C344-4A28-4C2E-94DC-DDA25BEC345E}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office15\Powerpnt.exe => No File
FirewallRules: [{8EC02617-2232-41C8-8BDE-E46C8947E75C}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office16\Powerpnt.exe => No File
FirewallRules: [{C4E18329-1545-403D-93F8-B764F8D4AA35}] => (Block) C:\Program Files\Microsoft Office\root\Office11\Powerpnt.exe => No File
FirewallRules: [{996AF31A-F357-4270-82E9-081B23C6A312}] => (Block) C:\Program Files\Microsoft Office\root\Office12\Powerpnt.exe => No File
FirewallRules: [{305AE70B-18C7-46E8-8984-9699423F8EAC}] => (Block) C:\Program Files\Microsoft Office\root\Office14\Powerpnt.exe => No File
FirewallRules: [{09BB9F42-02E1-472E-8A51-E25E5D20ED22}] => (Block) C:\Program Files\Microsoft Office\root\Office15\Powerpnt.exe => No File
FirewallRules: [{07B11748-D561-44CF-B0BD-5D83702A3972}] => (Block) C:\Program Files\Microsoft Office\root\Office16\Powerpnt.exe => No File
FirewallRules: [{61F0E515-2972-4FD8-BA20-8923256B7EE4}] => (Block) C:\Program Files\Microsoft Office 14\ClientX64\Root\Office14\Powerpnt.exe => No File
FirewallRules: [{C038F5F6-1B5B-4D7A-B485-7EF9179E5C31}] => (Block) C:\Program Files\Microsoft Office 15\ClientX64\Root\Office15\Powerpnt.exe => No File
FirewallRules: [{883842F3-2C61-433E-AEA2-F13F7167CADC}] => (Block) C:\Program Files\Microsoft Office 16\ClientX64\Root\Office16\Powerpnt.exe => No File
FirewallRules: [{DB94C548-1C3D-418C-A3C8-15AFD694FFC3}] => (Block) C:\Program Files (x86)\Microsoft Office 14\ClientX86\Root\Office14\Powerpnt.exe => No File
FirewallRules: [{32B948B5-C288-44EC-BC69-B65A21569EF5}] => (Block) C:\Program Files (x86)\Microsoft Office 15\ClientX86\Root\Office15\Powerpnt.exe => No File
FirewallRules: [{CC8DD2EF-3BE6-4C85-BCE7-7996AD38ED9B}] => (Block) C:\Program Files (x86)\Microsoft Office 16\ClientX86\Root\Office16\Powerpnt.exe => No File
FirewallRules: [{B2B237D7-FA9B-48F1-BA02-668DC38575D4}] => (Block) C:\Program Files\Microsoft Office\Root\Office11\protocolhandler.exe => No File
FirewallRules: [{91F2C518-1E43-4765-9664-E5FAB7D04D9D}] => (Block) C:\Program Files\Microsoft Office\Root\Office12\protocolhandler.exe => No File
FirewallRules: [{50DCC1DA-B791-4EBE-B6A1-0B111D37C88C}] => (Block) C:\Program Files\Microsoft Office\Root\Office14\protocolhandler.exe => No File
FirewallRules: [{188C6150-01E6-4CCC-9D03-868385A6C300}] => (Block) C:\Program Files\Microsoft Office\Root\Office15\protocolhandler.exe => No File
FirewallRules: [{464BFFA7-CCEC-4526-8F1D-271F19391AFD}] => (Block) C:\Program Files\Microsoft Office\Root\Office16\protocolhandler.exe => No File
FirewallRules: [{205649FF-ABC2-4F15-9B64-F0BB590C97C9}] => (Block) C:\Program Files (x86)\Microsoft Office\Root\Office11\protocolhandler.exe => No File
FirewallRules: [{1C3F8F97-0185-41B6-BB74-171996CC8331}] => (Block) C:\Program Files (x86)\Microsoft Office\Root\Office12\protocolhandler.exe => No File
FirewallRules: [{33E3128A-F2B6-46CF-9734-556CC982F913}] => (Block) C:\Program Files (x86)\Microsoft Office\Root\Office14\protocolhandler.exe => No File
FirewallRules: [{01C40F4E-41C5-4153-AF60-FA9DFBCA2CD6}] => (Block) C:\Program Files (x86)\Microsoft Office\Root\Office15\protocolhandler.exe => No File
FirewallRules: [{70C73231-63BB-4D91-9537-DB5ED1018305}] => (Block) C:\Program Files (x86)\Microsoft Office\Root\Office16\protocolhandler.exe => No File
FirewallRules: [{066BC969-65F6-4741-A376-D3A81401D671}] => (Block) C:\Program Files\Microsoft Office 14\ClientX64\Root\Office14\protocolhandler.exe => No File
FirewallRules: [{DCF257A3-EF3C-4EF3-BA68-6D4AFE618E4B}] => (Block) C:\Program Files\Microsoft Office 15\ClientX64\Root\Office15\protocolhandler.exe => No File
FirewallRules: [{871A0233-EA41-420A-A2B0-0821B8275CD6}] => (Block) C:\Program Files\Microsoft Office 16\ClientX64\Root\Office16\protocolhandler.exe => No File
FirewallRules: [{42AB179D-FA28-43F0-9A56-288409592E06}] => (Block) C:\Program Files (x86)\Microsoft Office 14\ClientX64\Root\Office14\protocolhandler.exe => No File
FirewallRules: [{96CED1CD-386C-4B85-B5BA-30C06ED3C947}] => (Block) C:\Program Files (x86)\Microsoft Office 15\ClientX64\Root\Office15\protocolhandler.exe => No File
FirewallRules: [{9BCDD20F-1E46-463F-84BC-08B4DA4B01A5}] => (Block) C:\Program Files (x86)\Microsoft Office 16\ClientX64\Root\Office16\protocolhandler.exe => No File
FirewallRules: [{FF8B11CD-C87C-4AE0-97A3-C62454E52F9B}] => (Block) C:\Program Files\Microsoft Office\Office11\Winword.exe => No File
FirewallRules: [{87A04B81-BC65-4B64-B6A3-3DCA9E35CADC}] => (Block) C:\Program Files\Microsoft Office\Office12\Winword.exe => No File
FirewallRules: [{9AC0A228-6768-40F1-BB4E-B0F0640892AF}] => (Block) C:\Program Files\Microsoft Office\Office14\Winword.exe => No File
FirewallRules: [{3F23AF63-5798-470F-849F-A3F3ED8CEEB8}] => (Block) C:\Program Files\Microsoft Office\Office15\Winword.exe => No File
FirewallRules: [{42F52B49-15C1-4521-8375-DBC61D8F7909}] => (Block) C:\Program Files\Microsoft Office\Office16\Winword.exe => No File
FirewallRules: [{F4C3C353-2763-4935-83C2-CC9F989928FB}] => (Block) C:\Program Files (x86)\Microsoft Office\Office11\Winword.exe => No File
FirewallRules: [{D3AA3F39-08A5-43EE-A759-3A283BDB23C6}] => (Block) C:\Program Files (x86)\Microsoft Office\Office12\Winword.exe => No File
FirewallRules: [{E4AE70A9-21BC-4EB5-B1C1-AE8D4A5C9AFB}] => (Block) C:\Program Files (x86)\Microsoft Office\Office14\Winword.exe => No File
FirewallRules: [{15C0A411-EF2E-4A92-9027-90F77312927E}] => (Block) C:\Program Files (x86)\Microsoft Office\Office15\Winword.exe => No File
FirewallRules: [{B2B62147-62FD-447C-89AA-82FCE9B77368}] => (Block) C:\Program Files (x86)\Microsoft Office\Office16\Winword.exe => No File
FirewallRules: [{29DD5760-5030-4386-8BCD-23391D8C929C}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office11\Winword.exe => No File
FirewallRules: [{383874F2-EA13-45CE-9115-07C74BD8DECA}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office12\Winword.exe => No File
FirewallRules: [{43C31F61-BD39-48F6-B266-3205F27FCC2C}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office14\Winword.exe => No File
FirewallRules: [{3B55473A-AB2A-45CA-8032-D513D33AB8A9}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office15\Winword.exe => No File
FirewallRules: [{F4ECFC60-9B45-403C-903D-98D22C677F4F}] => (Block) C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe => No File
FirewallRules: [{D40DAAE2-A3DE-4627-8ED4-2B2D258CA321}] => (Block) C:\Program Files\Microsoft Office\root\Office11\Winword.exe => No File
FirewallRules: [{A8456AED-265E-466D-BE74-825C54C6DEE7}] => (Block) C:\Program Files\Microsoft Office\root\Office12\Winword.exe => No File
FirewallRules: [{7E10DE1E-2265-42FD-8194-FBB3954095D5}] => (Block) C:\Program Files\Microsoft Office\root\Office14\Winword.exe => No File
FirewallRules: [{AEE7F6E8-A7FF-4D9E-8AC0-F7CB868E30B7}] => (Block) C:\Program Files\Microsoft Office\root\Office15\Winword.exe => No File
FirewallRules: [{99999162-2D04-4EBE-AEC6-EE06AA27F918}] => (Block) C:\Program Files\Microsoft Office\root\Office16\Winword.exe => No File
FirewallRules: [{BB7966CC-D9E4-4794-8FA9-00D7575575F1}] => (Block) C:\Program Files\Microsoft Office 14\ClientX64\Root\Office14\Winword.exe => No File
FirewallRules: [{AD4FDFBD-0DA2-4E9B-A28F-85932268370E}] => (Block) C:\Program Files\Microsoft Office 15\ClientX64\Root\Office15\Winword.exe => No File
FirewallRules: [{1190C2BC-53D9-4CA5-904A-A3B2197E8F23}] => (Block) C:\Program Files\Microsoft Office 16\ClientX64\Root\Office16\Winword.exe => No File
FirewallRules: [{E2C72099-039A-4CC7-A82E-A9CC2D6B9CAE}] => (Block) C:\Program Files (x86)\Microsoft Office 14\ClientX86\Root\Office14\Winword.exe => No File
FirewallRules: [{B3BF30C8-0E0D-4DBA-AB0B-7AC6409D9225}] => (Block) C:\Program Files (x86)\Microsoft Office 15\ClientX86\Root\Office15\Winword.exe => No File
FirewallRules: [{DD2DB992-3AEF-4F09-9915-0E753F5998C0}] => (Block) C:\Program Files (x86)\Microsoft Office 16\ClientX86\Root\Office16\Winword.exe => No File
FirewallRules: [{E96A8E30-9DD9-4950-A3B0-1B964F7BC8AD}] => (Block) C:\Program Files\LibreOffice\program\scalc.exe => No File
FirewallRules: [{B8805829-1D5A-434F-96C0-CDE5BDBC9373}] => (Block) C:\Program Files\OpenOffice 4\program\scalc.exe => No File
FirewallRules: [{B9955333-E1DC-4690-B2B6-AF0DDF402216}] => (Block) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe => No File
FirewallRules: [{82851F35-ED4D-4DE3-88A1-7C59279E58C4}] => (Block) C:\Program Files\LibreOffice\program\sdraw.exe => No File
FirewallRules: [{9FD233C7-13D7-40F8-86F0-48E2CD2FE771}] => (Block) C:\Program Files\OpenOffice 4\program\sdraw.exe => No File
FirewallRules: [{C29BD95D-E49E-48D6-9BE7-465DB9C6956A}] => (Block) C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe => No File
FirewallRules: [{D23476D5-2AD8-439B-AA39-658DE2437D4A}] => (Block) C:\Program Files\LibreOffice\program\simpress.exe => No File
FirewallRules: [{CD361AB8-EACD-4542-92F4-606A37371DE1}] => (Block) C:\Program Files\OpenOffice 4\program\simpress.exe => No File
FirewallRules: [{1B293C8F-E11E-4AD1-A374-54D9601C25F9}] => (Block) C:\Program Files (x86)\OpenOffice 4\program\simpress.exe => No File
FirewallRules: [{98B73182-8844-4337-BA03-CC0C9AC48D1A}] => (Block) C:\Program Files\LibreOffice\program\smath.exe => No File
FirewallRules: [{BA818F22-F528-463C-B2AC-BF99FAD802FA}] => (Block) C:\Program Files\OpenOffice 4\program\smath.exe => No File
FirewallRules: [{DA8A6B4A-069D-49DE-B783-2641E3D03724}] => (Block) C:\Program Files (x86)\OpenOffice 4\program\smath.exe => No File
FirewallRules: [{AA70F12B-601C-43AE-9104-205C805F61C2}] => (Block) C:\Program Files\LibreOffice\program\swriter.exe => No File
FirewallRules: [{79B21829-D9D1-42E6-8AED-B92CB8984698}] => (Block) C:\Program Files\OpenOffice 4\program\swriter.exe => No File
FirewallRules: [{F0391149-DEBF-40F3-B5BC-8061CDE62FCB}] => (Block) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe => No File
FirewallRules: [{600AE2B3-45E0-447D-BFFE-E24642698D75}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe => No File
FirewallRules: [{A842FD08-62BC-4993-902A-7DC632D61299}] => (Block) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe => No File
FirewallRules: [{F509E7D3-0C80-48B3-9AE0-51C6E56FD8F6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D41F2FF-7DBC-4EEB-8519-53EE5E621288}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2964DA6E-1B9A-4F43-9EBB-59D339397AA5}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D2117058-DBCD-430A-9917-9E588AD73D6B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8B105AFA-4BCF-43F6-9FB7-27B1A06D828D}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{7E7D1A93-062D-4C66-BFBB-EF3BC631CC7A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{5EC471DE-34E5-4EC7-BE66-B74FCFFCF76B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
27-08-2024 13:12:10 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (08/28/2024 12:53:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/28/2024 12:53:06 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/28/2024 12:52:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
 
Error: (08/28/2024 09:59:55 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/28/2024 09:59:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (08/28/2024 09:59:36 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80004005
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (08/27/2024 02:42:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on New Volume (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (08/27/2024 02:37:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
 
System errors:
=============
Error: (08/27/2024 04:36:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-Q3O86VF)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (08/27/2024 04:36:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-Q3O86VF)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (08/27/2024 12:21:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (08/27/2024 11:33:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (08/27/2024 11:29:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/27/2024 11:29:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
 
Error: (08/27/2024 11:29:08 AM) (Source: Schannel) (EventID: 4108) (User: NT AUTHORITY)
Description: The certificate received from the remote server has not validated correctly. The error code is 0x80092013. The TLS connection request has failed. The attached data contains the server certificate.
 
Error: (08/27/2024 11:27:16 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Device Install Service service did not shut down properly after receiving a preshutdown control.
 
 
Windows Defender:
================
Date: 2024-08-27 11:35:44
Description: 
Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
Detection time: 2024-08-27T08:35:44.847Z
Path: C:\Program Files\Sandboxie-Plus\SbieSvc.exe
Process Name: C:\Windows\System32\lsass.exe
Target Commandline: 
Parent Commandline: 
Involved File: 
Inheritance Flags: 0x00000000
Security intelligence Version: 1.417.340.0
Engine Version: 1.1.24070.3
Product Version: 4.18.24070.5
 
Date: 2024-08-27 11:27:03
Description: 
Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
Detection time: 2024-08-27T08:27:03.122Z
Path: C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1722236884\fshoster64.exe
Process Name: C:\Windows\System32\lsass.exe
Target Commandline: "C:\Program Files\F-Secure\TOTAL\Ultralight\ulcore\1722236884\fshoster64.exe" --service --namespace ul_default
Parent Commandline: 
Involved File: 
Inheritance Flags: 0x00000000
Security intelligence Version: 1.417.340.0
Engine Version: 1.1.24070.3
Product Version: 4.18.24070.5
 
Date: 2024-08-18 20:57:51
Description: 
Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
Detection time: 2024-08-18T17:57:51.600Z
Path: C:\Windows\System32\drivers\48451211.sys
Process Name: C:\Users\MOHAMM~1\AppData\Local\Temp\{88C1C4C9-8CAB-41FF-82DB-199D1668D6EA}\{0FDC4F42-5B1D-4774-9559-6899C6A48A6E}.exe
Target Commandline: 
Parent Commandline: "C:\Users\MOHAMM~1\AppData\Local\Temp\{88C1C4C9-8CAB-41FF-82DB-199D1668D6EA}\{0FDC4F42-5B1D-4774-9559-6899C6A48A6E}.exe" 
Involved File: 
Inheritance Flags: 0x00000000
Security intelligence Version: 1.417.183.0
Engine Version: 1.1.24070.3
Product Version: 4.18.24070.5
 
Date: 2024-08-18 13:12:11
Description: 
Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator.
For more information please contact your IT administrator.
Detection time: 2024-08-18T10:12:11.893Z
Path: C:\Users\Mohammad abd allah\AppData\Local\Temp\HouseCall\housecall.bin
Process Name: C:\Windows\System32\lsass.exe
Target Commandline: "housecall.bin" A9DA20C4 39DE3EDD
Parent Commandline: 
Involved File: 
Inheritance Flags: 0x00000000
Security intelligence Version: 1.417.183.0
Engine Version: 1.1.24070.3
Product Version: 4.18.24070.5
 
Date: 2024-08-17 16:06:36
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Custom Scan
Event[0]:
 
Date: 2024-08-15 20:42:36
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.417.127.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24070.3
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2024-07-24 17:44:50
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.415.245.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24060.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2024-06-29 20:20:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.413.574.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24050.5
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2024-06-29 20:20:02
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.413.574.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24050.5
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2024-06-28 18:48:23
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.413.535.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.24050.5
Error code: 0x80070102
Error description: The wait operation timed out. 
 
CodeIntegrity:
===============
Date: 2024-08-28 13:10:58
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO A8CN54WW(V3.07) 09/02/2016
Motherboard: LENOVO Lenovo B50-80
Processor: Intel® Core™ i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 63%
Total physical RAM: 8105.84 MB
Available physical RAM: 2927.06 MB
Total Virtual: 9385.84 MB
Available Virtual: 3465.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:145.87 GB) (Free:13.86 GB) (Model: WDC WD5000LPCX-24VHAT0) NTFS
Drive d: (New Volume) (Fixed) (Total:319.28 GB) (Free:22.71 GB) (Model: WDC WD5000LPCX-24VHAT0) NTFS
 
\\?\Volume{7acb70b3-91e1-4dbf-8d44-1f195eabc220}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{68d487c7-03d5-41c9-a0b3-d0b74c52683a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 08C5818A)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 
 
 
 
 

  • 0

Advertisements







Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP