Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-02-2025
Ran by Nelly Atlan (08-02-2025 19:23:35)
Running from C:\Users\Nelly Atlan\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.3037 (X64) (2024-11-09 19:20:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1151346358-4024040651-264034373-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1151346358-4024040651-264034373-503 - Limited - Disabled)
Guest (S-1-5-21-1151346358-4024040651-264034373-501 - Limited - Disabled)
Nelly Atlan (S-1-5-21-1151346358-4024040651-264034373-1001 - Administrator - Enabled) => C:\Users\Nelly Atlan
WDAGUtilityAccount (S-1-5-21-1151346358-4024040651-264034373-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AV: McAfee (Enabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6}
FW: McAfee (Enabled) {33DABA11-0345-2098-851C-6841DCAA8BCD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 23.006.20320 - Adobe)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.12 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Cisco Webex Meetings (HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\ActiveTouchMeetingClient) (Version: 44.10.1 - Cisco Webex LLC)
Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT) Hidden
Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.58.0 - RCS LT)
Dynamic Application Loader Host Interface Service (HKLM\...\{10BAD5DD-9DA8-4620-9146-334A071A2665}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
ExpressVPN (HKLM-x32\...\{bef0c23e-2461-4dbf-8eb3-9247231dc9b7}) (Version: 12.69.0.5 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B89A1D7836}) (Version: 12.69.0.5 - ExpressVPN) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 133.0.6943.59 - Google LLC)
GoTo Opener (HKLM-x32\...\{89D08BC3-F9FF-480C-B172-AA1E3643CE60}) (Version: 1.0.568 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 14.0.0.320 - Huawei Technologies Co., Ltd.)
Intel(R) LMS (HKLM\...\{51F1A74C-6447-4B19-BE55-90D80578C8F0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{09FBB991-5EBC-46E7-A83C-8EAE31E53A83}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2118.15.0.2277 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{47D128D9-994B-4427-AF01-176823EDE7CA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3057FE70-17D5-4288-A926-35565A687CB5}) (Version: 1.0.0.0 - Intel Corporation) Hidden
IRISPen 7 Executive (HKLM-x32\...\{D400E814-A749-4A49-AC97-110F4066C5FB}) (Version: 4.0.9.0 - I.R.I.S)
McAfee (HKLM\...\McAfee.WPS) (Version: 1.25.208.1 - McAfee, LLC)
Microsoft .NET Host - 6.0.36 (x64) (HKLM\...\{D6932D97-36F1-40B8-9CDC-CA8365B21000}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x64) (HKLM\...\{A9E32B25-994B-4856-A12B-0EBED3050410}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x64) (HKLM\...\{C912E33F-956A-4921-9F55-CC11AE8F09AF}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18429.20132 - Microsoft Corporation)
Microsoft 365 - he-il (HKLM\...\O365HomePremRetail - he-il) (Version: 16.0.18429.20132 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 132.0.2957.140 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 132.0.2957.140 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Retail - en-us) (Version: 16.0.18429.20132 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - he-il (HKLM\...\ProPlus2021Retail - he-il) (Version: 16.0.18429.20132 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.005.0112.0003 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.18429.20132 - Microsoft Corporation)
Microsoft OneNote - he-il (HKLM\...\OneNoteFreeRetail - he-il) (Version: 16.0.18429.20132 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.19202 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (HKLM-x32\...\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (HKLM-x32\...\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM\...\{61D4736B-3325-4D4A-BD41-8BD206C6A86E}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM-x32\...\{0532b8f2-12d7-43de-95fc-7b87006758a8}) (Version: 6.0.36.34217 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20044 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18429.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040D-1000-0000000FF1CE}) (Version: 16.0.18429.20044 - Microsoft Corporation) Hidden
Open Live Writer (HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\OpenLiveWriter) (Version: 0.6.2 - Open Live Writer)
PC Cleaner (HKLM\...\{2EAF0DB1-02D3-4BB4-AC19-D9BB8F85B9BE}) (Version: 9.9.33904.5126 - Avanquest) Hidden <==== ATTENTION
PC Cleaner (HKLM\...\{2EAF0DB1-02D3-4BB4-AC19-D9BB8F85B9BE}_PC Cleaner) (Version: 9.9.33904.5126 - Avanquest) <==== ATTENTION
PDF-XChange Editor (HKLM\...\{D590D776-8FA5-4F4D-835E-392E8D60996F}) (Version: 9.4.362.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{07cb8eca-c321-46a6-ab8f-8587dc221bb5}) (Version: 9.4.362.0 - Tracker Software Products (Canada) Ltd.)
PECB Exams 3.4.0 (HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\01beb2c1-cd95-5e95-aaf5-11957ca56efa) (Version: 3.4.0 - PECB)
Tenorshare 4DDiG 10.0.3.9 (HKLM\...\{UltData - Windows}_is1) (Version: 10.0.3.9 - Tenorshare, Inc.)
Webex (HKLM\...\{B080C79D-B4E3-5424-8492-BEBBD67B1A92}) (Version: 43.10.0.28042 - Cisco Systems, Inc)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\F1D0CAF4C0DED9E19E7D560DEA76E9C03A9840DA) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Driver Package - STMicroelectronics (STTub30) USB  (11/09/2009 3.0.1.0) (HKLM\...\53CE3E570993AB2791A87B0143B353B816401784) (Version: 11/09/2009 3.0.1.0 - STMicroelectronics)
Windows Driver Package - Texas Instruments (usbser) Ports  (04/05/2013 1.2.0.0) (HKLM\...\FA1C00A9AAA654DA7A1655E95D22C0C9F9C52E98) (Version: 04/05/2013 1.2.0.0 - Texas Instruments)
WinRAR 6.24 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.24.0 - win.rar GmbH)
Wondershare NativePush(Build 1.0.0.7) (HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\Wondershare NativePush_is1) (Version:  - )
Wondershare Recoverit(Build 12.0.27.8) (HKLM-x32\...\{829555DC-31E5-4FEA-B350-8FCF24CECD95}_is1) (Version: 12.0.27.8 - Wondershare Software Co.,Ltd.)
Zoom Workplace (HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\ZoomUMX) (Version: 6.2.11 (50939) - Zoom Video Communications, Inc.)

Chrome apps:
============
6play (HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\ffb4022a7bf04122207c8203178eb23c) (Version: 1.0 - Google\Chrome)
GoogleÂ Drive (HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\d3e57b6aab4656f04ebe971f23e980c7) (Version: 1.0 - Google\Chrome)
M6+ (HKU\S-1-5-21-1151346358-4024040651-264034373-1001\...\bdeac09d3378841c4dffc133345c6d01) (Version: 1.0 - Google\Chrome)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2023-11-13] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2023-11-13] ()
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-08] (INTEL CORP) [Startup Task]
AppUp.ThunderboltControlCenter -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2023-10-15] (INTEL CORP)
Artistic Endeavors -> C:\Program Files\WindowsApps\Microsoft.ArtisticEndeavors_1.0.0.0_neutral__8wekyb3d8bbwe [2022-07-25] (Microsoft Corporation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.26.1420.0_x64__rz1tebttyb220 [2025-01-22] (Dolby Laboratories)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.645.1237.0_x64__8wekyb3d8bbwe [2024-10-08] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.645.1237.0_x86__8wekyb3d8bbwe [2024-10-08] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.645.1237.0_x64__8wekyb3d8bbwe [2024-10-08] (Microsoft Corporation)
McAfee -> C:\Program Files\McAfee\WPS\1.25.208.1 [2025-01-11] ()
Merge Design: Mansion Makeover -> C:\Program Files\WindowsApps\14083HollyTechnologyCoLtd.MergeDesignMansionMakeov_1.1.2.0_x64__jkd79x9sd69fp [2024-11-12] (MIRACLE GAMES INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2024-11-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2024-11-18] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_54.20907.567.0_x64__8wekyb3d8bbwe [2024-10-13] (Microsoft Corporation)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.235.0_x64__8wekyb3d8bbwe [2025-01-23] (Microsoft Corporation)
-My Notes- -> C:\Program Files\WindowsApps\22944SamJarawan.-MyNotes-_2.1.47.0_x64__3gv8nk7frgb5p [2024-11-18] (Sam Jarawan) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-09-26] (Netflix, Inc.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-02-08] ()
PECB KATE -> C:\Program Files\WindowsApps\5E1ABD81.PECBKATE_3.5.303.0_x64__cpyxpy7c9a6ja [2023-12-18] (PECB Group Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-07-25] (Microsoft Corporation)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.171.0_x64__pwbj9vvecjh7j [2025-01-11] (Amazon Development Centre (London) Ltd)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.32.261.0_x64__dt26b99r8h8gj [2022-07-26] (Realtek Semiconductor Corp)
VAIO Control Center -> C:\Program Files\WindowsApps\VAIOCorporation.VAIOControlCenter_2.4.8230.0_x86__gsksapb6h6f3t [2024-10-26] (VAIO Corporation) [Startup Task]
VAIOCorporation.VAIOClippingTool -> C:\Program Files\WindowsApps\VAIOCorporation.VAIOClippingTool_2.2.18090.0_x86__gsksapb6h6f3t [2024-05-23] (VAIO Corporation) [Startup Task]
Wikipedia -> C:\Program Files\WindowsApps\WikimediaFoundation.Wikipedia_1.0.1.0_neutral__54ggd3ev8bvz6 [2024-11-08] (Wikimedia Foundation)
WinAppRuntime.Main.1.2 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.2_2000.802.31.0_x64__8wekyb3d8bbwe [2023-06-19] (Microsoft Corp.)
WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-08-10] (Microsoft Corp.)
WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1082.2259.0_x64__8wekyb3d8bbwe [2024-04-20] (Microsoft Corp.)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe [2025-01-29] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_6000.373.1641.0_x64__8wekyb3d8bbwe [2025-01-29] (Microsoft Corp.)
Windows App Runtime DDLM 2000.802.31.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x6_2000.802.31.0_x64__8wekyb3d8bbwe [2023-06-19] (Microsoft Corporation)
Windows App Runtime DDLM 2000.802.31.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.2000.802.31.0-x8_2000.802.31.0_x86__8wekyb3d8bbwe [2023-06-19] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-11] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-11] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1082.2259.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x6_4000.1082.2259.0_x64__8wekyb3d8bbwe [2024-04-20] (Microsoft Corporation)
Windows App Runtime DDLM 4000.1082.2259.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x8_4000.1082.2259.0_x86__8wekyb3d8bbwe [2024-04-20] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2024-01-23] (Microsoft Corporation)
Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2024-01-11] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-11-12] (win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1151346358-4024040651-264034373-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1151346358-4024040651-264034373-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\Nelly Atlan\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
CustomCLSID: HKU\S-1-5-21-1151346358-4024040651-264034373-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Nelly Atlan\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.19202\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1151346358-4024040651-264034373-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1151346358-4024040651-264034373-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Nelly Atlan\AppData\Local\GoToMeeting\19992\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.25.208.1\mc-ctxmnu.dll [2024-12-11] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.005.0112.0003\FileSyncShell64.dll [2025-02-06] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.25.208.1\mc-ctxmnu.dll [2024-12-11] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-08-15 16:13 - 2019-08-15 16:13 - 001265664 _____ () [File not signed] C:\Program Files (x86)\Combo Cleaner\runtimes\win-x64\native\e_sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2023-09-06] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-02-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-02-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-02-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-02-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-02-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 13:08 - 2023-12-31 17:51 - 000000822 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1151346358-4024040651-264034373-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nelly Atlan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Ethernet 2: ExpressVPN TAP Adapter -> tapexpressvpn.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
Local Area Connection: ExpressVPN TUN Driver -> expressvpn-tun.sys
Wi-Fi: Intel(R) Wi-Fi 6 AX201 160MHz -> Netwtw10.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D88440AD-3881-4FE3-989D-57C040FA8718}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A15A598-907C-477D-8274-88B0FEC2EAEB}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24165.1306.2986.9504_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{818DD030-FB56-4C4E-A5F6-77AF3A3086B4}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24165.1306.2986.9504_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{12659590-27C8-4435-8F89-937DE5D0026B}C:\users\nelly atlan\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Block) C:\users\nelly atlan\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [TCP Query User{5B7831C6-0318-47B0-823D-683683750991}C:\users\nelly atlan\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Block) C:\users\nelly atlan\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [{DAC98355-4779-4F4A-81A6-7064FFEEAF6D}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe (Tenorshare Co., Ltd. -> )
FirewallRules: [{66CDA31E-924D-4D5C-B0A0-DB00E67E0170}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe (Tenorshare Co., Ltd. -> )
FirewallRules: [{BABA59A8-2B79-475C-9297-4C342B9CC40B}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe (Tenorshare Co., Ltd. -> Tenorshare Co.,Ltd.)
FirewallRules: [{BE5BB36D-14BA-435A-BEC0-F377075673A6}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe (Tenorshare Co., Ltd. -> Tenorshare Co.,Ltd.)
FirewallRules: [{3466A964-0473-4690-9DED-5D3C41A8E547}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe (Tenorshare Co., Ltd. -> Tenorshare Co.,Ltd.)
FirewallRules: [{8D0C5258-8CCC-421A-96DA-86A1E14F1DE7}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe (Tenorshare Co., Ltd. -> Tenorshare Co.,Ltd.)
FirewallRules: [{399EA612-2E94-4497-B32A-C302B353EA30}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe => No File
FirewallRules: [{B0F588EF-E918-4282-8D86-31F625116E6C}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe => No File
FirewallRules: [{67C61938-7252-4487-8AD3-1915168F2A39}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe (Tenorshare Co., Ltd. -> Tenorshare)
FirewallRules: [{4792EB0A-EFED-475F-BE5D-52C8C9119C76}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe (Tenorshare Co., Ltd. -> Tenorshare)
FirewallRules: [{D6539828-A5D7-4C3A-9A3D-10D34E5654B4}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe (Tenorshare Co., Ltd. -> )
FirewallRules: [{84B9C960-8163-42C8-88F2-044CDB90B289}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe (Tenorshare Co., Ltd. -> )
FirewallRules: [{34E346D3-F571-43DA-BCCE-45249A47394C}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe (Tenorshare Co., Ltd. -> )
FirewallRules: [{E6198438-A14E-401F-AAA3-D4E37FE080B6}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe (Tenorshare Co., Ltd. -> )
FirewallRules: [{A5E829F1-ABEE-4005-86BB-BCDE5550EF55}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe (Tenorshare Co., Ltd. -> )
FirewallRules: [{242565FB-D66C-40DC-915A-E0635B25D02F}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe (Tenorshare Co., Ltd. -> )
FirewallRules: [{F54D7033-9B8C-4156-B5C1-78923A6D3169}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe => No File
FirewallRules: [{9B036B66-6EE9-4F2C-A570-08D2C755A445}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe => No File
FirewallRules: [{50C9E66F-FED4-4E04-92CA-20FC8A23D867}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe (Tenorshare Co., Ltd. -> Tenorshare)
FirewallRules: [{D947F4E1-7745-4BB2-8C04-0E1AC2EC860A}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe (Tenorshare Co., Ltd. -> Tenorshare)
FirewallRules: [{8713969F-B189-4E46-B299-13AA8408A46F}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe (Tenorshare Co., Ltd. -> Tenorshare)
FirewallRules: [{77FE651B-54BF-41DB-9241-E102D74EEA05}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe (Tenorshare Co., Ltd. -> Tenorshare)
FirewallRules: [{FC6EB629-1B51-45B4-A554-3D3873540AFA}] => (Allow) C:\Users\Nelly Atlan\Downloads\4ddig-for-windows_11713128724041205401.exe (Tenorshare (Hongkong) Limited -> Tenorshare)
FirewallRules: [{BB6CAEAC-F6CB-4191-AC16-663A90282E73}] => (Allow) C:\Users\Nelly Atlan\Downloads\4ddig-for-windows_11713128724041205401.exe (Tenorshare (Hongkong) Limited -> Tenorshare)
FirewallRules: [{423BB0A2-54C2-4031-A422-F7EC51DE76B7}] => (Allow) LPort=50053
FirewallRules: [{37A8CE79-8EE7-4B18-9C93-78552655566D}] => (Allow) LPort=50053
FirewallRules: [{1C0E2148-1DE9-4404-A8D6-03B8E42530CD}] => (Allow) LPort=53016
FirewallRules: [{F632EEFC-3036-4F79-94D1-48F629847AA7}] => (Allow) LPort=53015
FirewallRules: [{B527A8E3-63C4-4E61-9E2D-703A4BA2D63C}] => (Allow) LPort=53014
FirewallRules: [{0F31C60A-FDAC-4B94-B31F-C2EA2D1D91BB}] => (Allow) LPort=43013
FirewallRules: [{9086F2C5-3DF2-4ADA-9274-78BF82D43946}] => (Allow) LPort=43012
FirewallRules: [{C17DFB0C-17C0-48F3-A228-2904470E37E1}] => (Allow) LPort=33011
FirewallRules: [{E7A9F3B2-47D6-45C4-912D-36DA46E5501D}] => (Allow) LPort=33010
FirewallRules: [{978378EA-99F7-4459-8DBB-5C50CA5FFAD6}] => (Allow) LPort=33009
FirewallRules: [{3E857A5F-B049-448D-91B7-AF49344F3338}] => (Allow) LPort=23008
FirewallRules: [{FE33679F-8E41-4533-B06A-065D50861E4E}] => (Allow) LPort=23007
FirewallRules: [{7E8ED30E-5A69-4C03-A804-FFC7D8ED963A}] => (Allow) LPort=53016
FirewallRules: [{B712FB2B-A15C-4EDE-A0AA-15FE0C27A4A9}] => (Allow) LPort=53015
FirewallRules: [{F88C5C6F-E4F9-4395-B20D-5914E4D694F1}] => (Allow) LPort=53014
FirewallRules: [{5A48CDCC-437E-4224-BEED-640D5C62432F}] => (Allow) LPort=43013
FirewallRules: [{28AC49A8-4354-4492-8700-FA311A4467B0}] => (Allow) LPort=43012
FirewallRules: [{7D4C5620-03AA-4231-9667-C37C007DF6A5}] => (Allow) LPort=33011
FirewallRules: [{0FCC0915-4E8B-43A5-AC91-11509D2395B5}] => (Allow) LPort=33010
FirewallRules: [{5967FFB2-CDA0-4387-9958-F3349907134F}] => (Allow) LPort=33009
FirewallRules: [{5C861235-5BA9-46FB-B895-156A31CDD0A2}] => (Allow) LPort=23008
FirewallRules: [{EC22B450-D799-46F1-AAD2-EBFFE3A7A24C}] => (Allow) LPort=23007
FirewallRules: [{9FC50804-8389-4A43-A4E6-7634F5B2130C}] => (Allow) LPort=57218
FirewallRules: [{0E05D4B3-609C-4C14-A434-5BA968C3D1EF}] => (Allow) LPort=57217
FirewallRules: [{40C5B9BE-C5FB-4B7F-A3F9-752EF3B79230}] => (Allow) LPort=57216
FirewallRules: [{18E22D66-7B4C-4BD3-B10F-137469BF5D8C}] => (Allow) LPort=57215
FirewallRules: [{B879C7F4-0609-45AD-ABFC-D2C5D4053434}] => (Allow) LPort=57214
FirewallRules: [{6E3D266B-72EA-45AC-91CF-DF24AF502916}] => (Allow) LPort=57213
FirewallRules: [{5688E121-30CA-41FD-9230-551738667D38}] => (Allow) LPort=57212
FirewallRules: [{CC57846A-79BA-4529-8998-405F88C74A73}] => (Allow) LPort=57211
FirewallRules: [{56AB7999-FE4B-420E-A93C-BEBA9FD6041E}] => (Allow) LPort=57210
FirewallRules: [{6D24D74C-B33B-402C-8DD2-313129A7547F}] => (Allow) LPort=57209
FirewallRules: [{C7E61FBF-EA2D-4D40-ADC5-87C8AAC31876}] => (Allow) LPort=57218
FirewallRules: [{44CF9BDD-535C-432A-B759-20F13C855798}] => (Allow) LPort=57217
FirewallRules: [{709470F1-767A-4CD3-8C26-4F6252CA415B}] => (Allow) LPort=57216
FirewallRules: [{ADDB9881-F055-4A29-86DB-1A9AD5E089C8}] => (Allow) LPort=57215
FirewallRules: [{2A94F3A5-ED8D-48D1-96A6-D746695FA313}] => (Allow) LPort=57214
FirewallRules: [{43711830-88FF-4FDF-9FDF-91BFC9E6DABB}] => (Allow) LPort=57213
FirewallRules: [{817C1E89-EC8F-42C5-8C0E-B65F1C3DC206}] => (Allow) LPort=57212
FirewallRules: [{FB119008-5195-4128-B254-29B9EBBD0954}] => (Allow) LPort=57211
FirewallRules: [{F9F2A99C-2C30-47CB-9EC2-E5724928D42F}] => (Allow) LPort=57210
FirewallRules: [{BEF2840D-A593-4C5B-8D21-D5E48EAFC208}] => (Allow) LPort=57209
FirewallRules: [{B6F5EB97-140C-480D-AF9F-AFAA3712907B}] => (Allow) LPort=50053
FirewallRules: [{681F2290-0845-4D31-B480-8EC254088202}] => (Allow) LPort=50053
FirewallRules: [{4CE0ED05-FB4B-415F-A6DC-CF6C2B429260}] => (Allow) LPort=53016
FirewallRules: [{1B6DE1AB-6252-4F39-9C2D-A54A35BCEBD0}] => (Allow) LPort=53015
FirewallRules: [{6668431C-71AE-43A7-BA6E-6C9B3418BFDB}] => (Allow) LPort=53014
FirewallRules: [{5D976CFF-8862-4D36-B98F-ECC6516111D8}] => (Allow) LPort=43013
FirewallRules: [{B2C7A0D4-12A6-4FF2-80DE-49DB63F35B22}] => (Allow) LPort=43012
FirewallRules: [{B7820E5D-E50C-49E8-A54D-0E0884BC023F}] => (Allow) LPort=33011
FirewallRules: [{18C4932C-377E-415D-BE75-4E9D028DE03D}] => (Allow) LPort=33010
FirewallRules: [{1476AF17-C6C0-408E-B02B-2B7E2EB0AB37}] => (Allow) LPort=33009
FirewallRules: [{AFC58731-A756-4A3B-AEC6-83142F291A97}] => (Allow) LPort=23008
FirewallRules: [{4D6572BA-E73C-48EF-897E-B43F6A3B5B1E}] => (Allow) LPort=23007
FirewallRules: [{D233B838-B958-40CC-AA63-29C061E00E12}] => (Allow) LPort=53016
FirewallRules: [{A8B70693-DDBD-4C75-BB08-59475E21081A}] => (Allow) LPort=53015
FirewallRules: [{BAB325B2-0D1F-4F62-B9E7-DC4554A261E2}] => (Allow) LPort=53014
FirewallRules: [{6374C33D-C1DB-4043-9681-4636A2119105}] => (Allow) LPort=43013
FirewallRules: [{9BE1F87F-20E9-4121-A45D-EAE96195AE78}] => (Allow) LPort=43012
FirewallRules: [{2AE33F9F-66F1-4386-BE6F-DD4FA3A043B8}] => (Allow) LPort=33011
FirewallRules: [{8C63E5BF-5EB6-4C90-A2AA-68485E6C008D}] => (Allow) LPort=33010
FirewallRules: [{F481B81C-6A18-4A15-9B47-026BA2E36610}] => (Allow) LPort=33009
FirewallRules: [{194C0AE4-1983-4AD8-8566-637BAE53B5D9}] => (Allow) LPort=23008
FirewallRules: [{206AC133-1846-4F9A-BA97-95313900D7CF}] => (Allow) LPort=23007
FirewallRules: [{A8F5E2BE-E709-420C-B57A-E73B0912FAEB}] => (Allow) LPort=57218
FirewallRules: [{A417859C-CF86-48CA-9235-FE7E16F526BF}] => (Allow) LPort=57217
FirewallRules: [{04FB887D-528B-4E59-8433-59869C831A3B}] => (Allow) LPort=57216
FirewallRules: [{224E16A0-5B4C-48A2-91D4-FEEBAD113F0F}] => (Allow) LPort=57215
FirewallRules: [{5AA45AD4-FFB6-400A-82E7-C4EDF544639B}] => (Allow) LPort=57214
FirewallRules: [{2B03AEA3-26F6-47B5-9BF4-541D656F7562}] => (Allow) LPort=57213
FirewallRules: [{E7BFEE36-6BEA-42CB-AD11-A152ABD966EB}] => (Allow) LPort=57212
FirewallRules: [{D4C5A7E4-39C5-4DC8-A41D-3536C5C0810C}] => (Allow) LPort=57211
FirewallRules: [UDP Query User{9DE6B482-E192-4A18-99CA-3F0B603D8C94}C:\users\nelly atlan\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Allow) C:\users\nelly atlan\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [TCP Query User{5FE9A073-C814-4095-A74D-C403A0CB4D3E}C:\users\nelly atlan\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Allow) C:\users\nelly atlan\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [{C249CE9F-E78C-4780-88E6-F6BF945713DF}] => (Allow) LPort=57210
FirewallRules: [{B3397BAD-4956-4674-95DC-1696E69CA693}] => (Allow) LPort=57209
FirewallRules: [{C417F5A3-A483-4DAC-B2D0-3CC218F3088D}] => (Allow) LPort=57218
FirewallRules: [{F16ADDD7-B6FF-4FF6-8463-9B96AF0F5EF6}] => (Allow) LPort=57217
FirewallRules: [{13D1DABE-2A65-481D-AEB4-2E7FFEAFE338}] => (Allow) LPort=57216
FirewallRules: [{2940ACA4-A443-4CD3-9942-0699E3AAA9C1}] => (Allow) LPort=57215
FirewallRules: [{0027D6CB-BE32-45AF-8004-93CE693CFFCE}] => (Allow) LPort=57214
FirewallRules: [{964F5B5D-D34C-4705-B066-F7B5A3593B90}] => (Allow) LPort=57213
FirewallRules: [{5A16AE10-6B74-4E8F-AAB6-1A4D6862D347}] => (Allow) LPort=57212
FirewallRules: [{27365871-397D-4225-ABC2-B3F643718791}] => (Allow) LPort=57211
FirewallRules: [{FBE2FAC4-0DCE-4EF9-A30D-5FBD74C5E497}] => (Allow) LPort=57210
FirewallRules: [{1839CF55-F842-463E-82D1-448403049ED1}] => (Allow) LPort=57209
FirewallRules: [UDP Query User{69EF047C-4C94-4D2B-BE16-0B9923D3C01B}C:\users\nelly atlan\appdata\local\programs\pecb-exams\pecb exams.exe] => (Allow) C:\users\nelly atlan\appdata\local\programs\pecb-exams\pecb exams.exe (PECB) [File not signed]
FirewallRules: [TCP Query User{940F8320-B4B0-4F16-94AC-F8324D3BFD09}C:\users\nelly atlan\appdata\local\programs\pecb-exams\pecb exams.exe] => (Allow) C:\users\nelly atlan\appdata\local\programs\pecb-exams\pecb exams.exe (PECB) [File not signed]
FirewallRules: [{94EA93A8-837B-4700-A8F3-B31BC4E9229D}] => (Allow) C:\Users\Nelly Atlan\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F3909E2D-10FA-4280-B6FE-ED6751ED78B7}] => (Allow) C:\Users\Nelly Atlan\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7EEED4D3-6E81-4389-8C12-82D2FCA48917}] => (Allow) C:\Users\Nelly Atlan\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [TCP Query User{E5145345-B740-40A0-A80E-C74CB5B4E296}C:\users\nelly atlan\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\nelly atlan\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [UDP Query User{D2E3421F-C156-4672-9D6D-9866A43EB928}C:\users\nelly atlan\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\nelly atlan\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [{EE0024C4-71DE-494B-A492-8846C59C3E26}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{58311CF5-0C31-47CB-8093-846EB4FF4264}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25007.607.3371.8436_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C4BE034-BF57-4A15-80CC-D3E254ACEEBA}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25007.607.3371.8436_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8B90671C-6238-4971-8003-04925B3AECC9}C:\users\nelly atlan\appdata\local\hive-desktop\app-1.32.0\resources\hive-agent.exe] => (Block) C:\users\nelly atlan\appdata\local\hive-desktop\app-1.32.0\resources\hive-agent.exe => No File
FirewallRules: [UDP Query User{FDF99328-AA23-4293-A2FB-317DE4A355E3}C:\users\nelly atlan\appdata\local\hive-desktop\app-1.32.0\resources\hive-agent.exe] => (Block) C:\users\nelly atlan\appdata\local\hive-desktop\app-1.32.0\resources\hive-agent.exe => No File
FirewallRules: [{069955E9-7E80-4675-B50E-E9C6C6D1950A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-02-2025 20:30:44 Windows Update
03-02-2025 18:24:47 Installed EPI PDF
06-02-2025 17:15:27 75660ba3-4438-443b-a2d6-ff4395b057be

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/06/2025 04:43:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..

Error: (02/06/2025 04:43:31 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (02/04/2025 04:25:24 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (02/04/2025 08:41:32 AM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (02/03/2025 08:59:28 AM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (02/01/2025 08:00:41 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (01/31/2025 09:39:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: UserAwarenessHelper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
   at System.Security.Policy.PEFileEvidenceFactory.GetLocationEvidence(Microsoft.Win32.SafeHandles.SafePEFileHandle, System.Security.SecurityZone ByRef, System.Runtime.CompilerServices.StringHandleOnStack)
   at System.Security.Policy.PEFileEvidenceFactory.GenerateLocationEvidence()
   at System.Security.Policy.PEFileEvidenceFactory.GenerateEvidence(System.Type)
   at System.Security.Policy.AssemblyEvidenceFactory.GenerateEvidence(System.Type)
   at System.Security.Policy.Evidence.GetHostEvidenceNoLock(System.Type)
   at System.Security.Policy.Evidence.GetHostEvidence(System.Type, Boolean)
   at System.Security.Policy.AppDomainEvidenceFactory.GenerateEvidence(System.Type)
   at System.Security.Policy.Evidence.GetHostEvidenceNoLock(System.Type)
   at System.Security.Policy.Evidence+RawEvidenceEnumerator.MoveNext()
   at System.Security.Policy.Evidence+EvidenceEnumerator.MoveNext()
   at System.Configuration.ClientConfigPaths.GetEvidenceInfo(System.AppDomain, System.String, System.String ByRef)
   at System.Configuration.ClientConfigPaths.GetTypeAndHashSuffix(System.AppDomain, System.String)
   at System.Configuration.ClientConfigPaths..ctor(System.String, Boolean)
   at System.Configuration.ClientConfigPaths.GetPaths(System.String, Boolean)
   at System.Configuration.ClientConfigurationHost.RequireCompleteInit(System.Configuration.Internal.IInternalConfigRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
   at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
   at System.Configuration.ConfigurationManager.GetSection(System.String)
   at log4net.Config.XmlConfigurator.InternalConfigure(log4net.Repository.ILoggerRepository)
   at log4net.Config.XmlConfigurator.Configure(log4net.Repository.ILoggerRepository)
   at ContextService.Logger.Initialize()
   at ContextService.Logger..ctor()
   at UserAwarenessHelper.Program..cctor()

Exception Info: System.TypeInitializationException
   at UserAwarenessHelper.Program.Main(System.String[])

Error: (01/29/2025 03:15:44 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: ExpressVPN.AppService.exe, version: 12.77.0.60, time stamp: 0x656f0000
Faulting module name: KERNELBASE.dll, version: 10.0.26100.2454, time stamp: 0x398a1cce
Exception code: 0xe0434352
Fault offset: 0x00000000000c837a
Faulting process id: 0x1f34
Faulting application start time: 0x1db725848bf0d43
Faulting application path: C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 26146239-8f5b-4982-b868-d1d9154af5e8
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (02/08/2025 07:12:18 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {bac07cac-e05d-4b1c-b2cb-02335416ddbd}, had event 74

Error: (02/06/2025 04:43:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ComboCleaner.Guard service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2025 04:43:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ComboCleaner.WinService service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2025 12:03:16 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/06/2025 12:03:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/06/2025 12:03:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/06/2025 12:03:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/06/2025 12:03:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===============
Date: 2025-02-08 19:22:21
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.25.208.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements. 

Date: 2025-02-08 19:20:48
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.25.208.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements. 


==================== Memory info =========================== 

BIOS: Phoenix Technologies Ltd. R0270ST 09/11/2023
Motherboard: VAIO Corporation VV006300A
Processor: 11th Gen Intel(R) Core(TM) i7-1195G7 @ 2.90GHz
Percentage of memory in use: 58%
Total physical RAM: 16071.35 MB
Available physical RAM: 6724.37 MB
Total Virtual: 17095.35 MB
Available Virtual: 6515.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.94 GB) (Free:369.59 GB) (Model: SAMSUNG MZVL2512HCJQ-00B07) NTFS

\\?\Volume{6f519cc0-ee53-4692-bd45-666d075e28ef}\ () (Fixed) (Total:0.89 GB) (Free:0.12 GB) NTFS
\\?\Volume{61d30344-8bd5-4210-808c-879e1ee3093d}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: DE01DA55)

Partition: GPT.

==================== End of Addition.txt =======================