Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2025 Ran by FED0002 (18-12-2025 16:34:04) Running from C:\Users\FED0002\Downloads Microsoft Windows 11 Enterprise Version 21H2 22000.3260 (X64) (2023-02-07 14:34:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-443668906-3581797905-992795910-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-443668906-3581797905-992795910-503 - Limited - Disabled) Guest (S-1-5-21-443668906-3581797905-992795910-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-443668906-3581797905-992795910-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov) Acrobat (HKLM\...\{CD3488F3-BE3C-45F8-8710-E2BC3B80E9D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 25.001.20997 - Adobe) Adobe CC 2025 (HKLM\...\{66E129C7-8C22-413B-90AC-FBE4800CCE4E}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.7.0.278 - Adobe Inc.) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601120}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Anki (HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Anki) (Version: 25.02.4 - ) BlueStacks (HKLM\...\BlueStacks_nxt) (Version: 5.22.110.1027 - now.gg, Inc.) BlueStacks Services (HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.) Class Notebook Add-in for OneNote (IT Install) (HKLM-x32\...\{CAC4C4C6-547D-4702-942F-52D10E99084F}) (Version: 3.5.0.0 - Microsoft Corporation) Clean Your Device (HKLM-x32\...\{DD167096-6F6D-4250-B94E-6CE26EE8C409}_is1) (Version: 2.00.0001 - Lenovo) Combo Cleaner (HKLM\...\{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.68.0 - RCS LT) Hidden Combo Cleaner (HKLM-x32\...\InstallShield_{8C9F8853-52F7-46F3-BC78-98001D3FF40C}) (Version: 1.0.68.0 - RCS LT) Creative Cloud Desktop Application (HKLM\...\{2E2176F9-E28B-44B9-9B63-F76A0E981280}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden CurseForge (HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 1.293.1.9809 - Overwolf app) Defender Security Update (HKLM\...\{9269CED2-C987-41C0-AC5E-C335F969E92E}) (Version: 1.0.0.0 - Norton) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epson Event Manager (HKLM-x32\...\{DBC38C08-9FB5-43A5-B6BA-EB10AC7DA570}) (Version: 3.11.0053 - Seiko Epson Corporation) Epson Photo+ (HKLM-x32\...\{82E09177-CD4D-412F-97B6-3C4763D6B0FA}) (Version: 3.7.2.0 - Seiko Epson Corporation) Epson Printer Connection Checker (HKLM-x32\...\{3E43D194-E18D-4C8A-B36D-15F14395A0A6}) (Version: 3.4.1.0 - Seiko Epson Corporation) Epson Printer Driver Security Support Tool (HKLM-x32\...\{2395000B-DF3F-40E1-8D49-E73341296948}) (Version: 1.0.1.0 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32\...\{C37347BC-7549-47A6-8E7A-806A6751981E}) (Version: 3.00.06 - Seiko Epson Corporation) EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.) Epson ScanSmart (HKLM-x32\...\{24D63D1B-83A2-4976-8D0D-8622D96B6B86}) (Version: 3.7.1 - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{0184AB6D-F2CA-4338-A12C-1D8858BFD2FF}) (Version: 4.6.10 - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{DB5EDF09-A7A7-47FA-B365-A7500A472878}) (Version: 3.3.1.0 - Seiko Epson Corporation) Google Chrome (HKLM\...\{1D1D1768-10D8-3DFF-9AD9-1E26B6323A29}) (Version: 143.0.7499.110 - Google LLC) Java 8 Update 351 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180351F0}) (Version: 8.0.3510.10 - Oracle Corporation) Java 8 Update 431 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180431F0}) (Version: 8.0.4310.10 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.2511.18.0 - Lenovo Group Ltd.) LifeAt 1.18.0 (HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\99f21b84-9723-53a4-9731-cbb6111d3495) (Version: 1.18.0 - LifeAt) Malwarebytes version 5.4.5.226 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.4.5.226 - Malwarebytes) ManageEngine Endpoint Central - Agent (HKLM-x32\...\{6AD2231F-FF48-4D59-AC26-405AFAE23DB7}) (Version: 10.1.2220.10.W - ZohoCorp) Microsoft .NET Host - 6.0.36 (x64) (HKLM\...\{D6932D97-36F1-40B8-9CDC-CA8365B21000}) (Version: 48.144.23141 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.36 (x64) (HKLM\...\{A9E32B25-994B-4856-A12B-0EBED3050410}) (Version: 48.144.23141 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.36 (x64) (HKLM\...\{C912E33F-956A-4921-9F55-CC11AE8F09AF}) (Version: 48.144.23141 - Microsoft Corporation) Hidden Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.19328.20266 - Microsoft Corporation) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.19328.20266 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 143.0.3650.80 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 143.0.3650.80 - Microsoft Corporation) Hidden Microsoft GameInput (HKLM\...\{ECB4BDD1-984C-9F25-299C-A9EF75C14197}) (Version: 10.1.26100.6879 - Microsoft Corporation) Microsoft Intune Management Extension (HKLM-x32\...\{262D9D60-DB70-49A1-9880-B5E140727909}) (Version: 1.97.107.0 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.222.1112.0002 - Microsoft Corporation) Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.19328.20266 - Microsoft Corporation) Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.25.28902 - Microsoft) Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: 4.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM\...\{61D4736B-3325-4D4A-BD41-8BD206C6A86E}) (Version: 48.144.23186 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM-x32\...\{0532b8f2-12d7-43de-95fc-7b87006758a8}) (Version: 6.0.36.34217 - Microsoft Corporation) Minecraft Education (HKLM\...\{64359D1D-A288-4425-8139-4F2CF5C7857F}) (Version: 1.21.9301.0 - Microsoft Studios) Hidden Minecraft Education (HKLM\...\Minecraft Education 1.21.9301.0) (Version: 1.21.9301.0 - Microsoft Studios) Modrinth App (HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Modrinth App) (Version: 0.10.21 - ModrinthApp) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 137.0.2 (x64 en-US)) (Version: 137.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 137.0.2 - Mozilla) NHS T3 2025 (HKLM\...\{8C891D02-48D9-4808-92B3-2D3EA0E85507}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.2 - Notepad++ Team) Hidden Notepad++ 8.2 (HKLM\...\{F49AB8DE-C359-4974-A555-C8A6145FD268}) (Version: 8.2.0.0 - Notepad) Notion 3.13.0 (HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\661f0cc6-343a-59cb-a5e8-8f6324cc6998) (Version: 3.13.0 - Notion Labs, Inc) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19328.20106 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20244 - Microsoft Corporation) Hidden Overwolf (HKLM-x32\...\Overwolf) (Version: 0.291.0.2 - Overwolf Ltd.) PaperCut MF Client (HKLM\...\{6D8B3530-3373-11EF-BFB2-F79506D462D9}) (Version: 24.0.2 - PaperCut Software International Pty Ltd) PaperCut MF Client (HKLM\...\{EEAC49CF-DB4C-11EE-AC63-8BBDEEB75C8A}) (Version: 23.0.7 - PaperCut Software International Pty Ltd) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.8.1031.110912 - Razer Inc.) Respondus LockDown Browser Lab OEM (HKLM-x32\...\{B7A14066-A86A-4F81-8EB7-A965C3B26A92}) (Version: 2.10.000 - Respondus) Roblox Player for FED0002 (HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\roblox-player) (Version: - Roblox Corporation) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) T4 2024 CC and Acrobat (HKLM\...\{24E6F3F7-1ED0-4019-A698-69F36B0CED3E}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation) Vivi (HKLM-x32\...\{97BA7FF5-2E7C-4167-9CA5-25C68480C255}) (Version: 3.10.0 - Vivi Corporation) VLC media player (HKLM\...\{9675011C-2395-4AD7-B1CC-92910F991F58}) (Version: 3.0.20.0 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN) Webex (HKLM\...\{9D5D7A52-35B3-561C-AA14-67879D08BECB}) (Version: 44.4.0.29298 - Cisco Systems, Inc) Zoom Workplace (64-bit) (HKLM\...\{DFA1B257-CC53-431B-9492-97D0FB3D4432}) (Version: 6.0.37634 - Zoom) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2025-09-22] (Adobe Systems Incorporated) Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2025-12-10] () Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc [2025-12-18] (Adobe Systems Incorporated) Company Portal -> C:\Program Files\WindowsApps\Microsoft.CompanyPortal_11.2.1672.0_x64__8wekyb3d8bbwe [2025-09-14] (Microsoft Corporation) Desktop Live Wallpapers -> C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktopWallpapers_2.3.1.0_x64__agy8jafheqhng [2025-11-03] (Chan Software Solutions) [Startup Task] Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.27.6010.0_x64__rz1tebttyb220 [2025-12-06] (Dolby Laboratories) ELAN TrackPoint for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTrackPointforThinkpa_24.121.51.0_x64__stws0m115j6hg [2025-12-15] (ELAN Microelectronics Corporation) Glance by Mirametrix® -> C:\Program Files\WindowsApps\MirametrixInc.GlancebyMirametrix_11.36.71.0_x64__17mer8kcn3j54 [2025-09-09] (Mirametrix Inc.) [Startup Task] Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-11-24] (INTEL CORP) [Startup Task] Lenovo Commercial Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoSettingsforEnterprise_20.2508.42.0_x64__k1h2ywk1493x8 [2025-09-09] (LENOVO INC.) Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2509.13.0_x64__k1h2ywk1493x8 [2025-10-21] (LENOVO INC.) Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_8.2.8.0_neutral__ss941bf8mfs8a [2025-06-14] (Wacom Technology Corp.) Lenovo View -> C:\Program Files\WindowsApps\E046963F.cameraSettings_4.0.89.0_x64__k1h2ywk1493x8 [2025-06-26] (LENOVO INC.) Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-12-13] () Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes\Anti-Malware [2025-12-18] () Microsoft 365 companion apps -> C:\Program Files\WindowsApps\Microsoft.M365Companions_2.2511.25000.0_x64__8wekyb3d8bbwe [2025-12-18] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-02-28] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-02-28] (Microsoft Corporation) [MS Ad] Microsoft Teams Play Together -> C:\Program Files\WindowsApps\Microsoft.TeamsXboxGameBarWidget_1.2401.2901.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_55.20610.576.0_x64__8wekyb3d8bbwe [2025-12-03] (Microsoft Corporation) Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-12-13] () Minecraft for Windows -> C:\Program Files\WindowsApps\MICROSOFT.MINECRAFTUWP_1.21.13101.0_x64__8wekyb3d8bbwe [2025-12-18] (Microsoft Studios) Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.5.2.0_x64__8wekyb3d8bbwe [2025-12-10] (Microsoft Studios) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2025-09-24] (Netflix, Inc.) OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-12-13] () PrebootManager -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynapticsUtilities_1.1.20.0_x64__807d65c4rvak2 [2025-05-27] (Synaptics Incorporated) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.292.0_x64__dt26b99r8h8gj [2024-02-10] (Realtek Semiconductor Corp) Spotify - Music and Podcasts -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0 [2025-12-18] (Spotify AB) [Startup Task] WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2587.8.0_x64__cv1g1gvanyjgm [2025-12-18] (WhatsApp Inc.) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129_Classes\CLSID\{04271989-C4D2-1A26-75B1-B1DF1F0BBF36} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129_Classes\CLSID\{04271989-C4D2-6C6E-A513-FE4A047A1A78} -> [OneDrive - Nossal High School] => C:\Users\FED0002\OneDrive - Nossal High School [2024-08-12 10:05] CustomCLSID: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov) [File not signed] CustomCLSID: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\FED0002\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File CustomCLSID: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129_Classes\CLSID\{EABAE40C-B27C-455A-B672-F234DD780948}\InprocServer32 -> C:\Users\FED0002\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.25.28902\x64\Microsoft.Teams.MeetingAddin.DLL (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2025-09-08] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-12-31] (Notepad++ -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-12-18] (Malwarebytes Inc -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncShell64.dll [2025-12-11] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2025-09-08] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-12-18] (Malwarebytes Inc -> Malwarebytes) ContextMenuHandlers1_S-1-12-1-1171571344-1257121411-3889021115-4132529129: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers4_S-1-12-1-1171571344-1257121411-3889021115-4132529129: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers6_S-1-12-1-1171571344-1257121411-3889021115-4132529129: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\FED0002\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Myla - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5" ShortcutWithArgument: C:\Users\FED0002\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Myla - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" ==================== Loaded Modules (Whitelisted) ============= 2023-02-07 19:52 - 2023-02-07 19:52 - 001204224 ____N () [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Intel.Cst.Core.dll 2025-12-18 12:12 - 2025-12-18 12:12 - 002338304 _____ () [File not signed] \\?\C:\Users\FED0002\AppData\Local\Temp\39af2684-560a-4cbc-a117-24fc1aa97d6a.tmp.node 2019-08-15 21:13 - 2019-08-15 21:13 - 001265664 _____ () [File not signed] C:\Program Files (x86)\Combo Cleaner\runtimes\win-x64\native\e_sqlite3.dll 2025-12-18 14:55 - 2025-12-18 14:55 - 000144384 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Edge\Application\dlls\SHLWAPI.dll 2025-12-18 14:55 - 2025-12-18 14:55 - 000144384 _____ () [File not signed] C:\Program Files\Google\Chrome\Application\dlls\SHLWAPI.dll 2025-09-24 20:57 - 2024-05-08 19:18 - 002862080 _____ () [File not signed] C:\Users\FED0002\AppData\Local\Programs\bluestacks-services\ffmpeg.dll 2025-09-24 20:57 - 2024-05-08 19:18 - 000479232 _____ () [File not signed] C:\Users\FED0002\AppData\Local\Programs\bluestacks-services\libegl.dll 2025-09-24 20:57 - 2024-05-08 19:18 - 007513600 _____ () [File not signed] C:\Users\FED0002\AppData\Local\Programs\bluestacks-services\libglesv2.dll 2025-09-24 20:57 - 2024-05-08 19:18 - 005209088 _____ () [File not signed] C:\Users\FED0002\AppData\Local\Programs\bluestacks-services\vk_swiftshader.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000137728 _____ () [File not signed] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\ipfcoresdk.DLL 2025-12-10 19:24 - 2025-12-10 19:24 - 000021504 _____ (Huor Swords) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Logging.Log4Net.AspNetCore.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000021504 ____N (Huor Swords) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Logging.Log4Net.AspNetCore.dll 2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000027648 _____ (Intel Corp.) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Intel.Ipf.CoreLib.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000043520 _____ (Intel Corp.) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Intel.Ipf.CoreLib.Native.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000145920 _____ (Intel Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Intel.Cst.Ipc.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000025088 _____ (Intel Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Intel.Cst.Ipc.HelperService.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000028160 _____ (Intel Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Intel.Cst.WinAudioApi.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000147456 _____ (Intel Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Intel.Cst.Ipc.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000015872 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Configuration.Abstractions.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000024576 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Configuration.Binder.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000013824 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Configuration.CommandLine.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000026624 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Configuration.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000008704 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Configuration.EnvironmentVariables.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000016384 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Configuration.FileExtensions.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000015872 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Configuration.Json.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000014848 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Configuration.UserSecrets.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000033792 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.DependencyInjection.Abstractions.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000071168 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.DependencyInjection.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000011264 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.FileProviders.Abstractions.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000032768 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.FileProviders.Physical.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000034304 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.FileSystemGlobbing.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000018432 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Hosting.Abstractions.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000045568 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Hosting.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000052224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Logging.Abstractions.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000016896 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Logging.Configuration.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000040960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Logging.Console.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000008192 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Logging.Debug.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000034816 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Logging.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000014336 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Logging.EventLog.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000023040 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Logging.EventSource.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000012800 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Options.ConfigurationExtensions.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000049152 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Options.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000030208 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Extensions.Primitives.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000008704 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Win32.Primitives.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000035328 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\Microsoft.Win32.Registry.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000022528 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\netstandard.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000076288 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Collections.Concurrent.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000092160 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Collections.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000036352 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Collections.NonGeneric.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000035328 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Collections.Specialized.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000005632 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.ComponentModel.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000015872 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.ComponentModel.EventBasedAsync.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000030720 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.ComponentModel.Primitives.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000283136 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.ComponentModel.TypeConverter.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000064512 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Console.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000987136 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Data.Common.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000133632 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Diagnostics.DiagnosticSource.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000114688 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Diagnostics.Process.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000044032 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Diagnostics.TraceSource.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000029696 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.IO.FileSystem.Watcher.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000056320 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.IO.Pipes.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000143360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Linq.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000557056 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Linq.Expressions.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000079360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Net.Primitives.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000059904 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Net.WebClient.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000037888 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.ObjectModel.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000089088 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Private.Uri.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 003091968 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Private.Xml.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000007680 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Runtime.CompilerServices.Unsafe.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000009216 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Runtime.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000024064 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Runtime.InteropServices.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000012288 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Runtime.InteropServices.RuntimeInformation.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000069120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Runtime.Numerics.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000123392 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Runtime.Serialization.Formatters.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000011264 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Runtime.Serialization.Primitives.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000082944 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Security.AccessControl.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000040960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Security.Claims.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000061952 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Security.Principal.Windows.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000446464 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Text.Json.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000033792 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Threading.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000005120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Threading.Tasks.Extensions.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000005120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\System.Xml.ReaderWriter.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000015872 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Configuration.Abstractions.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000024576 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Configuration.Binder.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000013824 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Configuration.CommandLine.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000026624 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Configuration.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000008704 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Configuration.EnvironmentVariables.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000016384 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Configuration.FileExtensions.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000015872 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Configuration.Json.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000014848 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Configuration.UserSecrets.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000033792 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.DependencyInjection.Abstractions.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000071168 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.DependencyInjection.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000011264 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.FileProviders.Abstractions.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000032768 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.FileProviders.Physical.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000034304 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.FileSystemGlobbing.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000018432 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Hosting.Abstractions.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000045568 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Hosting.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000013312 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Hosting.WindowsServices.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000052224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Logging.Abstractions.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000016896 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Logging.Configuration.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000040960 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Logging.Console.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000008192 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Logging.Debug.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000034816 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Logging.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000014336 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Logging.EventLog.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000023040 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Logging.EventSource.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000012800 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Options.ConfigurationExtensions.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000049152 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Options.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000030208 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Extensions.Primitives.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000008704 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Win32.Primitives.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000035328 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\Microsoft.Win32.Registry.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000022528 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\netstandard.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000076288 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Collections.Concurrent.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000092160 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Collections.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000180224 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Collections.Immutable.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000036352 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Collections.NonGeneric.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000035328 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Collections.Specialized.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000005632 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.ComponentModel.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000015872 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.ComponentModel.EventBasedAsync.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000030720 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.ComponentModel.Primitives.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000283136 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.ComponentModel.TypeConverter.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000064512 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Console.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000987136 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Data.Common.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000133632 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Diagnostics.DiagnosticSource.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000121856 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Diagnostics.EventLog.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000114688 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Diagnostics.Process.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000015360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Diagnostics.StackTrace.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000044032 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Diagnostics.TraceSource.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000036352 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.IO.FileSystem.AccessControl.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000029696 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.IO.FileSystem.Watcher.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000006144 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.IO.Pipes.AccessControl.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000056320 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.IO.Pipes.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000143360 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Linq.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000557056 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Linq.Expressions.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000280064 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Management.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000079360 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Net.Primitives.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000059904 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Net.WebClient.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000037888 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.ObjectModel.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000089088 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Private.Uri.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 003091968 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Private.Xml.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000442880 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Reflection.Metadata.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000007680 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Runtime.CompilerServices.Unsafe.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000011264 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Runtime.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000024064 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Runtime.InteropServices.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000012288 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Runtime.InteropServices.RuntimeInformation.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000069120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Runtime.Numerics.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000123392 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Runtime.Serialization.Formatters.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000011264 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Runtime.Serialization.Primitives.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000082944 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Security.AccessControl.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000040960 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Security.Claims.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000061952 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Security.Principal.Windows.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000051712 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.ServiceProcess.ServiceController.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000446464 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Text.Json.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000041472 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Threading.Channels.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000034304 ____N (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Threading.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000005120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Threading.Tasks.Extensions.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000005120 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\System.Xml.ReaderWriter.dll 2025-12-10 19:24 - 2025-12-10 19:24 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Users\FED0002\AppData\Local\Temp\.net\intel_cst_helper_service\4G1dwTQWRU7PU4GhTn+MMtB0sT8GOnY=\log4net.dll 2023-02-07 19:52 - 2023-02-07 19:52 - 000258048 ____N (The Apache Software Foundation) [File not signed] [File is in use] C:\Windows\TEMP\.net\intel_cst_service_standalone\dj5pXwVTWkr0d4e_KRm7CI2FvDhIUyc=\log4net.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\regid.2000-08.com.respondus_6EE60C98-D25C-4047-9564-5B16F626B69B.swidtag:5FC89B5FAD [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:5465085A2F [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [3442] AlternateDataStreams: C:\Users\FED0002\Downloads\FRST64.exe:MBAM.Zone.Identifier [50] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9482] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ManageEngine Desktop Central - Remote Control => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ManageEngine UEMS - Remote Control => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_431\bin\ssv.dll [2024-09-29] (Oracle America, Inc. -> Oracle Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2025-12-06] (Adobe Inc. -> Adobe Systems Incorporated) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_431\bin\jp2ssv.dll [2024-09-29] (Oracle America, Inc. -> Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2025-12-06] (Adobe Inc. -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-12-13] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2025-12-06] (Adobe Inc. -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2025-12-06] (Adobe Inc. -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2025-12-06] (Adobe Inc. -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2025-12-06] (Adobe Inc. -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\sharepoint.com -> hxxps://nossalhs-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-06-05 23:08 - 2021-06-05 23:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Network =========================== (Currently there is no automatic fix for this section.) DNS Servers: 192.168.4.1 Windows Firewall is enabled. Network Binding: ============= WiFi: Intel(R) Wi-Fi 6 AX201 160MHz -> Netwtw14.sys Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps; HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\Control Panel\Desktop\\Wallpaper -> C:\Users\FED0002\Downloads\download (3) (1).jpeg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 5) (TamperProtectionSource: 64) HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "EPPCCMON" HKLM\...\StartupApproved\Run: => "Riot Vanguard" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "EEventManager" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{AE64DA40-63AC-4B20-8246-724DB7C08602}C:\users\fed0002\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\fed0002\appdata\roaming\zoom\bin\zoom.exe => No File FirewallRules: [UDP Query User{88E05070-A35F-44C9-B664-DA99313052BE}C:\users\fed0002\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\fed0002\appdata\roaming\zoom\bin\zoom.exe => No File FirewallRules: [TCP Query User{2035A576-CC5C-4E1E-B6C5-6644649D0676}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{68E208A6-FFE6-40CB-BA71-6A26700D4226}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{0B78F05D-CED8-454E-881A-B0243DD06843}C:\program files (x86)\nap locked down browser\nap locked down browser.exe] => (Allow) C:\program files (x86)\nap locked down browser\nap locked down browser.exe => No File FirewallRules: [UDP Query User{F22F2F71-BB3B-4234-8A55-37569E55F8A2}C:\program files (x86)\nap locked down browser\nap locked down browser.exe] => (Allow) C:\program files (x86)\nap locked down browser\nap locked down browser.exe => No File FirewallRules: [TCP Query User{A38F01A7-8718-4093-9F34-56E036273732}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File FirewallRules: [UDP Query User{4AFC8274-D641-448D-89CC-8BC2351494FD}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File FirewallRules: [{7A287805-2B95-4A02-B340-C1C72AB96CE1}] => (Allow) C:\Users\FED0002\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File FirewallRules: [{B4AB32D8-0459-46A0-982F-9C65C80D5A1D}] => (Allow) C:\Users\FED0002\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File FirewallRules: [{3DBB3999-95DF-493A-8D5E-AD2156D5EE20}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [{1D269C38-2BFF-4CFD-951E-62CE2BE11066}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [{03F6A3D4-7901-44B3-BEA8-EBB10CD48E4C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{614A082D-7065-4575-A0FE-2F9B97B89116}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{E8BD342A-14CB-42A8-B5FC-53DD56F2CDC0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{77BF5B8D-6C47-491C-B27A-A415C62B74C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{8145328D-0266-403C-93AD-4FF8CCEADD7A}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File FirewallRules: [UDP Query User{57CFC38A-A503-41A7-92A3-32E74535340C}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File FirewallRules: [TCP Query User{2502E9E8-5870-4C68-A807-A356C1C1DFAA}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{898F712F-5695-4FB5-9FC3-C648AE76B775}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{2728E3AC-C8B4-4787-A16C-F9D0A8208E61}C:\programdata\fed0002\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\fed0002\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{D6513952-B651-4D42-887C-8A28836996C7}C:\programdata\fed0002\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\fed0002\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{AA87E1CC-7A5B-453E-A91A-ED8A0A22E05F}C:\users\fed0002\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\fed0002\appdata\roaming\zoom\bin\zoom.exe => No File FirewallRules: [UDP Query User{F3F71A70-2FF2-496E-9620-E87AC445875F}C:\users\fed0002\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\fed0002\appdata\roaming\zoom\bin\zoom.exe => No File FirewallRules: [TCP Query User{C82EBCF7-2F94-4FAB-9647-8F55C2CC2A29}C:\programdata\fed0002\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\fed0002\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{DC60B67A-152B-4011-A597-7FC98737C96D}C:\programdata\fed0002\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\fed0002\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{2B23E151-7E21-4E94-A32C-03A8FCF9043A}C:\users\fed0002\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\fed0002\appdata\local\microsoft\teams\current\teams.exe => No File FirewallRules: [UDP Query User{D0444A89-3AE3-4065-8C82-7E61BD5F8969}C:\users\fed0002\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\fed0002\appdata\local\microsoft\teams\current\teams.exe => No File FirewallRules: [TCP Query User{EA5D2964-0F66-47E1-8347-0A125B71A39D}C:\users\fed0002\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\fed0002\appdata\local\microsoft\teams\current\teams.exe => No File FirewallRules: [UDP Query User{D560B02A-C09E-4BD4-BC6F-B60E182DD028}C:\users\fed0002\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\fed0002\appdata\local\microsoft\teams\current\teams.exe => No File FirewallRules: [{8BB6E37F-3691-4106-A1C6-976BFA6B7BA7}] => (Allow) C:\Users\FED0002\AppData\Local\Programs\Opera\102.0.4880.78\opera.exe => No File FirewallRules: [TCP Query User{94CD53EC-AB62-4422-8531-33B7F15C2607}C:\users\fed0002\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe FirewallRules: [UDP Query User{4ECB41FD-59FD-4661-8A05-1A72184E0BC9}C:\users\fed0002\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe FirewallRules: [TCP Query User{002BB4A1-90DB-4090-A8C0-DB24CAD4DB8D}C:\users\fed0002\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{66D2F2AE-3861-4DA1-A782-91EBD8584823}C:\users\fed0002\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe FirewallRules: [TCP Query User{809EEBCA-8752-4D3D-8AA2-B2DD98749BB3}C:\users\fed0002\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe FirewallRules: [UDP Query User{C0DA29A9-831F-475A-8DC6-9E3071828B2B}C:\users\fed0002\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe FirewallRules: [{23979439-D325-46E4-BD76-BEFF33AD3765}] => (Allow) C:\Users\FED0002\AppData\Local\Programs\Opera\105.0.4970.13\opera.exe => No File FirewallRules: [TCP Query User{CF09BA09-4604-4B90-B13D-864C884703BD}C:\users\fed0002\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{8AA031AE-FB32-4839-A307-17F3A27DD6F0}C:\users\fed0002\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe FirewallRules: [TCP Query User{F95EFAB7-9C93-4665-B298-E1B0420DDE9D}C:\users\fed0002\appdata\local\programs\lifeat\lifeat.exe] => (Allow) C:\users\fed0002\appdata\local\programs\lifeat\lifeat.exe (Todesktop Limited -> LifeAt) FirewallRules: [UDP Query User{B5192D3B-B9B7-4B59-94BB-31F606EC5353}C:\users\fed0002\appdata\local\programs\lifeat\lifeat.exe] => (Allow) C:\users\fed0002\appdata\local\programs\lifeat\lifeat.exe (Todesktop Limited -> LifeAt) FirewallRules: [TCP Query User{7199E65E-430F-4C52-B375-13AE7D44E139}C:\users\fed0002\appdata\local\programs\lifeat\lifeat.exe] => (Allow) C:\users\fed0002\appdata\local\programs\lifeat\lifeat.exe (Todesktop Limited -> LifeAt) FirewallRules: [UDP Query User{619958C7-9CA3-4633-911B-AC45539F44E9}C:\users\fed0002\appdata\local\programs\lifeat\lifeat.exe] => (Allow) C:\users\fed0002\appdata\local\programs\lifeat\lifeat.exe (Todesktop Limited -> LifeAt) FirewallRules: [{42DB03F7-2835-4D83-9ADA-5A5592C37EB0}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{5D8C95EC-E4D3-4ED7-95E5-D6E0C9BDC6F3}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{606C2303-9E32-4A4F-89B5-F058424DE560}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{E0DACDC3-E0C2-45E7-BC15-8F740EFBD7AD}C:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe] => (Allow) C:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe => No File FirewallRules: [UDP Query User{D46B5EA3-2342-4744-B5F4-54AEE1008C30}C:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe] => (Allow) C:\wuthering waves\wuthering waves game\client\binaries\win64\client-win64-shipping.exe => No File FirewallRules: [{56C6D055-9989-4AFB-BDCF-671D9D6A058C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{9DC5D7D2-1EF0-4EC4-A26B-C09405075CB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8079224E-5952-46EE-BED0-00933864791F}] => (Allow) LPort=9422 FirewallRules: [{D5812200-64BC-455A-AB1C-E92E997EA076}] => (Allow) LPort=9245 FirewallRules: [{C61FE17B-7007-4C4B-80A4-237B12F6DDFA}] => (Allow) LPort=9246 FirewallRules: [{DAFFB79A-0C50-4D95-8489-CF38D3A069FE}] => (Allow) LPort=9247 FirewallRules: [TCP Query User{7826D98B-2D78-4678-91C0-52EBF4B82537}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{7DAB4F73-C43A-4BA0-BD18-36BF7837F6DB}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [TCP Query User{63926450-6D6C-4EC5-8AB8-AC802FCBEDAD}C:\users\fed0002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe FirewallRules: [UDP Query User{1CDCB393-157A-44B1-8BB4-2905689CDE63}C:\users\fed0002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe FirewallRules: [TCP Query User{A30BF1A0-4BF5-4571-9BA9-2180ECD2E30F}C:\users\fed0002\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\fed0002\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{D383BC92-4C91-46EB-9FAA-1977E73CC3EB}C:\users\fed0002\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\fed0002\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [TCP Query User{8DC9D205-5F04-4619-9032-7F85CF1C7876}C:\users\fed0002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe FirewallRules: [UDP Query User{B5BE5BB3-094B-4BF5-B5AD-8F830BBA408A}C:\users\fed0002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe FirewallRules: [{C7BD7A5D-8911-4162-9E45-E7896F0D0A5E}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.) FirewallRules: [{19317C1A-4CBA-4E0B-B83B-BFFDE7634DEA}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File FirewallRules: [{4B92D9C2-BE85-49B0-BCA3-8B95136D9774}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems) FirewallRules: [{9053778D-9116-4D3F-AA86-F541C8BC27D3}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.) FirewallRules: [{114C27C3-EF2C-4650-9603-FFBFE7665717}] => (Allow) C:\Program Files (x86)\Vivi Corporation\Vivi\Vivi.exe (Vivi International Pty Ltd -> Vivi International Pty Ltd) FirewallRules: [{7394DFD4-5C42-49C7-9BAA-DFD24E366B1E}] => (Allow) C:\Program Files (x86)\vivi corporation\vivi\resources\app.asar.unpacked\node_modules\mediasoup\worker\out\release\vivi-livebroadcast.exe (Vivi International Pty Ltd -> ) FirewallRules: [{BA02FA0D-8932-494D-B919-88112BE5DB89}] => (Allow) C:\Program Files (x86)\vivi corporation\vivi\resources\app.asar.unpacked\node_modules\mediasoup\worker\out\release\vivi-livebroadcast.exe (Vivi International Pty Ltd -> ) FirewallRules: [{2C2F54E8-DF61-4724-974A-7A12D7AFE80B}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2502.4038.565_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{54958251-7373-4B0A-8AA6-426107265851}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2502.4038.565_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{20F100E0-1868-43F9-BBB1-FE3A79E57B09}] => (Allow) C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\Minecraft.Windows.exe (Microsoft Corporation -> ) FirewallRules: [{4869C577-16FC-4FD4-ADC9-422D75A39686}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{4A02358D-2D2B-4466-9F1C-D5B8E2ABEC55}C:\users\fed0002\appdata\roaming\modrinthapp\meta\java_versions\zulu21.46.19-ca-jre21.0.9-win_x64\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\modrinthapp\meta\java_versions\zulu21.46.19-ca-jre21.0.9-win_x64\bin\javaw.exe FirewallRules: [UDP Query User{2D5F95CC-2427-4113-9FF1-2745F7221494}C:\users\fed0002\appdata\roaming\modrinthapp\meta\java_versions\zulu21.46.19-ca-jre21.0.9-win_x64\bin\javaw.exe] => (Allow) C:\users\fed0002\appdata\roaming\modrinthapp\meta\java_versions\zulu21.46.19-ca-jre21.0.9-win_x64\bin\javaw.exe FirewallRules: [{CE05F9F7-EA77-434B-B298-CB48439936C4}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25318.201.4113.9830_x64__8wekyb3d8bbwe\ms-teams_modulehost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F216D201-2FEA-4390-B9ED-B2E534426922}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25318.201.4113.9830_x64__8wekyb3d8bbwe\ms-teams_modulehost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6B753F40-635E-4FDB-B91B-3DF6678D6181}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25318.201.4113.9830_x64__8wekyb3d8bbwe\ms-teams_modulehost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{62240702-9430-4B00-9567-FE32B347359B}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25318.201.4113.9830_x64__8wekyb3d8bbwe\ms-teams_modulehost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1ABAC973-753D-44B1-BC8A-90930F1D0713}] => (Allow) C:\Program Files (x86)\Overwolf\0.290.1.2\OverwolfBrowser.exe => No File FirewallRules: [{2A793483-DC6F-43FD-BA70-99EDBFAB1680}] => (Allow) C:\Program Files (x86)\Overwolf\0.290.1.2\OverwolfBrowser.exe => No File FirewallRules: [{E2E820CF-0705-4EAE-84C8-CBF9B11FA0E9}] => (Block) C:\Program Files (x86)\Overwolf\0.290.1.2\OverwolfBrowser.exe => No File FirewallRules: [{40566AC2-ACFB-489D-94DF-4ECD5991AC69}] => (Block) C:\Program Files (x86)\Overwolf\0.290.1.2\OverwolfBrowser.exe => No File FirewallRules: [{C456FB80-8D55-419A-9115-648749ACD91B}] => (Allow) C:\Program Files (x86)\Overwolf\0.291.0.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{84E25F27-AC8E-448E-871E-8A302BE60DA1}] => (Allow) C:\Program Files (x86)\Overwolf\0.291.0.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{440A0DC3-2977-464E-9462-8DF91914D85A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{F2D4967A-5996-4456-8D1B-148E642C7E32}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{8F2C00B4-D188-4B50-8E26-E5A5ACC78EA8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{050B1720-770F-4B0B-B50B-8179CE8A8D63}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{CE53D7BA-F4E4-4536-B52C-2FBEA1EB4E79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{FCF67F47-24DA-473D-B4D7-7B991F518E9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{C3C5A027-35BA-45BD-8379-6CF152713E28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6AAE0765-6799-4FA2-9135-8DF0BFB80F0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{78003B2A-EA88-4824-B12D-D880ED08C8E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6399E5D8-F1C3-4EFC-8E93-1C0AA1B36A03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{33E8432A-2D2E-40C6-9E47-06A77AEA44AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{0EFB191C-02E7-4941-9A00-5CC5AF33B145}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{EBF308CE-2C4B-4DA4-8C3F-613115852FB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{0CC2F58D-E701-4553-9C1C-DDAD02E57EE6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.279.425.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) ==================== Restore Points ========================= 14-12-2025 12:51:10 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/18/2025 04:20:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchHost.exe version 423.34601.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 8860 Start Time: 01dc6fddccb16dea Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe Report Id: 6da4eb41-0674-48f8-a66a-c3c3899fb84d Faulting package full name: MicrosoftWindows.Client.CBS_1000.22004.1000.0_x64__cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (12/18/2025 04:10:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchHost.exe version 423.34601.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 9580 Start Time: 01dc6fdc6aae4628 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe Report Id: 5a60b786-9507-47a8-8b03-75c712a67f24 Faulting package full name: MicrosoftWindows.Client.CBS_1000.22004.1000.0_x64__cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (12/18/2025 04:07:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchHost.exe version 423.34601.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 378 Start Time: 01dc6fdc30fac46b Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe Report Id: cfb617ed-3c36-4aab-b309-4f8b9db6c152 Faulting package full name: MicrosoftWindows.Client.CBS_1000.22004.1000.0_x64__cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (12/18/2025 04:03:04 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchHost.exe version 423.34601.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2278 Start Time: 01dc6fdb8b86a978 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe Report Id: fd62a5d0-353c-417e-838b-ad605720cf2a Faulting package full name: MicrosoftWindows.Client.CBS_1000.22004.1000.0_x64__cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (12/18/2025 04:02:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchHost.exe version 423.34601.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 8590 Start Time: 01dc6fdb710e4dde Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe Report Id: dfad3c9c-c3b0-4e70-be04-de151579b5f6 Faulting package full name: MicrosoftWindows.Client.CBS_1000.22004.1000.0_x64__cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (12/18/2025 12:16:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchHost.exe version 423.34601.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2a18 Start Time: 01dc6fbbd155e7ce Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe Report Id: eda9183f-37fb-4b58-86c1-48292fe931dc Faulting package full name: MicrosoftWindows.Client.CBS_1000.22004.1000.0_x64__cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Hang type: Quiesce Error: (12/18/2025 12:13:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program AcrobatNotificationClient.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 5540 Start Time: 01dc6fbb5e88ea09 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe Report Id: ccb274ec-46d2-4d4f-bfef-3d827e6b0cb2 Faulting package full name: AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r Faulting package-relative application ID: App Hang type: Quiesce Error: (12/18/2025 12:02:26 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY) Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126). System errors: ============= Error: (12/18/2025 04:30:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LenovoVantageService service. Error: (12/18/2025 04:06:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (12/18/2025 04:06:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect. Error: (12/18/2025 04:04:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LenovoVantageService service. Error: (12/18/2025 04:01:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (12/18/2025 04:01:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Group Policy Client service to connect. Error: (12/18/2025 02:04:24 PM) (Source: Kerberos) (EventID: 11) (User: ) Description: The Distinguished Name in the subject field of your smart card logon certificate does not contain enough information to identify the appropriate domain on an non-domain joined computer. Contact your system administrator. Error: (12/18/2025 12:20:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ManageEngine Unified Endpoint Security - Agent service. Windows Defender: ================ Date: 2025-12-16 22:11:28 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Stop Reason: Scan was stopped to save battery Date: 2025-12-02 20:29:27 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Stop Reason: Scan was stopped to save battery Date: 2025-11-30 22:55:44 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Stop Reason: Unknown Date: 2025-11-26 22:49:12 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Stop Reason: Unknown Date: 2025-11-25 20:01:26 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Stop Reason: Scan was stopped to save battery Event[0] Date: 2025-12-18 12:04:52 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2025-12-14 11:10:32 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. Date: 2025-11-05 17:28:17 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.439.680.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.25090.3001 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2025-08-07 09:17:55 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.435.11.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.25070.4 Error code: 0x80240022 Error description: The program can't check for definition updates. Date: 2025-08-07 09:17:55 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.435.11.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.25070.4 Error code: 0x80240022 Error description: The program can't check for definition updates. CodeIntegrity: =============== Date: 2025-12-18 16:33:09 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: LENOVO R1UET52W (1.29 ) 06/11/2025 Motherboard: LENOVO 21B6S04400 Processor: 12th Gen Intel(R) Core(TM) i5-1235U Percentage of memory in use: 85% Total physical RAM: 16067.05 MB Available physical RAM: 2314.58 MB Total Virtual: 25795.05 MB Available Virtual: 8309.68 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:236.25 GB) (Free:35.28 GB) (Model: KBG5AZNT256G LA KIOXIA) (Protected) NTFS \\?\Volume{1314b921-83ae-4c23-96d1-30290f2499a6}\ (WinRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.07 GB) NTFS \\?\Volume{55423d09-e2a4-4af8-802e-c831c9fa2b04}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 540001CC) Partition: GPT. ==================== End of Addition.txt =======================