CloseProcesses: SystemRestore: On CreateRestorePoint: File: C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll File: C:\Users\Noc\AppData\Local\Clavier+\Clavier.exe; C:\DWMBlurGlass v2.3.2 Beta3\DWMBlurGlassHost.dll File: C:\Program Files\Windows Sidebar\sidebar.exe HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (No File) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer: [UseDesktopIniCache] 0 HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:windowsupdate HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 <==== ATTENTION HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.9.0\GoogleDriveFS.exe --startup_mode (No File) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.9.0\GoogleDriveFS.exe --startup_mode (No File) HKU\S-1-5-21-3689859802-142097239-3138972455-1001\...\Run: [Clipper Service] => C:\Users\Noc\AppData\Roaming\svchost.exe (No File) <==== ATTENTION HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.9.0\GoogleDriveFS.exe --startup_mode (No File) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel (No File) AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2021-05-29] (Google) [File not signed] [File is in use] IFEO\LogonUI.exe: [VerifierDlls] SecureUxTheme.dll IFEO\osppsvc.exe: [VerifierDlls] SppExtComObjHook.dll IFEO\SppExtComObj.exe: [VerifierDlls] SppExtComObjHook.dll IFEO\SystemSettings.exe: [VerifierDlls] SecureUxTheme.dll IFEO\winlogon.exe: [VerifierDlls] SecureUxTheme.dll GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction - Edge <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKU\S-1-5-21-3689859802-142097239-3138972455-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION Task: {DAECED0A-D599-4C04-844B-CC628A6B9348} - System32\Tasks\DWMBlurGlass_Extend => C:\DWMBlurGlass v2.3.2 Beta3\DWMBlurGlassHost.dll [476160 2025-12-05] (winmoes.com) [File not signed] Task: {46FF4636-1E19-4086-B439-64D918571AC7} - System32\Tasks\GadgetPack => C:\Program Files\Windows Sidebar\sidebar.exe [1448448 2024-11-01] (Microsoft Corporation) [File not signed] [File is in use] <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File AlternateDataStreams: C:\ProgramData:135AD463B3B120B4 [217] AlternateDataStreams: C:\ProgramData:379F2301159C306E [217] AlternateDataStreams: C:\ProgramData:C66EDEA789E36556 [217] AlternateDataStreams: C:\Users\All Users:135AD463B3B120B4 [217] AlternateDataStreams: C:\Users\All Users:379F2301159C306E [217] AlternateDataStreams: C:\Users\All Users:C66EDEA789E36556 [217] AlternateDataStreams: C:\ProgramData\Application Data:135AD463B3B120B4 [217] AlternateDataStreams: C:\ProgramData\Application Data:379F2301159C306E [217] AlternateDataStreams: C:\ProgramData\Application Data:C66EDEA789E36556 [217] AlternateDataStreams: C:\ProgramData\PACE:B10BDBE0F409EF92 [217] AlternateDataStreams: C:\ProgramData\PACE:B3A356B6F51A5F16 [217] AlternateDataStreams: C:\ProgramData\PACE:BAE2A0ED58749383 [217] AlternateDataStreams: C:\Users\Noc\Desktop\My stories [symlink]:com.dropbox.attrs [54] HKU\S-1-5-21-3689859802-142097239-3138972455-1001\Software\Classes\regfile: <==== ATTENTION HKU\S-1-5-21-3689859802-142097239-3138972455-1001\Software\Classes\.reg: => <==== ATTENTION HKU\S-1-5-21-3689859802-142097239-3138972455-1001\Software\Classes\.bat: => <==== ATTENTION HKU\S-1-5-21-3689859802-142097239-3138972455-1001\Software\Classes\.cmd: => <==== ATTENTION FirewallRules: [{C64DC6EF-67A9-4492-B652-0F3DD48A5E23}] => (Block) C:\Program Files (x86)\AOMEI Partition Assistant\PartAssist.exe => No File FirewallRules: [{84D72449-F41E-40A4-AFF4-83FD0176F1C1}] => (Allow) C:\Program Files (x86)\Acronis\Agent\aakore.exe => No File FirewallRules: [{CBF79E3A-24FF-4F4C-B21C-7B0D7D80C5DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{19197684-D0D7-48C4-A3A0-4E52DB5B0932}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File FirewallRules: [{CC0E24D1-50C8-4B67-B13C-0B53D270B83B}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\SystemReport.exe => No File FirewallRules: [{4CAC405A-6522-45D2-8AD0-A29531BB99B0}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\acronis_drive.exe => No File FirewallRules: [{1408D007-8705-482F-A96A-D5A5B642223B}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\mobile_backup_status_server.exe => No File FirewallRules: [{F643DECF-F434-45EE-A299-5FCFD7DE2A9D}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\ga_service.exe => No File FirewallRules: [{7FD594D3-84F9-49CF-B700-A8F6C3B621E8}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\LicenseActivator.exe => No File FirewallRules: [{0EFDCFA7-F2C6-47D3-84A7-BDC13AD2EC12}] => (Allow) C:\Program Files (x86)\Acronis\Agent\bin\bckp_amgr.exe => No File FirewallRules: [{0CBCEA86-23ED-441B-A528-B8C10C5CD295}] => (Allow) C:\Program Files (x86)\Acronis\Agent\bin\task-manager.exe => No File FirewallRules: [{E8D1166D-5D86-4505-B99A-F1124EA23BAE}] => (Allow) C:\Users\Noc\AppData\Local\Videostream\app-0.5.1\videostream-native\videostream-native.exe => No File FirewallRules: [{D9AF2739-849B-43FF-A53A-8623172AC2A4}] => (Allow) C:\Users\Noc\AppData\Local\Videostream\app-0.5.1\videostream-native\videostream-native.exe => No File FirewallRules: [TCP Query User{1A4AEB4C-6E66-4BF4-97D3-C7AB252927F5}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [UDP Query User{94778B80-A89E-447E-A339-C031AA3E791A}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [{4C22F300-0682-446B-91EF-D65EA7E6CF11}] => (Block) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [{4AA9B320-40E9-4B15-9943-D703E52DBFE5}] => (Block) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File FirewallRules: [{C19C28E2-9112-4F91-8118-32CF2F14986F}] => (Block) C:\Program Files\Adobe\Adobe Photoshop CC 2019\Photoshop.exe => No File FirewallRules: [{33FB6088-4751-4DF0-B648-F1AE0FA1926D}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File FirewallRules: [{EB1EEA3E-2060-4D66-8ECA-5719D0C849C0}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe => No File FirewallRules: [{0A07AAF5-DDCB-4165-BE93-9AEE15BDD277}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe => No File FirewallRules: [{1E53E702-E632-433D-8DCE-0BF14FF8B09D}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe => No File FirewallRules: [{AD4CA7DC-8096-4946-B93B-F25A54E634EA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe => No File FirewallRules: [{0E2C3B28-2EF4-44F5-872F-E62F19A9D617}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe => No File FirewallRules: [{B7CCC1C7-44EC-4C00-BD2A-44B716499E46}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe => No File FirewallRules: [{1087DD58-8842-4233-9DF9-DB2BB3F7EB21}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe => No File FirewallRules: [{0B0B51EF-99FB-4C89-AEEA-7976C078E968}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe => No File FirewallRules: [{377D5E52-548C-4063-970B-0D62F44A1F5E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe => No File FirewallRules: [{E243EBFE-5105-42FA-A1F5-3A9C87F4207C}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe => No File FirewallRules: [{F60AB180-C700-44AD-B2E7-F9DA0D21CAF4}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe => No File FirewallRules: [{6C3DE9A3-699E-439A-925C-980EC1EEEC41}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe => No File FirewallRules: [{4CE25011-E583-466E-B4B8-3DB14A6E3377}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe => No File FirewallRules: [{C46945F4-6563-4BC2-82FC-918890EC6319}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\bckp_amgr.exe => No File FirewallRules: [{85409E11-1B96-45F3-8D3C-5914C2F2ECC1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\task-manager.exe => No File FirewallRules: [TCP Query User{0705B270-E6FE-40EC-AB3A-969C32D01732}C:\users\noc\desktop\temporary\[no uploads]\platform-tools\adb.exe] => (Allow) C:\users\noc\desktop\temporary\[no uploads]\platform-tools\adb.exe => No File FirewallRules: [UDP Query User{69EC60E6-0DFA-4481-87FB-C8545C171977}C:\users\noc\desktop\temporary\[no uploads]\platform-tools\adb.exe] => (Allow) C:\users\noc\desktop\temporary\[no uploads]\platform-tools\adb.exe => No File FirewallRules: [{D775BEBE-D646-411D-98DD-81DF22C9C56A}] => (Block) C:\users\noc\desktop\temporary\[no uploads]\platform-tools\adb.exe => No File FirewallRules: [{A9C0D1CE-EF85-43C3-A079-9EB1BA312E11}] => (Block) C:\users\noc\desktop\temporary\[no uploads]\platform-tools\adb.exe => No File FirewallRules: [{9144C22A-54A5-4295-AF9A-9D34E67DB11F}] => (Allow) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe => No File FirewallRules: [TCP Query User{279FB05A-91F0-496E-9A9F-07078405BE50}C:\users\noc\appdata\local\discord\app-1.0.9235\discord.exe] => (Allow) C:\users\noc\appdata\local\discord\app-1.0.9235\discord.exe => No File FirewallRules: [UDP Query User{7DEEBB06-B96A-4077-8B7C-F56670BE968E}C:\users\noc\appdata\local\discord\app-1.0.9235\discord.exe] => (Allow) C:\users\noc\appdata\local\discord\app-1.0.9235\discord.exe => No File FirewallRules: [TCP Query User{281A305C-6918-4282-A765-78F2C92750B8}C:\users\noc\appdata\local\discord\app-1.0.9238\discord.exe] => (Allow) C:\users\noc\appdata\local\discord\app-1.0.9238\discord.exe => No File FirewallRules: [UDP Query User{ACA993E3-0297-4C54-8164-482C7CC3AA29}C:\users\noc\appdata\local\discord\app-1.0.9238\discord.exe] => (Allow) C:\users\noc\appdata\local\discord\app-1.0.9238\discord.exe => No File FirewallRules: [{138EFA18-0E2B-4094-8B7E-7EB38C5569AE}] => (Block) C:\users\noc\appdata\local\discord\app-1.0.9238\discord.exe => No File FirewallRules: [{968D84AA-7864-43F0-8018-AC9981784976}] => (Block) C:\users\noc\appdata\local\discord\app-1.0.9238\discord.exe => No File FirewallRules: [TCP Query User{D08F35F6-9BC9-4444-8E87-B24354EE96DA}C:\users\noc\appdata\local\discord\app-1.0.9240\discord.exe] => (Allow) C:\users\noc\appdata\local\discord\app-1.0.9240\discord.exe => No File FirewallRules: [UDP Query User{4C9886F6-B4A2-45DB-9B78-00BE7ADE719C}C:\users\noc\appdata\local\discord\app-1.0.9240\discord.exe] => (Allow) C:\users\noc\appdata\local\discord\app-1.0.9240\discord.exe => No File StartBatch: Dism.exe /UnMount-Wim /MountDir:"C:\mount\winre" /Discard Dism.exe /UnMount-Wim /MountDir:"C:\$WinREAgent\Scratch\Mount" /Discard Dism.exe /UnMount-Wim /MountDir:"C:\Users\Noc\AppData\Local\Temp\AomeiDateBackupper25136\mount" /Discard Dism.exe /Cleanup-Wim reg query "HKLM\SOFTWARE\Microsoft\WIMMount\Mounted Images" /s EndBatch: StartRegedit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS] "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00 "Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001" "DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000" "ErrorControl"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\ 00 "ObjectName"="LocalSystem" "RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\ 00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\ 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\ 72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\ 63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,00,\ 62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,00,00 "ServiceSidType"=dword:00000001 "Start"=dword:00000003 "Type"=dword:00000020 "DelayedAutostart"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance] "Close"="PerfMon_Close" "Collect"="PerfMon_Collect" "Library"="C:\\Windows\\System32\\bitsperf.dll" "Open"="PerfMon_Open" "InstallType"=dword:00000001 "PerfIniFile"="bitsctrs.ini" "1008"=hex(b):74,50,2a,96,e5,ee,da,01 "Last Counter"=dword:00001204 "Last Help"=dword:00001205 "First Counter"=dword:000011f4 "First Help"=dword:000011f5 "Object List"="4596" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security] "Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\ 00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\ 00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\ 00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\ 00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\ 00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\ 00,20,02,00,00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WIMMount\Mounted Images] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WIMMount\Mounted Images] EndRegedit: StartPowerShell: md C:\Downloaded Invoke-webrequest https://download.microsoft.com/download/3/7/5/3754cbaa-4dff-469a-a9f0-ca501f3c0421/hvciscan_amd64.exe -OutFile C:\Downloaded\hvciscan_amd64.exe EndPowerShell: StartBatch: md C:\DrvStore PnpUtil /export-driver * C:\DrvStore rundll32.exe c:\windows\system32\pnpclean.dll,RunDLL_PnpClean /DRIVERS /MAXCLEAN rundll32.exe c:\windows\system32\pnpclean.dll,RunDLL_PnpClean /DEVICES /MAXCLEAN DISM /online /get-drivers /format:table C:\Downloaded\hvciscan_amd64.exe del /a C:\Downloaded\hvciscan_amd64.exe rd C:\Downloaded fltmc reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class" /f *erfilters* /s EndBatch: 2026-06-12 23:08 - 2026-06-12 23:10 - 000000000 ____D C:\$WinREAgent 2026-05-23 03:09 - 2025-08-26 02:55 - 000000000 ____D C:\Windows\SoftwareDistribution.bak C:\Windows\SoftwareDistribution\Download Reboot: