Fix result of Farbar Recovery Scan Tool (x64) Version: 28-03-2026
Ran by TG02-007 (30-03-2026 14:08:38) Run:1
Running from C:\Users\TG02-007\Downloads
Loaded Profiles: TG02-007 & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:

2026-03-30 06:18 - 2026-03-30 06:18 - 000255400 _____ (360.cn) C:\ProgramData\StreamA32.exe
2026-03-29 09:37 - 2026-03-30 13:16 - 000000000 ____D C:\ProgramData\MgrMaintain
2026-03-29 09:37 - 2026-03-29 09:37 - 000000000 ____D C:\Users\TG02-007\AppData\Roaming\MgrMaintain
S3 EAAntiCheat; system32\drivers\eaanticheat.sys [X]
2026-03-29 09:37 - 2026-03-30 08:34 - 000000000 ____D C:\Users\TG02-007\AppData\Roaming\Fofezayu
2026-03-29 09:37 - 2026-03-30 08:34 - 000000000 ____D C:\Users\TG02-007\gw.exe
2026-03-29 09:36 - 2026-03-29 09:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2026-03-29 09:32 - 2026-03-29 09:32 - 000000000 ____D C:\Users\TG02-007\AppData\Roaming\RenPy
2024-08-19 19:10 - 2024-12-03 15:31 - 000000000 _____ () C:\ProgramData\sldh.dat
2022-09-04 12:51 - 2022-09-04 12:51 - 000000024 _____ () C:\Users\TG02-007\AppData\Roaming\Microsoft\Update.txt
2024-12-09 09:59 - 2024-12-09 09:59 - 000000048 ____R () C:\Users\TG02-007\AppData\Local\6E5DB14CBCBF1802671DBC4CF4A16DE7
2025-11-15 05:56 - 2025-11-15 05:56 - 000000048 ____R () C:\Users\TG02-007\AppData\Local\7CFC0A8D2AB49DD279CC580FDB000897
2024-02-02 17:36 - 2024-02-02 17:36 - 000006366 ____H () C:\Users\TG02-007\AppData\Local\91477623837
2024-01-09 05:01 - 2024-01-09 05:01 - 000005374 ____H () C:\Users\TG02-007\AppData\Local\91887170374
2024-01-06 13:30 - 2024-01-06 13:30 - 000005534 ____H () C:\Users\TG02-007\AppData\Local\92056688834
C:\ProgramData\MgrMaintain
C:\ProgramData\Lupa
2026-03-27 07:43 - 2026-03-27 07:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla

2024-01-05 13:36 - 2024-01-06 00:10 - 000005350 ____H () C:\Users\TG02-007\AppData\Local\91547068486
TeamViewer (HKLM\...\TeamViewer) (Version: 15.51.6 - TeamViewer)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM-x32\...\Run: [STOVE] => C:\ProgramData\Smilegate\STOVE\STOVE.exe (No File)
HKU\S-1-5-19\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (No File)
HKU\S-1-5-19\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe (No File)
HKU\S-1-5-20\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (No File)
HKU\S-1-5-20\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe (No File)
HKU\S-1-5-21-3061952332-3695074-208723314-1001\...\Run: [AF_uuid_514912] => ad9face8-89c5-4908-90f5-7ef275380aa0** *n*u*l*l*********‘·¸¾*ñ*—ProgramF (No File)
HKU\S-1-5-21-3061952332-3695074-208723314-1001\...\Run: [AF_counter_514912] => 4 (No File)
HKU\S-1-5-21-3061952332-3695074-208723314-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (No File)
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe (No File)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (No File)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe (No File)
ShortcutTarget: RocketDock.lnk -> C:\Program Files (x86)\RocketDock\RocketDock.exe (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S3 XD Client Service; C:\Program Files (x86)\XD_GAME\public\service.exe [X]
2025-07-02 10:48 - 2025-07-02 10:48 - 000000024 _____ () C:\Users\TG02-007\AppData\Roaming\C23W6Vk43XTwu662.dat
CustomCLSID: HKU\S-1-5-21-3061952332-3695074-208723314-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\TG02-007\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3061952332-3695074-208723314-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> "C:\Program Files\NordVPN\NordVPN.exe" -ToastActivated => No File
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
AlternateDataStreams: C:\ProgramData\BstShm_5.21.580.1019_nxt:0BA5A0C5AF [7714]
AlternateDataStreams: C:\ProgramData\BstShm_5.21.580.1019_nxt:BFA2474391 [7714]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [7714]
AlternateDataStreams: C:\ProgramData\sldh.dat:136096DD5B [6002]
AlternateDataStreams: C:\ProgramData\sldh.dat:AF7D5A4DE2 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\McInst.exe:5333F5D8A9 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\McInst.exe:9DCDB32EE1 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk:35D20EBEE5 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk:C5112377E0 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Documentation.lnk:92B3809DA8 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk:F32536EEBE [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [7714]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:5465085A2F [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:BE800952D3 [6002]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [5154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10134]
AlternateDataStreams: C:\Users\TG02-007\Dati applicazioni:86dabf594e68b7fb8ac56037576b6591 [394]
AlternateDataStreams: C:\Users\TG02-007\Dati applicazioni:c15540c89c88cd704ccd25de5f07f873 [394]
AlternateDataStreams: C:\Users\TG02-007\AppData\Roaming:86dabf594e68b7fb8ac56037576b6591 [394]
AlternateDataStreams: C:\Users\TG02-007\AppData\Roaming:c15540c89c88cd704ccd25de5f07f873 [394]
AlternateDataStreams: C:\Users\TG02-007\AppData\Local\Temp:$DATA​ [16]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
GroupPolicy-Firefox: Restriction <==== ATTENTION
Task: {296F0E3E-E22E-4EAB-A10F-B898F2BAAD71} - \Microsoft\Windows\Setup\EM -> No File <==== ATTENTION
Task: {1F38C9E5-6E48-496A-99EA-2929E14D8BCC} - System32\Tasks\SystemOptimizerTemp => C:\Users\TG02-007\AppData\Local\Temp\HP\SystemOptimizerTemp\SystemOptimizer.exe  -update (No File) <==== ATTENTION
2026-03-29 09:38 - 2026-03-29 09:38 - 000000000 ____D C:\Users\TG02-007\AppData\Local\Yandex

EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\StreamA32.exe => moved successfully

"C:\ProgramData\MgrMaintain" Folder move:

C:\ProgramData\MgrMaintain => moved successfully

"C:\Users\TG02-007\AppData\Roaming\MgrMaintain" Folder move:

C:\Users\TG02-007\AppData\Roaming\MgrMaintain => moved successfully
HKLM\System\CurrentControlSet\Services\EAAntiCheat => removed successfully
EAAntiCheat => service removed successfully

"C:\Users\TG02-007\AppData\Roaming\Fofezayu" Folder move:

C:\Users\TG02-007\AppData\Roaming\Fofezayu => moved successfully

"C:\Users\TG02-007\gw.exe" Folder move:

C:\Users\TG02-007\gw.exe => moved successfully

"C:\WINDOWS\system32\Tasks\GoogleSystem" Folder move:

C:\WINDOWS\system32\Tasks\GoogleSystem => moved successfully

"C:\Users\TG02-007\AppData\Roaming\RenPy" Folder move:

C:\Users\TG02-007\AppData\Roaming\RenPy => moved successfully
C:\ProgramData\sldh.dat => moved successfully
C:\Users\TG02-007\AppData\Roaming\Microsoft\Update.txt => moved successfully
C:\Users\TG02-007\AppData\Local\6E5DB14CBCBF1802671DBC4CF4A16DE7 => moved successfully
C:\Users\TG02-007\AppData\Local\7CFC0A8D2AB49DD279CC580FDB000897 => moved successfully
C:\Users\TG02-007\AppData\Local\91477623837 => moved successfully
C:\Users\TG02-007\AppData\Local\91887170374 => moved successfully
C:\Users\TG02-007\AppData\Local\92056688834 => moved successfully
"C:\ProgramData\MgrMaintain" => not found

"C:\ProgramData\Lupa" Folder move:

C:\ProgramData\Lupa => moved successfully

"C:\WINDOWS\system32\Tasks\Mozilla" Folder move:

C:\WINDOWS\system32\Tasks\Mozilla => moved successfully
C:\Users\TG02-007\AppData\Local\91547068486 => moved successfully
TeamViewer (HKLM\...\TeamViewer) (Version: 15.51.6 - TeamViewer) => Error: No automatic fix found for this entry.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\STOVE" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\HPSEU_Host_Launcher" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMENCC_InstallationBooster" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\HPSEU_Host_Launcher" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMENCC_InstallationBooster" => removed successfully
"HKU\S-1-5-21-3061952332-3695074-208723314-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AF_uuid_514912" => removed successfully
"HKU\S-1-5-21-3061952332-3695074-208723314-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AF_counter_514912" => removed successfully
"HKU\S-1-5-21-3061952332-3695074-208723314-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removed successfully
"HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\Software\Microsoft\Windows\CurrentVersion\Run\\HPSEU_Host_Launcher" => removed successfully
"HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMENCC_InstallationBooster" => removed successfully
"HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Windows\CurrentVersion\Run\\HPSEU_Host_Launcher" => removed successfully
"HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMENCC_InstallationBooster" => removed successfully
"C:\Program Files (x86)\RocketDock\RocketDock.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
HKLM\System\CurrentControlSet\Services\XD Client Service => removed successfully
XD Client Service => service removed successfully
C:\Users\TG02-007\AppData\Roaming\C23W6Vk43XTwu662.dat => moved successfully
HKU\S-1-5-21-3061952332-3695074-208723314-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000} => removed successfully
HKU\S-1-5-21-3061952332-3695074-208723314-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000} => removed successfully
C:\WINDOWS\tracing => ":?" ADS removed successfully
C:\ProgramData\BstShm_5.21.580.1019_nxt => ":0BA5A0C5AF" ADS removed successfully
C:\ProgramData\BstShm_5.21.580.1019_nxt => ":BFA2474391" ADS removed successfully
C:\ProgramData\mntemp => ":8EAD8B3507" ADS removed successfully
"C:\ProgramData\sldh.dat" => ":136096DD5B" ADS not found.
"C:\ProgramData\sldh.dat" => ":AF7D5A4DE2" ADS not found.
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\McInst.exe => ":5333F5D8A9" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\McInst.exe => ":9DCDB32EE1" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk => ":A1B76439FE" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk => ":35D20EBEE5" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk => ":BE32D07BC5" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk => ":B96E9B8455" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk => ":C5112377E0" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Documentation.lnk => ":92B3809DA8" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk => ":F32536EEBE" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk => ":60EC9648C0" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk => ":5465085A2F" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk => ":BE800952D3" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk => ":1DC1525F34" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk => ":104946E0EA" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
C:\Users\TG02-007\Dati applicazioni => ":86dabf594e68b7fb8ac56037576b6591" ADS removed successfully
C:\Users\TG02-007\Dati applicazioni => ":c15540c89c88cd704ccd25de5f07f873" ADS removed successfully
"C:\Users\TG02-007\AppData\Roaming" => ":86dabf594e68b7fb8ac56037576b6591" ADS not found.
"C:\Users\TG02-007\AppData\Roaming" => ":c15540c89c88cd704ccd25de5f07f873" ADS not found.
C:\Users\TG02-007\AppData\Local\Temp => ":$DATA​" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
C:\Program Files\Mozilla Firefox\distribution\policies.json => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{296F0E3E-E22E-4EAB-A10F-B898F2BAAD71}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{296F0E3E-E22E-4EAB-A10F-B898F2BAAD71}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EM" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F38C9E5-6E48-496A-99EA-2929E14D8BCC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F38C9E5-6E48-496A-99EA-2929E14D8BCC}" => removed successfully
C:\WINDOWS\System32\Tasks\SystemOptimizerTemp => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemOptimizerTemp" => removed successfully

"C:\Users\TG02-007\AppData\Local\Yandex" Folder move:

C:\Users\TG02-007\AppData\Local\Yandex => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 99790075 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 940515882 B
Windows/system/drivers => 79217853 B
Edge => 51192192 B
Firefox => 3058213678 B
Opera => 0 B

Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 1166225 B
LocalService => 73818 B
NetworkService => 72000 B
TG02-007 => 304278859 B
SQLTELEMETRY$SQLEXPRESS => 0 B
MSSQL$SQLEXPRESS => 0 B

RecycleBin => 0 B
EmptyTemp: => 4.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:10:44 ====