I have a Lenovo 7 14/AL7 with Windows 11 Pro. In the past couple of days it has started slowing down dramatically for periods of time.
For example while playing a video it would suddenly give up and I'd be unable to continue. This is regardless of whether it's a previously downloaded video or streaming online. Also when I try to open my VPN (either HideAway or Privado) nothing appears to happen but several minutes later it opens up. Other times I notice the internet has been disconnected (NBN fibre to the Node - connected to laptop via wireless) but other devices unaffected.
After a while everything seems to start operating correctly and all back to normal - until it happens next time.
I've tried scans with Windows Defender, Malaware Bytes and Spybot but nothing detected. Windows Defender scans seem to take much longer than usual or don't complete. I tried doing offline scans but they don't work.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2025
Ran by paule (administrator) on PR (LENOVO 82QE) (02-03-2025 13:03:10)
Running from C:\Users\paule\Desktop\Antivirus Malware\FRST64.exe
Loaded Profiles: paule
Platform: Microsoft Windows 11 Pro Version 24H2 26100.3194 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(8F32EFB2-B494-4AEC-A27C-4B0736252363 -> Lenovo Limited Company) C:\Program Files\WindowsApps\e046963f.lenovovoiceworldwide_3.0.26.0_x64__k1h2ywk1493x8\GlobalPresenter\GlobalPresenter.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\bckp_amgr.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\monitoring-mini.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\task-manager.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Acronis\Agent\bin\adp-agent.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Acronis\Agent\bin\updater.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.983.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.92\msedgewebview2.exe <13>
(C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files (x86)\Sync\sync-taskbar.exe ->) (Sync.com Inc. -> ) C:\Program Files (x86)\Sync\sync-worker.exe <4>
(C:\Program Files\Dell\Dell Peripheral Manager\DPMService.exe ->) (IndiLogic LLC -> ) C:\Program Files\Dell\Dell Peripheral Manager\DPMCrashHandler.exe <2>
(C:\Program Files\Dell\Dell Peripheral Manager\DPMService.exe ->) (IndiLogic LLC -> Dell Inc.) C:\Program Files\Dell\Dell Peripheral Manager\DPM.exe
(C:\Program Files\Hasleo\Hasleo Backup Suite\bin\BackupService.exe ->) (Hasleo Software) [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\BackupSystemTray.exe
(C:\Program Files\Lenovo\Lenovo Smart Appearance Components\Components\SmartAppearanceSVC.exe ->) (Lenovo -> Lenovo) C:\Program Files\Lenovo\Lenovo Smart Appearance Components\Components\FaceBeautify.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(drivers\Intel\ICPS\IDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IDBWM.exe <2>
(drivers\Intel\ICPS\IntelConnectService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IntelConnect.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\24.10.0.10\x64\AppProvisioningPlugin.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDCUserAgent.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_6b07cb792a2205ad\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_6b07cb792a2205ad\ipf_helper.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_835bd694f1ef7154\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_835bd694f1ef7154\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_835bd694f1ef7154\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_835bd694f1ef7154\FnHotkeyUtility.exe
(explorer.exe ->) (CRYSTAL RICH LTD. -> Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
(explorer.exe ->) (Firetrust Limited -> Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (NGWIN Software co. -> NGWIN) C:\Program Files (x86)\PicPick\picpick.exe
(explorer.exe ->) (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Users\paule\Downloads\XMouseButtonControl 2.20.5 Portable\64bit (x64)\XMouseButtonControl.exe
(explorer.exe ->) (Privado Networks AG -> Privado Networks AG) C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DataCollectionAgentController.exe
(explorer.exe ->) (Sync.com Inc. -> Sync.com Inc.) C:\Program Files (x86)\Sync\sync-taskbar.exe
(explorer.exe ->) (Vitzo LLC -> Vitzo) C:\Program Files\ClipClip\ClipClip.exe
(Firetrust Limited -> Firetrust Limited) C:\Users\paule\AppData\Local\HideAway\app-4.21.2\HideAway.exe <3>
(Lenovo -> Lenovo) C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe
(LNBITSSvc.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\AutoModeDetect.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(services.exe ->) () [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\ImageMountService.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\aakore.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (CLEVERFILES INC. -> CleverFiles) C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe
(services.exe ->) (CRYSTAL RICH LTD. -> Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Geek Software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(services.exe ->) (Hasleo Software) [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\BackupService.exe
(services.exe ->) (IndiLogic LLC -> Dell Inc.) C:\Program Files\Dell\Dell Peripheral Manager\DPMService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_e364a2125d7a2e49\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0a0ff036d8d3ae73\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_6b07cb792a2205ad\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_670360bdb5a40a0d\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_cbcebe813d4324dc\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IDBWMService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\Intel\ICPS\IntelConnectService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(services.exe ->) (Lenovo -> Lenovo Limited Company) C:\Program Files\Lenovo\LVA Pro Service\VoiceAssistantService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\Smart Note\SmartNote.Service.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files\Lenovo\Lenovo Smart Appearance Components\Components\SmartAppearanceSVC.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_835bd694f1ef7154\LenovoUtilityService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\ElevocControlService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (PhaseFive Systems LLC -> Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\7.1.41.0\JumpConnect.exe
(services.exe ->) (Privado Networks AG -> Privado Networks AG) C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e8f1ca5219e9493c\RtkAudUService64.exe <2>
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\epson\Epson Data Collection Agent\DCAgent.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Texas Instruments Inc. -> Texas Instuments) C:\Windows\System32\TISmartAmpService.exe <2>
(services.exe ->) (Wacom Co., Ltd. -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_64291d849aba4477\WTabletServiceISD.exe <2>
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25012.50.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\iCloudOutlookConfig.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Lenovo -> ) C:\Program Files (x86)\Lenovo\Smart Note\LSNUpdater.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2502.1001.6.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.27703.1006.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_25017.203.3370.1174_x64__8wekyb3d8bbwe\ms-teamsupdate.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\10.0.27703.1006-0\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\mmgaserver.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e8f1ca5219e9493c\RtkAudUService64.exe [1629552 2022-12-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [LVAW] => C:\Program Files\Lenovo\LVA Pro Service\StartupHelper.exe [699680 2023-02-10] (Lenovo -> Lenovo Limited Company)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [637784 2023-02-28] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [USB Safely Remove] => C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [6608392 2023-12-06] (CRYSTAL RICH LTD. -> Crystal Rich Ltd)
HKLM\...\Run: [DataCollectionAgentController] => C:\Program Files\EPSON\Epson Data Collection Agent\DataCollectionAgentController.exe [397656 2023-05-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [455968 2023-05-25] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [641752 2025-01-13] (Geek Software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [CyberProtectHomeOfficeMonitor.exe] => C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\CyberProtectHomeOfficeMonitor.exe [6313904 2023-02-28] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [446392 2023-02-28] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2753808 2024-03-06] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9238408 2025-02-18] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5109624 2023-01-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5007400 2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5007400 2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5007400 2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [com.messenger] => "C:\Users\paule\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [46060064 2025-02-04] (NGWIN Software co. -> NGWIN)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [ClipClip] => C:\Program Files\ClipClip\ClipClip.exe [4745488 2023-04-04] (Vitzo LLC -> Vitzo)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [Opera Stable] => C:\Users\paule\AppData\Local\Programs\Opera\opera.exe [1617816 2025-02-27] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [PrivadoVPN] => C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.exe [4010208 2025-02-24] (Privado Networks AG -> Privado Networks AG)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [LenovoVantageToolbar] => C:\ProgramData\Lenovo\Vantage\AddinData\LenovoBatteryGaugeAddin\x64\QSHelper.exe [87960 2025-01-22] (Lenovo -> Lenovo)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [Opera Browser Assistant] => C:\Users\paule\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4473240 2025-02-19] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Run: [MicrosoftEdgeAutoLaunch_AA1FDA90EE192946CDC15C3162A8D698] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4088392 2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON ET-2750 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBSLE.DLL [184832 2017-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\MPE3 Port: C:\WINDOWS\system32\mpelocalmon.dll [26112 2023-08-28] (Copyright © Code Industry Ltd) [File not signed]
HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [196096 2024-08-20] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\133.0.6943.142\Installer\chrmstp.exe [2025-02-27] (Google LLC -> Google LLC)
Startup: C:\Users\paule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk [2025-01-04]
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust Limited -> Firetrust)
Startup: C:\Users\paule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-07-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\paule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sync.lnk [2024-08-13]
ShortcutTarget: Sync.lnk -> C:\Program Files (x86)\Sync\sync-taskbar.exe (Sync.com Inc. -> Sync.com Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {483AD666-7382-4994-8227-CC4FC9F31ACD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {7D3DA0B4-76E2-482D-9524-9DF087EF6584} - System32\Tasks\Apple Diagnostics => C:\Users\paule\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 0] () [symlink -> ]
Task: {66948228-A65C-4025-9B8D-A8115071F75F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-06-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E2B0FC8D-C88E-4BD9-8B4C-C50EF3354320} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-06-03] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5A5F92D8-6F4A-44F0-8CF8-CC77D6271312} - System32\Tasks\EPSON ET-2750 Series Update {56B569B3-1D86-4355-A395-74FAAD30FE92} => C:\Windows\System32\spool\drivers\x64\3\E_YTSSLE.EXE [680440 2017-06-06] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {E0D6017C-4D1B-44AD-B82D-59F338B7F35A} - System32\Tasks\EPSON ET-2750 Series Update {9EC05FAD-3F5B-4916-890B-4BEFDF01BD66} => C:\Windows\System32\spool\drivers\x64\3\E_YTSSLE.EXE [680440 2017-06-06] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {E4CFC6FD-262D-4DA8-800B-08295C292E70} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{26E91B93-DF28-453A-89FA-5D9913226896} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe [5745760 2025-02-19] (Google LLC -> Google LLC)
Task: {266B8801-9E2F-4620-9404-CE9B0F5BC245} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {92820B41-1A40-4D32-B78D-0EB573FB62F4} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [102400 2024-12-13] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {F7AC9326-B016-4355-94C2-8E5D0CA2B18D} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [110592 2024-12-13] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B6F39D34-59B1-410D-9261-BDB8CA636D52} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6c90a26e-ae33-4ef2-a8ca-133ef6105021 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {F46537F2-9112-49D0-A00F-F69A0C127570} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9b401eca-8e4f-42a5-8198-d7042cfbc2de => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {97EA5B1D-570A-4941-9255-F3F0C6E7673C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\be96391b-7962-4749-b261-db73db5cba26 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {789C5A87-6538-482D-B891-8E3E6F9FA0F1} - System32\Tasks\Lenovo\LenovoNowLauncher => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.exe [3559328 2025-02-06] (Lenovo -> Lenovo) -> C:\Program Files (x86)\Lenovo\LenovoNow\x86\/task
Task: {92340516-57CA-4D76-BE3B-2C1CA83601AE} - System32\Tasks\Lenovo\LenovoNowQuarterlyLaunch => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [2360224 2025-02-06] (Lenovo -> Lenovo) -> C:\Program Files (x86)\Lenovo\LenovoNow\x86\/QuarterlyLaunch
Task: {13088846-30E3-44ED-B2F2-374C34F960FA} - System32\Tasks\Lenovo\LenovoNowTask => C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe [2360224 2025-02-06] (Lenovo -> Lenovo) -> C:\Program Files (x86)\Lenovo\LenovoNow\x86\$(EventData)
Task: {45461316-C767-425D-9B3C-C0986DF8B9EA} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\WINDOWS\system32\sc.exe [102400 2024-12-13] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {78162111-AB4A-42EE-9CFE-E3C8F7C541BB} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90952 2024-10-24] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle
Task: {62869F1B-50C3-4397-A7E1-4E75BB1CD37C} - System32\Tasks\Lenovo\UDC\Lenovo UDC Maintainance Task => C:\WINDOWS\system32\sc.exe [102400 2024-12-13] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 220
Task: {EE285AFC-4D9C-4992-9350-B888EBEF9689} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [196960 2024-10-24] (Lenovo -> Lenovo Group Ltd.)
Task: {1E8AA91A-4029-4482-88D0-A60A3FAAF735} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [102400 2024-12-13] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {6DA68FE8-E344-4B69-BF69-CE5FD74A9EA0} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {AF7239CB-AEF9-4BF5-B07D-485C88D39490} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {3B0D92FF-1DF0-4178-AC59-34B1C16406A4} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {14EBBB08-83D0-432F-873F-9489FFC98D6E} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {35C5C03E-7413-4DA5-BD66-DE1B01765B67} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {C774AE3A-9CFE-4C63-858E-5F81295F92F6} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {18A5C755-EABD-49FD-AD19-7EFDD560AF63} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {BDF7BC23-DCD5-4984-B068-2AADF87D8ACD} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {D58A4374-3FE6-4F8E-9F61-EBBE56D0FC92} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)
Task: {6140AB6C-CBBE-43AB-9AB1-8C4664D08483} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {C0A9E344-F8A9-4F1F-95C1-0ECED7D2D25E} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {A47F637E-4F18-4E1B-BB1F-A5540280C749} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {C479AC03-0C55-44CC-ACB3-74C3663693D9} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.190\x64\IdleScheduleEventAction.exe [143768 2025-01-17] (Lenovo -> )
Task: {D2037252-3509-4937-A3B9-7E2BE5E75E39} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\ScheduleEventAction.exe [30152 2025-02-20] (Lenovo -> Lenovo)
Task: {FEDF5996-37A8-4409-8954-CC34F1E1910B} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {45A442C9-1F64-4F45-A0A2-9C5653E616D9} - System32\Tasks\LSNUpdater => C:\Program Files (x86)\Lenovo\Smart Note\LSNUpdater.exe [33120 2021-12-10] (Lenovo -> )
Task: {E2CE6A81-A1F2-43F6-9A56-F654F577CF8E} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-2414797706-3836927515-1130015698-1001 => C:\Users\paule\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {04D2F6BB-2259-477A-8BD0-F580F127417C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512448 2024-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {C54867EB-A716-40F5-9C02-557A153E850D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28512448 2024-06-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F04143C-6E80-405D-8978-E6D6B1D93BE5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221848 2024-07-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {68E294F8-A5B6-4287-BBCB-027B20C61EF7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [221848 2024-07-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {051A9F1B-22A1-450F-9CB9-470062AB42B5} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {3A9B2386-6F8A-4D53-A7E3-5AA06989D0E7} - System32\Tasks\Microsoft\Windows\Setup\EM => %windir%\system32\EM.exe (No File) <==== ATTENTION
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {7DFF5D77-8403-4EDF-82AA-16722EE2E4E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2025-01-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D784D546-7935-4245-9764-628E63B64F6B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2025-01-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70379690-971C-4BA2-B3A4-58BCFCF0AF08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2025-01-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A4685E66-8D0C-4E9C-A9ED-972AF7EE1F8F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2025-01-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9126C73E-AA31-4558-A072-F375AE68BB7E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [683072 2025-02-18] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {54B76F1E-C6A9-4B79-90C3-69429F8F0834} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2414797706-3836927515-1130015698-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [683072 2025-02-18] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {3E333963-ED47-4B9E-8F69-7F45650DC964} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-02-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {D7783B5E-96A3-4113-9C55-847E494B12CD} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222504 2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {A5EF3E5E-4DE0-4353-BF50-097E608BD8B5} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2414797706-3836927515-1130015698-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222504 2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {E08D630A-4E42-4ABC-9119-3E509515A162} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2414797706-3836927515-1130015698-1001 => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\OneDriveLauncher.exe [669200 2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A45DA77-2475-4D23-A9FF-7D0ACC90C9C8} - System32\Tasks\Opera scheduled assistant Autoupdate 1701997904 => C:\Users\paule\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5658520 2025-02-24] (Opera Norway AS -> Opera Software) -> --scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Users\paule\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0)
Task: {B63C1407-A115-4A3F-8DD7-5AC54D5E9AF4} - System32\Tasks\Opera scheduled Autoupdate 1700781752 => C:\Users\paule\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5658520 2025-02-24] (Opera Norway AS -> Opera Software)
Task: {5959E9C6-5BDE-4844-86EC-4A3EF35629DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5339512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {FD533108-5383-4A66-B5B2-949DD440D060} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5659512 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {AC37B4DC-30A3-457E-8A9F-91CA849112B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [5839224 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON ET-2750 Series Update {56B569B3-1D86-4355-A395-74FAAD30FE92}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSLE.EXE:/EXE:{56B569B3-1D86-4355-A395-74FAAD30FE92} /F:UpdateWORKGROUP\PR$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON ET-2750 Series Update {9EC05FAD-3F5B-4916-890B-4BEFDF01BD66}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSLE.EXE:/EXE:{9EC05FAD-3F5B-4916-890B-4BEFDF01BD66} /F:UpdateWORKGROUP\PR$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{0bdad731-d15e-fdbd-efa0-a46c3dda2dc7}: [NameServer] 198.18.0.1,198.18.0.2
Tcpip\..\Interfaces\{382a928b-8a41-409e-8a96-92016feafb0d}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{6bf54a99-101c-4ca2-bc5d-cfe481ee91dc}: [DhcpNameServer] 150.208.1.2
Tcpip\..\Interfaces\{9d512796-a0f9-41c5-8a99-bc2243149c08}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{c7559595-897b-4ff4-a3b3-396b078bfe30}: [DhcpNameServer] 198.18.0.1 198.18.0.2
Tcpip\..\Interfaces\{ca544a87-f042-4479-b2da-df42a2fe1b82}: [NameServer] 198.18.0.1,198.18.0.2
Tcpip\..\Interfaces\{fc12fdee-02e7-490c-8a44-df8606012e30}: [DhcpNameServer] 172.20.10.1
Edge:
=======
Edge Profile: C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default [2025-03-01]
Edge HomePage: Default -> hxxps://google.com.au/
Edge StartupUrls: Default -> "hxxps://www.google.com.au/"
Edge DefaultSearchURL: Default -> hxxps://searchsafe.norton.com/search?omnisearch=yes&q={searchTerms}
Edge DefaultSearchKeyword: Default -> nortonsafe
Edge DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit=10&li=ff&hl=en&q={searchTerms}
Edge Extension: (LastPass: Free Password Manager) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2025-02-10]
Edge Extension: (Norton Safe Web) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2025-02-10]
Edge Extension: (Avast Passwords) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2024-07-30]
Edge Extension: (Avast Online Security & Privacy) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgpikaaheckgdijjmepmdjjkbceakif [2024-09-06]
Edge Extension: (Google Docs Offline) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-10]
Edge Extension: (Tampermonkey) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iikmkjmpaadaobahmlepeloendndfphd [2024-12-21]
Edge Extension: (UserZoom Surveys) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jhgccgnbbhnlhgkhkdpmciognioebcoa [2024-05-10]
Edge Extension: (Edge relevant text changes) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-26]
Edge Extension: (Norton Password Manager) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2024-11-16]
Edge Extension: (Norton Home Page) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2024-08-29]
Edge Extension: (Norton Safe) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2024-10-31]
Edge Extension: (uBlock Origin) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2025-01-02]
Edge Extension: (Ancestry Media Download) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ohkkponpfoijonbbedcehkhfejlobmkb [2023-10-17]
Edge Extension: (Avast SafePrice) - C:\Users\paule\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\phhhmbgggfifgikoihlakngnngdehhfe [2024-12-23]
FireFox:
========
FF DefaultProfile: use929a4.default
FF ProfilePath: C:\Users\paule\AppData\Roaming\Mozilla\Firefox\Profiles\use929a4.default [2023-05-15]
FF ProfilePath: C:\Users\paule\AppData\Roaming\Mozilla\Firefox\Profiles\n91uoh4w.default-release [2025-03-02]
FF Extension: (Proton Pass: Free Password Manager) - C:\Users\paule\AppData\Roaming\Mozilla\Firefox\Profiles\n91uoh4w.default-release\Extensions\[email protected] [2025-02-20]
FF Extension: (AdGuard AdBlocker) - C:\Users\paule\AppData\Roaming\Mozilla\Firefox\Profiles\n91uoh4w.default-release\Extensions\[email protected] [2025-01-10]
FF Extension: (Norton Password Manager) - C:\Users\paule\AppData\Roaming\Mozilla\Firefox\Profiles\n91uoh4w.default-release\Extensions\[email protected] [2024-11-26]
FF Extension: (uBlock Origin) - C:\Users\paule\AppData\Roaming\Mozilla\Firefox\Profiles\n91uoh4w.default-release\Extensions\[email protected] [2025-01-18]
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-02-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default [2025-03-02]
CHR Notifications: Default -> hxxps://account.ring.com; hxxps://www.nbc.com; hxxps://www.totaltools.com.au; hxxps://www.wallacebishop.com.au
CHR HomePage: Default -> hxxps://google.com.au/
CHR StartupUrls: Default -> "hxxps://www.google.com.au/"
CHR Extension: (Norton Password Manager) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2024-11-10]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Torrent Scanner) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2024-01-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (AdGuard AdBlocker) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2025-03-01]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (uBlock Origin) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2025-01-05]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Tampermonkey) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-12-11]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Avast Passwords) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2024-06-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Google Docs Offline) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-21]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Proton Pass: Free Password Manager) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmbeldphafepmbegfdlkpapadhbakde [2025-02-28]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (UserZoom Surveys) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgccgnbbhnlhgkhkdpmciognioebcoa [2024-03-13]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Web Store Payments) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Ancestry Media Download) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohkkponpfoijonbbedcehkhfejlobmkb [2023-06-06]hxxp://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\paule\AppData\Local\Google\Chrome\User Data\Profile 5 [2024-09-07]
CHR Extension: (Torrent Scanner) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2024-09-01]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-09-07]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Google Docs Offline) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-01]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Web Store Payments) - C:\Users\paule\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-09-01]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\paule\AppData\Local\Google\Chrome\User Data\System Profile [2024-09-04]
CHR HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Opera:
=======
OPR DefaultProfile: Default
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aakore; C:\Program Files (x86)\Acronis\Agent\aakore.exe [9031480 2023-02-28] (Acronis International GmbH -> Acronis International GmbH)
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [13720736 2023-02-28] (Acronis International GmbH -> )
R2 AcronisCyberProtectionService; C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe [1406624 2023-02-28] (Acronis International GmbH -> Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1704216 2023-02-28] (Acronis International GmbH -> Acronis International GmbH)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6391536 2023-03-09] (Acronis International GmbH -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-10-02] (Apple Inc. -> Apple Inc.)
R2 cfbackd; C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe [309128 2023-03-23] (CLEVERFILES INC. -> CleverFiles)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14023752 2024-06-20] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-06-03] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-06-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48528 2025-02-18] (Dropbox, Inc -> Dropbox, Inc.)
R2 DCAgent; C:\Program Files\EPSON\Epson Data Collection Agent\DCAgent.exe [19288 2023-05-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_cfeb891cbda10dc3\DAX3API.exe [2360336 2023-01-17] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 DPMService; C:\Program Files\Dell\Dell Peripheral Manager\DPMService.exe [2199416 2024-10-22] (IndiLogic LLC -> Dell Inc.)
R2 dptftcs; C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_e364a2125d7a2e49\ipfsvc.exe [544896 2022-08-04] (Intel Corporation -> Intel Corporation)
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\218.4.4348\DropboxElevationService.exe [1659280 2025-02-18] (Dropbox, Inc -> Dropbox, Inc.)
R2 Easy Connection to Screen; C:\Program Files\Samsung\Easy Connection to Screen\Service.exe [367816 2023-01-13] (Samsung Electronics CO., LTD. -> )
R2 ElevocService; C:\WINDOWS\System32\ElevocControlService.exe [326592 2022-09-01] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2020-10-02] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncHelper.exe [3532840 2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
R2 HasleoBackupSuiteService; C:\Program Files\Hasleo\Hasleo Backup Suite\bin\BackupService.exe [3524096 2024-12-30] (Hasleo Software) [File not signed]
R2 HasleoImageMountService; C:\Program Files\Hasleo\Hasleo Backup Suite\bin\ImageMountService.exe [745984 2024-12-30] () [File not signed]
R2 IDBWM; C:\WINDOWS\System32\drivers\Intel\ICPS\IDBWMService.exe [74904 2022-01-13] (Intel Corporation -> Intel® Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
R2 Intel Analytics Service; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe [2034328 2022-01-13] (Intel Corporation -> Intel)
R2 Intel Connectivity Network Service; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe [2496704 2022-01-13] (Intel Corporation -> Intel)
S2 Intel® Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_45efd8a6478e15ce\lib\PlatformLicenseManagerService.exe [746984 2022-07-28] (Intel Corporation -> Intel® Corporation)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_cbcebe813d4324dc\AS\IAS\IntelAudioService.exe [528928 2022-12-12] (Intel Corporation -> Intel)
R2 IntelConnectService; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelConnectService.exe [75968 2022-01-13] (Intel Corporation -> Intel® Corporation)
R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_6b07cb792a2205ad\ipf_uf.exe [2774128 2022-08-15] (Intel Corporation -> Intel Corporation)
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\7.1.41.0\JumpConnect.exe [155400 2025-02-19] (PhaseFive Systems LLC -> Phase Five Systems)
R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_835bd694f1ef7154\LenovoUtilityService.exe [180704 2024-12-05] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.2.85.0\LenovoVantageService.exe [34768 2025-02-20] (Lenovo -> Lenovo)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1586536 2024-06-10] (Lenovo -> Lenovo)
R2 LVAWService; C:\Program Files\Lenovo\LVA Pro Service\VoiceAssistantService.exe [693536 2023-02-10] (Lenovo -> Lenovo Limited Company)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9483456 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2025-01-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4896552 2023-02-28] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2023-02-28] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\mobile_backup_status_server.exe [2122120 2023-02-28] (Acronis International GmbH -> )
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.015.0126.0002\OneDriveUpdaterService.exe [3879976 2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [641752 2025-01-13] (Geek Software GmbH -> geek software GmbH)
R2 PrivadoVPN.Service; C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Service.exe [84704 2025-02-24] (Privado Networks AG -> Privado Networks AG)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2737016 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4588408 2023-02-14] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2024-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SmartAppearanceAISVC; C:\Program Files\Lenovo\Lenovo Smart Appearance Components\Components\SmartAppearanceSVC.exe [55648 2022-01-18] (Lenovo -> Lenovo)
R2 SmartNoteService; C:\Program Files (x86)\Lenovo\Smart Note\SmartNote.Service.exe [92000 2021-12-10] (Lenovo -> Lenovo)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7403104 2023-02-28] (Acronis International GmbH -> )
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [5910328 2023-02-28] (Acronis International GmbH -> Acronis International GmbH)
R2 TISmartAmpService; C:\WINDOWS\System32\TISmartAmpService.exe [542464 2022-01-27] (Texas Instruments Inc. -> Texas Instuments)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [72520 2024-10-24] (Lenovo -> Lenovo Group Ltd.)
R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1412616 2023-12-06] (CRYSTAL RICH LTD. -> Crystal Rich Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2025-01-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2025-01-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [824424 2025-01-27] (Windscribe Limited -> Windscribe Limited)
S3 WireGuardTunnel$PrivadoVPN; C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Wireguard.Service.exe [35552 2025-02-24] (Privado Networks AG -> Privado Networks AG)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856928 2021-07-18] (Lenovo -> Lenovo Group Ltd.)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [581632 2024-12-13] (Microsoft Windows -> Microsoft Corporation)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2023-02-28] (Bitdefender SRL -> Bitdefender)
R0 bhtsddr; C:\WINDOWS\System32\drivers\bhtsddr.sys [194624 2022-07-27] (BayHub Technology Inc. -> BayHubTech)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [386552 2021-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Dokan Project)
R3 DPMDriver; C:\WINDOWS\System32\drivers\DPMDriver.sys [142272 2024-08-26] (IndiLogic LLC -> Dell Inc.)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [730696 2023-03-09] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [395216 2023-03-09] (Acronis International GmbH -> Acronis International GmbH)
R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [183944 2023-03-09] (Acronis International GmbH -> Acronis International GmbH)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [222528 2024-12-13] (Microsoft Windows -> Microsoft Corporation)
S3 GSCAuxDriver; C:\WINDOWS\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_bd0be2ed8e5977d1\GSCAuxDriverx64.sys [87064 2022-01-26] (Intel Corporation -> Intel Corporation)
S3 GSCx64; C:\WINDOWS\System32\DriverStore\FileRepository\gscheci.inf_amd64_df0f40ee1922cc53\TeeDriverGSCW8x64.sys [262680 2022-01-26] (Intel Corporation -> Intel Corporation)
R2 hasldisk; C:\WINDOWS\System32\drivers\hasldisk.sys [63592 2024-05-11] (Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist)
R1 hideaway; C:\WINDOWS\System32\drivers\hideaway.sys [104000 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Firetrust Limited)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-17] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-17] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_2d1a1b06fd89c8d4\iaLPSS2_SPI_ADL.sys [160912 2021-10-24] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_9f84cae4176aa5ed\iaLPSS2_UART2_ADL.sys [318624 2021-10-24] (Intel Corporation -> Intel Corporation)
R3 INTCCoSvc; C:\WINDOWS\System32\drivers\Intel\ICPS\IntcCo11X64.sys [187544 2022-01-13] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_9d17fea24a602101\IntcUSB.sys [912960 2022-12-12] (Intel Corporation -> Intel® Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-09] (Intel Corporation -> Intel Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [41536 2022-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IObit Information Technology)
R3 ipf_acpi; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_da83b5c4fe3f9e84\ipf_acpi.sys [87152 2022-08-15] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_6b07cb792a2205ad\ipf_cpu.sys [80504 2022-08-15] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_6b07cb792a2205ad\ipf_lf.sys [441968 2022-08-15] (Intel Corporation -> Intel Corporation)
S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [140704 2025-02-12] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-02-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKslad96cd2c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FECED90B-44C6-4D68-B262-ECE5F7CB4DF5}\MpKslDrv.sys [278944 2025-03-01] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S0 ngelam; C:\WINDOWS\System32\drivers\ngelam.sys [29168 2024-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Acronis International GmbH)
R1 ngscan; C:\WINDOWS\System32\DRIVERS\ngscan.sys [226736 2023-02-28] (Microsoft Windows Hardware Compatibility Publisher -> Acronis International GmbH)
R3 ovpn-dco; C:\WINDOWS\System32\drivers\ovpn-dco.sys [92664 2024-11-19] (WDKTestCert lev,133391533294737317 -> OpenVPN, Inc)
S3 PrivadoVPNSplitTunneling; C:\WINDOWS\System32\drivers\PrivadoVPNSplitTunneling.sys [29928 2025-01-23] (Privado Networks LLC -> Privado Networks AG)
S3 RdrVmp; C:\WINDOWS\System32\drivers\RdrVmp.sys [34688 2019-11-06] (R-Tools Technology Inc. -> Copyright В© 2018 R-Tools Technology Inc.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2023-10-02] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2023-05-15] (Windscribe Limited -> The OpenVPN Project)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [175648 2023-03-09] (Acronis International GmbH -> Acronis International GmbH)
R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [109504 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH)
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [46016 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [340488 2023-03-09] (Acronis International GmbH -> Acronis International GmbH)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2024-12-13] (Microsoft Windows -> Microsoft Corporation)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [251016 2023-03-09] (Acronis International GmbH -> Acronis International GmbH)
R3 WacHIDRouterISDF; C:\WINDOWS\System32\drivers\WacHIDRouterISDF.sys [131216 2024-09-05] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S3 WacHIDRouterISDFV; C:\WINDOWS\System32\drivers\WacHIDRouterISDF.sys [131216 2024-09-05] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2025-01-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2025-01-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2025-01-18] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [39280 2025-01-27] (Windscribe Limited -> )
S3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2023-05-15] (Windscribe Limited -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-05-15] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 LenovoDiagnosticsDriver; \??\C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\3.6.0.15\LenovoDiagnosticsDriver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-03-01 17:10 - 2025-03-01 17:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2025-03-01 17:07 - 2025-03-01 17:32 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2025-03-01 17:07 - 2025-03-01 17:10 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2025-03-01 17:07 - 2025-03-01 17:07 - 000001475 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2025-03-01 17:07 - 2025-03-01 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2025-03-01 17:07 - 2018-02-06 18:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2025-03-01 17:05 - 2025-03-01 17:06 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\paule\Downloads\spybotsd-2.9.85.5 (1).exe
2025-03-01 17:02 - 2025-03-01 17:02 - 065069568 _____ (Safer-Networking Ltd. ) C:\Users\paule\Downloads\spybotsd-2.9.85.5.exe
2025-02-27 15:13 - 2025-02-27 15:13 - 000001402 __RSH C:\ProgramData\ntuser.pol
2025-02-27 15:13 - 2025-02-27 15:13 - 000001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivadoVPN.lnk
2025-02-27 15:13 - 2025-02-27 15:13 - 000001041 _____ C:\Users\Public\Desktop\PrivadoVPN.lnk
2025-02-27 15:12 - 2025-02-27 15:12 - 000000000 ____D C:\Program Files (x86)\PrivadoVPN
2025-02-26 14:52 - 2025-02-26 14:52 - 000439888 _____ C:\Users\paule\Downloads\PIXMA G4670 MegaTank Tech Sheet.pdf
2025-02-25 11:01 - 2025-02-25 11:01 - 000017524 _____ C:\Users\paule\Downloads\Important information_B307734539.pdf
2025-02-22 08:31 - 2025-02-22 08:31 - 002240612 _____ C:\Users\paule\Downloads\Orange One Low Rate Classic (28).pdf
2025-02-20 06:06 - 2025-02-20 06:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2025-02-19 09:26 - 2025-02-24 15:07 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2025-02-19 04:54 - 2025-02-24 15:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-02-19 01:06 - 2025-02-19 01:06 - 000048528 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2025-02-17 10:45 - 2025-03-02 12:33 - 000000000 ____D C:\Users\paule\Desktop\Antivirus Malware
2025-02-17 10:28 - 2025-03-01 14:04 - 000000000 ____D C:\Users\paule\AppData\Local\Malwarebytes
2025-02-17 10:28 - 2025-02-17 10:28 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-02-17 10:26 - 2025-02-17 10:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-02-17 10:25 - 2025-02-17 10:26 - 000000000 ____D C:\Program Files\Malwarebytes
2025-02-17 10:25 - 2025-02-17 10:25 - 002550624 _____ (Malwarebytes) C:\Users\paule\Downloads\MBSetup5.exe
2025-02-17 10:02 - 2025-02-17 10:04 - 000075443 _____ C:\Users\paule\Downloads\Addition.txt
2025-02-17 09:59 - 2025-03-02 13:03 - 000000000 ____D C:\FRST
2025-02-17 09:59 - 2025-02-17 10:02 - 000082452 _____ C:\Users\paule\Downloads\FRST.txt
2025-02-17 09:59 - 2025-02-17 09:59 - 000000000 ____D C:\Users\paule\Downloads\FRST-OlderVersion
2025-02-17 09:58 - 2025-02-17 09:59 - 002403840 _____ (Farbar) C:\Users\paule\Downloads\FRST64.exe
2025-02-15 10:49 - 2025-02-15 10:49 - 000001598 _____ C:\Users\paule\Desktop\Image Compressor.lnk
2025-02-14 15:50 - 2025-02-14 15:51 - 000000000 ____D C:\WINDOWS\Minidump
2025-02-14 15:50 - 2025-02-14 15:50 - 005187884 _____ C:\WINDOWS\Minidump\021425-16437-01.dmp
2025-02-14 15:34 - 2025-02-14 15:34 - 000338838 _____ C:\Users\paule\Downloads\Invoice Damian - INV-ROC-3988 (1).pdf
2025-02-14 11:51 - 2025-02-14 11:51 - 000000714 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2025-02-14 11:51 - 2025-02-14 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2025-02-14 11:48 - 2025-02-14 11:49 - 045209112 _____ (Avanquest pdfforge GmbH) C:\Users\paule\Downloads\PDFCreator-5_3_3-Setup.exe
2025-02-14 11:03 - 2025-02-14 11:03 - 000338838 _____ C:\Users\paule\Downloads\Invoice Damian - INV-ROC-3988.pdf
2025-02-12 15:20 - 2025-02-16 12:23 - 000000000 ____D C:\Users\paule\AppData\Local\HideAway
2025-02-12 15:18 - 2025-02-16 12:23 - 000002208 _____ C:\Users\paule\Desktop\HideAway.lnk
2025-02-12 15:17 - 2025-02-12 15:18 - 057316048 _____ (Firetrust Limited) C:\Users\paule\Downloads\HideAway-4.21.1-setup.exe
2025-02-12 15:12 - 2025-02-12 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2025-02-12 11:12 - 2025-03-01 19:12 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-02-12 11:09 - 2025-02-12 11:09 - 000027617 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-02-12 11:09 - 2025-02-12 11:09 - 000027617 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-02-12 06:17 - 2025-02-12 06:17 - 000098804 _____ C:\Users\paule\Downloads\Medicare benefits paid by EFT.pdf
2025-02-08 12:32 - 2025-02-08 12:32 - 000001683 _____ C:\Users\Public\Desktop\PDF24 Launcher.lnk
2025-02-08 12:32 - 2025-02-08 12:32 - 000001678 _____ C:\Users\Public\Desktop\PDF24 Toolbox.lnk
2025-02-08 12:32 - 2025-02-08 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2025-02-08 12:31 - 2025-02-08 12:32 - 000000000 ____D C:\Program Files\PDF24
2025-02-08 10:45 - 2025-02-08 10:46 - 078143416 _____ C:\Users\paule\Downloads\picpick_inst (9).exe
2025-02-07 11:02 - 2025-02-07 11:02 - 000028066 _____ C:\Users\paule\Downloads\Statement of Claim.pdf
2025-02-07 11:02 - 2025-02-07 11:02 - 000028066 _____ C:\Users\paule\Downloads\Statement of Claim (1).pdf
2025-02-07 08:36 - 2025-02-07 08:36 - 000465259 _____ C:\Users\paule\Downloads\Statements20250201.pdf
2025-02-06 19:44 - 2025-02-27 21:56 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2414797706-3836927515-1130015698-1001
2025-02-04 15:58 - 2025-02-04 15:58 - 000180756 _____ C:\Users\paule\Downloads\Invoice_3290045296.pdf
2025-02-04 15:58 - 2025-02-04 15:58 - 000105400 _____ C:\Users\paule\Downloads\Invoice_3290497351.pdf
2025-02-02 09:22 - 2025-02-02 09:22 - 000462831 _____ C:\Users\paule\Downloads\Statements20250131.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-03-02 12:58 - 2023-03-09 13:10 - 000000000 ____D C:\Users\paule\AppData\Roaming\HideAway
2025-03-02 12:47 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-02 12:09 - 2023-03-09 17:45 - 000000000 ____D C:\Users\paule\AppData\Local\CrashDumps
2025-03-02 12:05 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-02 12:05 - 2024-04-01 17:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-02 11:37 - 2023-12-17 12:51 - 000000431 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2025-03-02 11:35 - 2024-02-25 12:18 - 000000000 ____D C:\ProgramData\PrivadoVPN
2025-03-02 11:12 - 2023-05-15 11:00 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-03-01 17:42 - 2024-12-14 10:04 - 000004672 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-03-01 17:16 - 2024-12-14 10:06 - 000836650 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-01 17:16 - 2024-04-01 17:24 - 000000000 ____D C:\WINDOWS\INF
2025-03-01 17:14 - 2024-08-13 13:52 - 000000000 ____D C:\ProgramData\boost_interprocess
2025-03-01 17:14 - 2023-05-01 11:18 - 000000000 ___RD C:\Users\paule\Sync
2025-03-01 17:14 - 2023-05-01 11:17 - 000000000 ____D C:\Users\paule\AppData\Local\Sync.Logs
2025-03-01 17:13 - 2023-05-02 17:58 - 000000000 ___RD C:\Users\paule\iCloudDrive
2025-03-01 17:13 - 2023-03-10 14:57 - 000000000 ____D C:\Users\paule\AppData\Roaming\USBSafelyRemove
2025-03-01 17:12 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2025-03-01 17:11 - 2024-12-14 10:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-01 17:11 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\ServiceState
2025-03-01 17:11 - 2024-04-01 17:21 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-03-01 17:11 - 2023-05-15 11:33 - 000000000 ____D C:\Program Files\Windscribe
2025-03-01 17:11 - 2023-03-10 02:34 - 000012288 ___SH C:\DumpStack.log.tmp
2025-03-01 14:18 - 2023-03-09 09:30 - 000000000 ____D C:\Users\paule\AppData\Local\D3DSCache
2025-03-01 14:14 - 2024-04-01 17:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-01 14:10 - 2023-07-15 17:02 - 000000000 ____D C:\Users\paule\AppData\Roaming\qBittorrent
2025-02-28 21:47 - 2023-03-16 07:31 - 000000000 ____D C:\Users\paule\Documents\Torrents Downloads
2025-02-28 14:44 - 2024-12-13 19:54 - 000000000 ____D C:\Users\paule
2025-02-28 14:38 - 2024-07-12 08:23 - 000000000 ____D C:\Users\paule\Documents\Outlook Files
2025-02-28 14:08 - 2023-03-11 05:03 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-02-28 14:07 - 2024-12-14 10:00 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2025-02-28 08:54 - 2023-10-13 10:02 - 000002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-02-28 08:54 - 2023-10-13 10:02 - 000002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-02-28 07:48 - 2023-03-10 02:34 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-27 21:56 - 2024-12-14 10:14 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2414797706-3836927515-1130015698-1001
2025-02-27 21:56 - 2024-12-14 10:14 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-02-27 21:56 - 2023-03-09 11:57 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-02-27 15:13 - 2022-06-29 14:40 - 000000000 ____D C:\ProgramData\Package Cache
2025-02-27 15:11 - 2023-03-10 05:24 - 000001468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jump Desktop Connect.lnk
2025-02-27 12:37 - 2024-12-14 10:14 - 000004192 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1700781752
2025-02-27 12:37 - 2023-11-24 09:22 - 000001401 _____ C:\Users\paule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2025-02-26 17:55 - 2023-03-10 09:44 - 000000000 ____D C:\Users\paule\Documents\Health
2025-02-26 16:27 - 2024-12-14 10:14 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-02-26 16:27 - 2023-03-10 15:42 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-02-25 11:30 - 2024-12-14 10:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-02-25 10:57 - 2017-12-10 20:04 - 000211456 _____ C:\Users\paule\Documents\Rain.xls
2025-02-25 10:56 - 2023-03-10 11:05 - 000000000 ____D C:\Users\paule\AppData\Roaming\Microsoft\Excel
2025-02-24 15:07 - 2023-05-15 11:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-02-22 12:33 - 2024-12-14 10:14 - 000004474 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1701997904
2025-02-22 09:31 - 2024-05-06 13:13 - 000001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2025-02-21 18:12 - 2024-12-14 10:14 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-02-21 18:12 - 2023-05-15 11:00 - 000001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-02-21 16:56 - 2023-05-08 11:46 - 000000000 ____D C:\Users\paule\Desktop\The Lott 2nd Chance
2025-02-21 15:08 - 2023-03-10 09:38 - 000000000 ____D C:\Users\paule\Documents\Elsa
2025-02-21 15:00 - 2023-03-10 02:39 - 000000000 ____D C:\ProgramData\Packages
2025-02-21 15:00 - 2023-03-09 09:30 - 000000000 ____D C:\Users\paule\AppData\Local\Packages
2025-02-21 14:15 - 2023-03-15 06:05 - 000000000 ____D C:\ProgramData\firebird
2025-02-21 14:15 - 2023-03-14 18:42 - 000000000 ____D C:\Users\paule\Documents\MailStore Home
2025-02-20 06:07 - 2024-06-03 15:57 - 000000000 ____D C:\Users\paule\AppData\Local\Dropbox
2025-02-20 06:07 - 2024-06-03 15:56 - 000000000 ____D C:\Users\paule\AppData\Roaming\Dropbox
2025-02-20 06:06 - 2023-05-01 09:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2025-02-17 10:28 - 2024-04-01 17:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-02-17 10:22 - 2023-05-01 10:20 - 000000000 ___RD C:\Users\paule\Dropbox
2025-02-17 10:05 - 2024-12-13 19:54 - 000000000 ____D C:\Users\paule\AppData\Roaming\Microsoft\Spelling
2025-02-16 18:15 - 2023-03-14 16:39 - 000000000 ____D C:\Users\paule\Documents\Reckon Home Inventory Manager
2025-02-16 12:23 - 2023-03-09 13:11 - 000000000 ____D C:\Users\paule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firetrust Limited
2025-02-15 10:41 - 2024-10-10 09:14 - 000000000 ____D C:\Users\paule\Desktop\Stuff
2025-02-15 10:34 - 2023-03-09 09:31 - 000000000 ____D C:\Users\paule\AppData\Local\PlaceholderTileLogoFolder
2025-02-15 09:26 - 2023-03-12 18:25 - 000000000 ____D C:\Users\paule\Documents\Quicken
2025-02-14 15:57 - 2023-05-01 16:55 - 000001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Now.lnk
2025-02-14 15:57 - 2022-06-29 14:23 - 000000000 ____D C:\WINDOWS\TempInst
2025-02-14 15:50 - 2023-03-22 06:27 - 2874315431 _____ C:\WINDOWS\MEMORY.DMP
2025-02-14 15:27 - 2023-03-14 15:25 - 000000000 ____D C:\Users\paule\Documents\Tech Stuff
2025-02-14 11:51 - 2024-08-21 08:27 - 000000000 ____D C:\Program Files\PDFCreator
2025-02-12 15:20 - 2023-03-09 13:10 - 000000000 ____D C:\Users\paule\AppData\Local\SquirrelTemp
2025-02-12 15:12 - 2024-01-14 14:25 - 000001033 _____ C:\Users\Public\Desktop\Windscribe.lnk
2025-02-12 13:41 - 2024-04-01 17:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-02-12 13:24 - 2024-12-14 10:00 - 000556976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-02-12 13:23 - 2024-12-13 19:35 - 000000000 ____D C:\Program Files\Hyper-V
2025-02-12 13:23 - 2024-04-02 02:16 - 000000000 ____D C:\WINDOWS\InboxApps
2025-02-12 13:23 - 2024-04-02 02:16 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-02-12 13:23 - 2024-04-02 02:16 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-02-12 13:23 - 2024-04-02 02:15 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\UUS
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-02-12 13:23 - 2024-04-01 17:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-02-12 13:23 - 2024-04-01 17:21 - 000000000 ____D C:\WINDOWS\servicing
2025-02-12 11:09 - 2024-12-14 10:03 - 003334656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-02-12 10:59 - 2023-03-09 15:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-02-12 10:50 - 2023-03-09 15:42 - 209365816 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories ========
2023-11-04 14:20 - 2024-01-13 10:13 - 000000018 _____ () C:\Users\paule\AppData\Roaming\.cache9050425797200915815.dat
2024-06-05 08:24 - 2024-07-12 08:56 - 000052277 _____ () C:\Users\paule\AppData\Roaming\Comma Separated Values.ADR
2023-03-28 14:50 - 2023-03-28 14:50 - 000000896 _____ () C:\Users\paule\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2025
Ran by paule (02-03-2025 13:05:04)
Running from C:\Users\paule\Desktop\Antivirus Malware
Microsoft Windows 11 Pro Version 24H2 26100.3194 (X64) (2024-12-14 00:14:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2414797706-3836927515-1130015698-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2414797706-3836927515-1130015698-503 - Limited - Disabled)
Guest (S-1-5-21-2414797706-3836927515-1130015698-501 - Limited - Disabled)
paule (S-1-5-21-2414797706-3836927515-1130015698-1001 - Administrator - Enabled) => C:\Users\paule
WDAGUtilityAccount (S-1-5-21-2414797706-3836927515-1130015698-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\uTorrent) (Version: 3.6.0.46828 - BitTorrent Inc.)
Acronis Cyber Protect Home Office (HKLM-x32\...\{971A0BF3-4D70-463E-A6DD-EB6AFE02FEE7}) (Version: 27.4.40278 - Acronis) Hidden
Acronis Cyber Protect Home Office (HKLM-x32\...\{971A0BF3-4D70-463E-A6DD-EB6AFE02FEE7}Visible) (Version: 27.4.40278 - Acronis)
Acronis Drivers (HKLM\...\{534F0C28-DA3B-41F2-894C-13482F121288}) (Version: 27.4.40278 - Acronis) Hidden
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20421 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AKVIS Retoucher (HKLM\...\{3F10CA31-B8F6-45E8-887B-5D7DCF987A7D}) (Version: 12.0.1410.22065 - AKVIS) Hidden
AKVIS Retoucher (HKLM-x32\...\{3e355501-773f-4ade-ad77-402faf5ffc4f}) (Version: 12.0.1410.22065 - AKVIS)
Apple Mobile Device Support (HKLM\...\{AAFEC555-4154-4A21-9523-30B8CDE94533}) (Version: 18.0.0.33 - Apple Inc.)
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader (HKLM\...\{AC76BA86-7AD7-0000-0000-BC16014E7500}) (Version: 22.001.20085 - Adobe Systems Incorporated)
Audacity 3.7.1 (HKLM\...\Audacity_is1) (Version: 3.7.1 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Book Collector (HKLM\...\{FD0F8123-9035-44B0-B331-2596979E74ED}_is1) (Version: - Collectorz.com)
Brother Printer Driver (HKLM-x32\...\{1C156BC1-6A99-4BA2-B602-CFD14E19ADD3}) (Version: 2.3.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Setting Tool (HKLM-x32\...\{8DA2E2DC-C572-4F87-89FC-833DB588CC7B}) (Version: 1.6.0110 - Brother Industries, Ltd.)
Brother P-touch Editor (HKLM-x32\...\{C0A0CE08-4444-43C0-89CB-322856B3F6EE}) (Version: 6.5.20 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{ACF49700-E155-4715-9D4D-C05D835D8CE9}) (Version: 1.0.0230 - Brother Industries, Ltd.)
ClipClip (HKLM\...\{C48941DB-7DFB-4273-86E5-1FD54ECAAF0B}_is1) (Version: 2.4.5874 - Vitzo LLC)
Collectorz.com Game Collector (HKLM-x32\...\Collectorz.com Game Collector) (Version: - )
Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects)
DearMob iPhone Manager (HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\DearMob iPhone Manager) (Version: 6.6 - DearMob & Digiarty, Inc.)
Dell Peripheral Manager (HKLM\...\Dell Peripheral Manager) (Version: 1.7.7 - Dell Inc.)
Disk Drill 5.4.844.0 (HKLM-x32\...\{798479a2-9629-4ea0-8249-84aa47a7a543}) (Version: 5.4.844.0 - CleverFiles)
Disk Drill 5.4.844.0 (x64) (HKLM\...\{731B7658-F2B7-4819-83E8-0B410E00B1D0}) (Version: 5.4.844.0 - CleverFiles) Hidden
Ditto 3.24.238.0 (HKLM\...\Ditto_is1) (Version: 3.24.238.0 - Scott Brogden)
Document Capture Pro (HKLM-x32\...\{EEAD3C55-0C97-45E8-80B2-3A881ED0C5DC}) (Version: 3.3.5.0 - Seiko Epson Corporation)
Dokan Library 1.5.1.1000 (x64) (HKLM\...\{65A3A964-3DC3-0105-0001-211126123627}) (Version: 1.5.1.1000 - Dokany Project) Hidden
Dokan Library 1.5.1.1000 Bundle (HKLM-x32\...\{05c046de-f751-48c8-b8d3-77259ea88eb7}) (Version: 1.5.1.1000 - Dokany Project)
Dropbox (HKLM-x32\...\Dropbox) (Version: 218.4.4348 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.983.1 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Easy Connection to Screen (HKLM\...\{828B4DAF-8444-4340-A94E-D6BDC45C4E1B}) (Version: 4.7.1 - Samsung)
Easy Photo Scan (HKLM-x32\...\{99364024-626C-4BE1-89C8-2F207023497B}) (Version: 1.00.0018 - Seiko Epson Corporation)
EdgeDeflector (HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\EdgeDeflector) (Version: 1.2.3.0 - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.9 - Seiko Epson Corporation)
Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation)
Epson Data Collection Agent (HKLM\...\{A144D202-5F5C-4AE0-8BFE-F374C31BA279}) (Version: 7.0 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
EPSON ET-2750 Series Printer Uninstall (HKLM\...\EPSON ET-2750 Series) (Version: - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{207986DC-74F9-40B9-B341-C36D41D7CF43}) (Version: 3.11.79 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{DE32F90E-1A29-4D74-BCF1-E7DDB25D713A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{C37347BC-7549-47A6-8E7A-806A6751981E}) (Version: 3.00.06 - Seiko Epson Corporation)
Epson Scan OCR Component Pro (HKLM-x32\...\{717B8B46-1F9C-4CAF-B9DD-FEF5DFD9041A}) (Version: 1.1.1 - Seiko Epson Corporation)
Epson ScanSmart (HKLM-x32\...\{24D63D1B-83A2-4976-8D0D-8622D96B6B86}) (Version: 3.7.1 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{711E8536-AB71-4455-A6C4-357FDBBEBF91}) (Version: 4.6.7 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
GIMP 2.10.38-1 (HKLM\...\GIMP-2_is1) (Version: 2.10.38 - The GIMP Team)
Google Chrome (HKLM\...\{AD95F2B3-370C-333D-8A7B-0B69C0361F07}) (Version: 133.0.6943.142 - Google LLC)
Hasleo Backup Suite (HKLM\...\Hasleo Backup Suite_is1) (Version: 5.0.2.1 - Hasleo Software)
HideAway (HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\HideAway) (Version: 4.21.2 - Firetrust Limited)
iCloud Outlook (HKLM\...\{11727D12-D910-486F-9B36-B496F4AB334D}) (Version: 14.1.0.108 - Apple Inc.)
iMazing (HKLM\...\iMazing_is1) (Version: 3.0.4.0 - DigiDNA)
Internode Monthly Usage Meter 8.8.5 (HKLM-x32\...\Internode Monthly Usage Meter_is1) (Version: - )
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.3.0.11 - IObit)
iPod Support (HKLM\...\{3079D766-8749-419A-A38C-16614581DDD0}) (Version: 12.11.3.7 - Apple Inc.)
IrfanView 4.70 (64-bit) (HKLM\...\IrfanView64) (Version: 4.70 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Jump Desktop (HKLM\...\{70ECB083-F2B2-4660-A587-77F130E1D509}) (Version: 8.5.2.0 - Phase Five Systems)
Jump Desktop Connect (HKLM-x32\...\{EF31768B-9292-41C3-A6D7-D05672B77CE5}) (Version: 7.1.41.0 - Phase Five Systems)
Lenovo Now (HKLM-x32\...\{622FA116-13E7-4BB6-839C-A3E0E3ECDFE6}_is1) (Version: 4.2.0.21 - Lenovo)
Lenovo Smart Appearance Components (HKLM-x32\...\{13E9CBF6-6E32-40D0-874A-018DFEFB0851}_is1) (Version: 2.1.10.0 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.2.85.0 - Lenovo Group Ltd.)
Lenovo Voice Service (HKLM\...\{C59A85F5-DB04-4D09-BE1F-1B49B49EA9DA}_is1) (Version: 3.0.26.0 - Lenovo Group Ltd.)
LockHunter 3.4, 32/64 bit (HKLM\...\LockHunter_is1) (Version: 3.4.3.146 - Crystal Rich Ltd)
MailStore Home 22.4.0.21151 (HKLM-x32\...\MailStore Home_universal1) (Version: 22.4.0.21151 - MailStore Software GmbH)
MailWasherPro (HKLM-x32\...\{6EE7DF5D-160F-49D8-809C-2DE17BB82037}) (Version: 7.15.20 - Firetrust)
Malwarebytes version 5.2.6.163 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.6.163 - Malwarebytes)
Master PDF Editor 5 (HKLM\...\{E3A47A5A-986E-49D1-8BBA-0286F6E61D4A}) (Version: 5.9.61 - Code Industry)
Messenger (HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 6.0.36 (x64) (HKLM\...\{D6932D97-36F1-40B8-9CDC-CA8365B21000}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.20 (x64) (HKLM\...\{EE5EB03B-D65C-4991-848E-2C6E024326DB}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x64) (HKLM\...\{A9E32B25-994B-4856-A12B-0EBED3050410}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.20 (x64) (HKLM\...\{B0FC828F-678C-4868-9B5B-99639758E6F3}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x64) (HKLM\...\{C912E33F-956A-4921-9F55-CC11AE8F09AF}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.20 (x64) (HKLM\...\{221BB52A-B763-4C9D-AA62-4B0B6C9AAD62}) (Version: 56.80.15184 - Microsoft Corporation) Hidden
Microsoft Access database engine 2016 (English) (HKLM-x32\...\{90160000-00D1-0409-0000-0000000FF1CE}) (Version: 16.0.5044.1000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\{0AD9F660-BF26-3B17-A807-2B864B8D54F9}) (Version: 133.0.3065.92 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 133.0.3065.92 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2019 - en-us (HKLM\...\HomeBusiness2019Retail - en-us) (Version: 16.0.17726.20126 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.015.0126.0002 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.31301 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM\...\{61D4736B-3325-4D4A-BD41-8BD206C6A86E}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM-x32\...\{0532b8f2-12d7-43de-95fc-7b87006758a8}) (Version: 6.0.36.34217 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM\...\{72C29BED-666F-4E5E-BC49-DF44C890742E}) (Version: 56.80.15245 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.20 (x64) (HKLM-x32\...\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}) (Version: 7.0.20.33720 - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version: - Collectorz.com)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 135.0.1 (x64 en-US)) (Version: 135.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 128.5.2 - Mozilla)
Mozilla Thunderbird (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 128.7.1 (x86 en-US)) (Version: 128.7.1 - Mozilla)
MSEdgeRedirect (HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\MSEdgeRedirect) (Version: 0.7.3.0 - Robert Maehl Software)
Music Collector (HKLM\...\{8CDFF5D2-89BF-4391-9D20-7D95C88DC98C}_is1) (Version: - Collectorz.com)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20090 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17726.20108 - Microsoft Corporation) Hidden
Opera Stable 117.0.5408.39 (HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\Opera 117.0.5408.39) (Version: 117.0.5408.39 - Opera Software)
Paragon Backup & Recovery™ 17 CE (HKLM\...\{505143F0-48A3-4ABD-A1FE-F77425BFBF66}) (Version: 17.9.3.4927 - Paragon Software) Hidden
Paragon Backup & Recovery™ 17 CE (HKLM-x32\...\{37102375-99b6-4ec1-af7d-ec77bb61cd49}) (Version: 17.9.3.4927 - Paragon Software GmbH)
Paragon UIM (HKLM\...\{49AED3CA-E137-4E65-9555-D05C60281BAC}) (Version: 24.60.0.460 - Paragon Software) Hidden
PDF24 Creator 11.23.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.23.0 - geek software GmbH)
PDFCreator (HKLM\...\{505A4441-AF5C-4A87-BA05-E68CAD7FEA73}) (Version: 5.3.3 - Avanquest pdfforge GmbH)
PicPick (HKLM-x32\...\PicPick) (Version: 7.3.1 - NGWIN)
PrivadoVPN (HKLM-x32\...\{481735FF-B88B-4E1E-8818-7B282DFC51EC}) (Version: 3.12.7.0 - Privado Networks AG) Hidden
PrivadoVPN (HKLM-x32\...\{f89beb30-815b-4b0b-8dbb-b984d9b81ee9}) (Version: 3.12.7.0 - Privado Networks AG)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Reckon Home Inventory Manager (HKLM-x32\...\{CDF64407-E968-4AC8-8323-A1DDBE5A8D72}) (Version: 1.1 - Reckon Software ©Intuit Inc, 2014)
Smart Note (HKLM\...\{E2715359-FAFC-4C28-8064-526EB44096AD}_is1) (Version: 1.0.13.1121 - Lenovo Group Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.85.5 - Safer-Networking Ltd.)
Sync (HKLM\...\{96855E80-23DA-11E2-BDFB-09006188709B}) (Version: 5.0.18.30 - Sync)
Syncios Mobile Manager 7.2.0 (HKLM-x32\...\Syncios Mobile Manager) (Version: 7.2.0 - Syncios)
Syncios Toolkit 1.1.0 (HKLM-x32\...\Syncios Toolkit) (Version: 1.1.0 - Syncios)
USB Safely Remove 7.0 (HKLM-x32\...\USB Safely Remove_is1) (Version: 7.0.5.1320 - Crystal Rich Ltd)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
Windscribe (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.13.8 - Windscribe Limited)
Packages:
=========
60990LiliyaMuray.Reg.Ru -> C:\Program Files\WindowsApps\60990LiliyaMuray.Reg.Ru_2.4.5.0_x64__prqhvnjvnmk56 [2024-11-23] (Liliya Muray)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-02-01] ()
Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-11] (AMZN Mobile LLC.) [Startup Task]
Amazon Music -> C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0 [2023-12-17] (AMZN Mobile LLC)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-09] (INTEL CORP) [Startup Task]
Bluetooth® Profile Pack -> C:\Program Files\WindowsApps\Microsoft.BluetoothProfilePack_0.23082.3.0_x64__8wekyb3d8bbwe [2024-12-12] (Microsoft Corporation)
Compressor de Imagem -> C:\Program Files\WindowsApps\642Jabasoft.CompressordeImagem_1.4.4.0_x64__3jhqbycpkrcae [2025-02-15] (Jabasoft)
Copilot -> C:\Program Files\WindowsApps\Microsoft.Copilot_1.25014.121.0_x64__8wekyb3d8bbwe [2025-02-21] (Microsoft Corporation) [Startup Task]
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.26.2580.0_x64__rz1tebttyb220 [2025-02-26] (Dolby Laboratories)
Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.20400.722.0_x64__rz1tebttyb220 [2024-09-06] (Dolby Laboratories)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2025-02-19] (Dropbox Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.3.138.0_x64__nzyj5cx40ttqa [2024-11-16] (Apple Inc.) [Startup Task]
Ink.Handwriting.en-AU.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-AU.1.0_0.780.13.0_x64__8wekyb3d8bbwe [2025-02-27] (Microsoft Corporation)
Ink.Handwriting.en-AU.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-AU.1.0_0.780.13.0_x86__8wekyb3d8bbwe [2025-02-27] (Microsoft Corporation)
Ink.Handwriting.Main.en-AU.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-AU.1.0_0.780.13.0_x64__8wekyb3d8bbwe [2025-02-27] (Microsoft Corporation)
Intel® Connectivity Performance Suite -> C:\Program Files\WindowsApps\appup.intelconnectivityperformancesuite_1.1122.112.0_x64__8j3eq9eme6ctt [2023-03-08] (INTEL CORP) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12135.3.3021.0_x64__nzyj5cx40ttqa [2025-02-21] (Apple Inc.) [Startup Task]
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2501.20.0_x64__k1h2ywk1493x8 [2025-02-18] (LENOVO INC.)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.6.12.0_x64__5grkq8ppsgwt4 [2024-04-02] (LENOVO INC) [Startup Task]
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_8.2.8.0_neutral__ss941bf8mfs8a [2024-12-14] (Wacom Technology Corp.)
Lenovo Smart Appearance -> C:\Program Files\WindowsApps\E0469640.SmartAppearance_2.3.54.0_x64__5grkq8ppsgwt4 [2024-11-23] (LENOVO INC) [Startup Task]
Lenovo Voice -> C:\Program Files\WindowsApps\E046963F.LenovoVoiceWorldWide_3.0.26.0_x64__k1h2ywk1493x8 [2024-09-30] (LENOVO INC.)
Microsoft Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_4.0.10720.0_x64__yxz26nhyzhsrt [2025-03-01] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_54.20907.567.0_x64__8wekyb3d8bbwe [2024-10-09] (Microsoft Corporation)
Mp3tag -> C:\Program Files\WindowsApps\35795FlorianHeidenreich.Mp3tag_3.28.0.0_x64__rf0p6xgxmspcc [2024-11-16] (Florian Heidenreich)
Pic Collage -> C:\Program Files\WindowsApps\CARDINALBLUE.PICCOLLAGE_2.0.30.0_x64__nyvb5jmhdxy8g [2023-03-11] (Cardinal Blue Software)
PST to MBOX Converter -> C:\Program Files\WindowsApps\21494VARTIKASOFTWAREPRIVA.PSTtoMBOXConverter_3.0.8.0_neutral__ahbvz5c3fybs8 [2024-12-17] (Ayush Tech Software)
Smart Microphone Settings -> C:\Program Files\WindowsApps\ElevocTechnologyCo.Ltd.SmartMicrophoneSettings_1.1.51.0_x64__ttaqwwhyt5s6t [2024-03-15] (Elevoc Technology Co., Ltd.)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0 [2025-03-01] (Spotify AB) [Startup Task]
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe [2025-01-29] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_6000.401.2352.0_x64__8wekyb3d8bbwe [2025-02-26] (Microsoft Corp.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{06FD3277-9C2F-41F8-800A-2679FDF23A58} -> [iCloud Photos] => C:\Users\paule\Pictures\iCloud Photos\Photos [2023-05-02 17:58]
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\paule\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.31301\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{2CC49BCC-9F8F-4B67-B076-D10AC4E45DA9} -> [iCloud Drive] => C:\Users\paule\iCloudDrive [2023-05-02 17:58]
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{53b2adf3-ce65-485e-8a2d-a9f1fa2ab332}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{56512e36-c98f-d8d5-43c6-669ea60c4c0b}\localserver32 -> C:\Program Files\CleverFiles\Disk Drill\DD.exe (CLEVERFILES INC. -> 508 Software, LLC)
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{7A21BDC4-7766-4B39-87B5-ABBCF01DB356} -> [Sync] => C:\Users\paule\Sync [2023-05-01 11:18]
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{D579908A-B7C5-45E3-815C-7A3AE538F6E7}\InprocServer32 -> C:\Program Files\Code Industry\Master PDF Editor 5\MPE_ThumbnailProvider.dll (Code Industry LLC -> )
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\paule\Dropbox [2023-05-01 10:20]
CustomCLSID: HKU\S-1-5-21-2414797706-3836927515-1130015698-1001_Classes\CLSID\{F8AC5280-4BE7-4453-8B92-B8413D1624D8}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\tishell64_27_4_40278.dll [2023-02-28] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\tishell64_27_4_40278.dll [2023-02-28] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\tishell64_27_4_40278.dll [2023-02-28] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\tishell64_27_4_40278.dll [2023-02-28] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AAASyncNo] -> {CD0DD5EC-23D2-4AE0-A111-C7B89038E695} => C:\Program Files (x86)\Sync\overlay.dll [2024-08-07] (Sync.com Inc. -> Sync.com Inc.)
ShellIconOverlayIdentifiers: [ AAASyncProg] -> {9A1FA446-6778-4A02-883B-3100549CF193} => C:\Program Files (x86)\Sync\overlay.dll [2024-08-07] (Sync.com Inc. -> Sync.com Inc.)
ShellIconOverlayIdentifiers: [ AAASyncRoot] -> {B57A832B-F40A-4A9D-A0F5-49E7D17B8EE4} => C:\Program Files (x86)\Sync\overlay.dll [2024-08-07] (Sync.com Inc. -> Sync.com Inc.)
ShellIconOverlayIdentifiers: [ AAASyncSkip] -> {AFE40DBB-AB20-4979-B0D2-483B6866C8C9} => C:\Program Files (x86)\Sync\overlay.dll [2024-08-07] (Sync.com Inc. -> Sync.com Inc.)
ShellIconOverlayIdentifiers: [ AAASyncYes] -> {9C569020-57C0-4CE0-9605-8AD42F4B1C7F} => C:\Program Files (x86)\Sync\overlay.dll [2024-08-07] (Sync.com Inc. -> Sync.com Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2021-06-24] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2022-10-04] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SyncComContextShlExt] -> {0dcd9583-eb2f-4e08-a146-885c923c0833} => C:\Program Files (x86)\Sync\rclick.dll [2024-08-07] (Sync.com Inc. -> Sync.com Inc.)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2021-06-24] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2021-06-24] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers4: [SyncComContextShlExt] -> {0dcd9583-eb2f-4e08-a146-885c923c0833} => C:\Program Files (x86)\Sync\rclick.dll [2024-08-07] (Sync.com Inc. -> Sync.com Inc.)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\FileSyncShell64.dll [2025-02-27] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.77.0.dll [2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\paule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Paul - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5"
==================== Loaded Modules (Whitelisted) =============
2024-12-09 02:33 - 2024-12-09 02:33 - 007329280 _____ () [File not signed] C:\Program Files (x86)\Firetrust\MailWasher\MWPappDLL.dll
2025-02-24 17:06 - 2025-02-24 17:06 - 000476160 _____ () [File not signed] C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.KillSwitch.Library.dll
2025-01-12 11:02 - 2024-11-25 10:17 - 001835520 _____ () [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\libxml2.dll
2025-01-12 11:02 - 2024-12-30 11:57 - 000120320 _____ () [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\Log.dll
2025-01-12 11:02 - 2024-10-28 17:46 - 001283072 _____ () [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\sqlite3.dll
2025-01-12 11:02 - 2024-10-16 14:06 - 000734720 _____ () [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\zstdlib.dll
2022-06-29 14:40 - 2022-01-18 17:40 - 000229376 _____ () [File not signed] C:\Program Files\Lenovo\Lenovo Smart Appearance Components\Components\freeglut.dll
2022-06-29 14:40 - 2022-01-18 17:40 - 000364032 _____ () [File not signed] C:\Program Files\Lenovo\Lenovo Smart Appearance Components\Components\glew32.dll
2022-06-29 14:23 - 2023-02-10 10:51 - 000393216 _____ () [File not signed] C:\Program Files\Lenovo\LVA Pro Service\libglog.dll
2023-03-10 07:57 - 2023-07-03 15:01 - 000000000 ____L () [symlink -> C:\ProgramData\Acronis\NGMP\shared\aamsi.21.x64.dll] C:\ProgramData\Acronis\NGMP\shared\aamsi.x64.dll
2023-03-10 07:57 - 2023-07-03 15:01 - 000000000 ____L () [symlink -> C:\ProgramData\Acronis\NGMP\shared\aamsi.21.x86.dll] C:\ProgramData\Acronis\NGMP\shared\aamsi.x86.dll
2023-03-10 15:25 - 2023-08-28 17:11 - 000026112 _____ (Copyright © Code Industry Ltd) [File not signed] C:\WINDOWS\System32\mpelocalmon.dll
2024-08-07 10:39 - 2024-08-07 10:39 - 006942208 _____ (FreeImage) [File not signed] C:\Program Files (x86)\Sync\FreeImage.dll
2018-01-20 09:34 - 2023-09-16 08:44 - 000373248 _____ (IntelleSoft) [File not signed] C:\Users\paule\Downloads\XMouseButtonControl 2.20.5 Portable\64bit (x64)\BugTrapU-x64.dll
2023-12-04 17:01 - 2023-12-04 17:01 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvSubsystems32.dll
2023-12-04 17:01 - 2023-12-04 17:01 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2024-08-21 08:27 - 2024-08-21 08:27 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
2025-02-19 11:51 - 2025-02-19 11:51 - 016305664 _____ (Phase Five Systems) [File not signed] C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\7.1.41.0\JumpConnectCore.dll
2024-03-06 14:18 - 2024-03-06 14:18 - 000242176 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2024-01-11 12:25 - 2024-01-11 12:25 - 000057856 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\EPNWPSHDevFinder.DLL
2024-01-11 12:25 - 2024-01-11 12:25 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2025-03-01 17:07 - 2022-12-28 21:28 - 001111883 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2025-01-12 11:02 - 2021-11-25 21:40 - 000581632 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\libcurl.dll
2025-03-01 17:07 - 2019-12-21 11:55 - 001380864 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2025-03-01 17:07 - 2019-12-21 11:55 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll
2025-01-12 11:02 - 2016-09-25 15:12 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\imageformats\qgif.dll
2025-01-12 11:02 - 2016-09-25 15:12 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\imageformats\qico.dll
2025-01-12 11:02 - 2016-09-25 15:12 - 001236992 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\platforms\qwindows.dll
2025-01-12 11:02 - 2017-06-24 08:29 - 005568512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\Qt5Core.dll
2025-01-12 11:02 - 2016-09-25 15:05 - 006011904 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\Qt5Gui.dll
2025-01-12 11:02 - 2016-09-25 15:10 - 005526528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Hasleo\Hasleo Backup Suite\bin\Qt5Widgets.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:E985C3AC [250]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-07-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-07-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-07-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-07-04] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2024-01-14 14:21 - 2024-01-14 14:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2023-12-17 12:51 - 2025-03-02 11:37 - 000000431 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.28.128.1 PR.mshome.net # 2030 3 5 1 1 37 5 996
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\paule\Pictures\2023-2024\Canada October 2024\IMG_2206.JPG
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
PrivadoVPN (OpenVPN DCO): OpenVPN Data Channel Offload -> ovpn-dco.sys
PrivadoVPN (OpenVPN): TAP-Windows Adapter V9 #2 -> tap0901.sys
vEthernet (Default Switch): Hyper-V Virtual Ethernet Adapter ->
WiFi: Intel® Wi-Fi 6E AX211 160MHz -> Netwtw14.sys
Local Area Connection: TAP-Windows Adapter V9 -> tap0901.sys
vms_vsf: Hyper-V Virtual Switch Extension Filter
ms_l1vhlwf: Nested Network Virtualization
vms_vsp: Hyper-V Virtual Switch Extension Protocol
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "CyberProtectHomeOfficeMonitor.exe"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AA1FDA90EE192946CDC15C3162A8D698"
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\StartupApproved\Run: => "Opera Stable"
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\StartupApproved\Run: => "PrivadoVPN"
HKU\S-1-5-21-2414797706-3836927515-1130015698-1001\...\StartupApproved\Run: => "com.messenger"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B031F007-D555-4813-9A98-1BCBEAA7DE94}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24295.402.3249.3850_x64__8wekyb3d8bbwe\msteams.exe => No File
FirewallRules: [{5803E95C-915D-4893-98F6-ED836E0ECF58}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24295.402.3249.3850_x64__8wekyb3d8bbwe\msteams.exe => No File
FirewallRules: [{AB105974-53E7-4E78-8B96-0D25518D324F}] => (Allow) C:\Program Files (x86)\Syncios\Syncios Mobile Manager\Syncios Mobile Manager.exe (Anvsoft Inc. -> Syncios)
FirewallRules: [{8371FAC3-0314-481B-9D72-80FD4BAF361A}] => (Allow) C:\Program Files (x86)\Syncios\Syncios Mobile Manager\Syncios Mobile Manager.exe (Anvsoft Inc. -> Syncios)
FirewallRules: [{25FDBE8E-783D-4B66-8404-7E499755B726}] => (Allow) C:\Program Files (x86)\Syncios\Syncios Mobile Manager\Syncios Mobile Manager.exe (Anvsoft Inc. -> Syncios)
FirewallRules: [{6216ED4C-F8FE-429E-AB2B-9A91523764F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E716309-0E3E-4077-ABEE-50D1CB97F04C}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (16916B57-7991-4968-B02A-2ADE4B5FB0DE -> Amazon.com Services LLC)
FirewallRules: [{9FADCE7B-E61E-489B-8FD4-BE2257235882}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (16916B57-7991-4968-B02A-2ADE4B5FB0DE -> Amazon.com Services LLC)
FirewallRules: [{36B0BF23-5C5B-4921-AF93-B55DACFFCE1C}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{527CA8B6-A586-4D77-9764-DFD19338685C}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{AA00D0E3-363B-43E3-9029-279541AECAF0}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{2E1C9A73-2D6A-4BEE-AA61-2141C9FDC170}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{9C27068D-8747-4D0E-A33B-59776C4A1C2F}] => (Allow) C:\Users\paule\AppData\Local\Temp\pftF891.tmp\bspp71w230auk\start.exe => No File
FirewallRules: [{C80D6E50-783E-4D98-A21A-AF236B845E81}] => (Allow) C:\Users\paule\AppData\Local\Temp\pftF891.tmp\bspp71w230auk\start.exe => No File
FirewallRules: [{E7FA1653-DAD6-4F4E-8E86-FF05794776F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B896E4BD-6281-4AE5-B80F-6369BDD9A3A7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CC13DAEF-7C08-491E-B9DF-ECBF678A8197}] => (Allow) C:\Program Files\Samsung\Easy Connection to Screen\Service.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{E261FC99-C4E9-47C4-B4B4-C9DFB979C4FE}] => (Allow) C:\Users\paule\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{D79384DF-940B-48C0-B74F-441F11FFF6B2}] => (Allow) C:\Users\paule\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{B2566568-37C1-41D7-871D-18D75A090645}] => (Allow) C:\Users\paule\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{045AA19B-1A86-4589-BE5C-3C9CA593062B}] => (Allow) C:\Users\paule\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{A4EE67AC-930B-4861-8739-D5AA88F42161}] => (Allow) C:\Program Files\Ditto\Ditto.exe () [File not signed]
FirewallRules: [{7952FCBD-DC78-4B15-BEB3-FB18F2510E1B}] => (Allow) C:\Program Files\Ditto\Ditto.exe () [File not signed]
FirewallRules: [{28976662-D4B4-40A3-B078-D2B7CBB8011C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7ADFEF7D-B801-4C53-98E2-88D339A8F1FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7194B7CB-65BA-4F35-8C6B-FCECBC1D5A4D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9F1009E2-67A2-4E12-A28C-969B4521A774}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C43E93F3-DA8E-48E2-8BA8-B0BC83E75E5C}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.2.0\ABService.exe => No File
FirewallRules: [{BC633612-5039-4884-8FCE-BD9F0B75E95A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.2.0\ABService.exe => No File
FirewallRules: [{01AA1F8E-7702-47BD-A89A-A1F847E73295}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{B737A6F6-E3A8-4A63-8B74-CCD1D5C83A19}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{A90EA032-2888-428D-8AD8-273268AE33B5}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{DC244757-F67B-410C-B466-D312F5A4ECFD}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{8A17EF35-26AC-44D3-818F-2C0FED9B03F3}] => (Allow) C:\Users\paule\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{EEC0F4B0-D9B2-4941-BAA5-1FC43DB3B723}] => (Allow) C:\Users\paule\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File
FirewallRules: [{9A66A93C-EF23-4AF2-8EA8-AF0F10BC5600}] => (Allow) C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{28D474AA-8388-4121-948E-3C1027981953}] => (Allow) C:\Program Files (x86)\Acronis\Agent\aakore.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{ED445130-98FA-467B-AE89-3BF08890942D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> )
FirewallRules: [{724AE967-304E-423F-B968-340523B938E1}] => (Allow) C:\Program Files (x86)\Acronis\Agent\bin\task-manager.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{0FB9692E-15B6-4BD7-8B10-6D291FABC4B8}] => (Allow) C:\Program Files (x86)\Acronis\Agent\bin\bckp_amgr.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{D91BF0C1-5844-4768-A957-228E92604156}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> )
FirewallRules: [{E0FC6EC0-9070-4EA6-ACFF-7FBC869DF69F}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\LicenseActivator.exe (Acronis International GmbH -> )
FirewallRules: [{0ABBDBEA-2E1E-45EC-AD9C-77C0C1721728}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{7407C835-9A88-4479-8F3B-630108A83FEC}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{C053AD56-6D54-47BF-ACA9-1E16FAF6D9BA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{C254605A-F02E-4559-BB81-EAFB5E11C102}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{DA36F25A-5708-4188-A23C-A76AEC98D4DF}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{F43F4F58-AA4E-473F-9F18-DA62FCE37A4F}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{CEF5E517-AC50-4284-B772-B3702F69C64A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\CyberProtectHomeOffice\CyberProtectHomeOfficeService.exe (Acronis International GmbH -> )
FirewallRules: [{0D03AC6A-FEAF-4701-BAFE-8EA317D79F48}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\CyberProtectHomeOfficeTools.exe (Acronis International GmbH -> )
FirewallRules: [{3658B24C-52D9-4A96-A9E3-1C51256E27C5}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\CyberProtectHomeOfficeMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{BE5EC79B-48DB-49FC-9C43-EC024C09D1B4}] => (Allow) C:\Program Files (x86)\Acronis\CyberProtectHomeOffice\CyberProtectHomeOffice.exe (Acronis International GmbH -> )
FirewallRules: [{F8B63685-CB77-4C67-A379-61206ACBE7AC}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{1F459C29-2413-45AA-9079-9074965D3156}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{D8F66E7A-CACA-4094-90B8-11AE90B0FBF7}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\7.1.41.0\JumpConnect.exe (PhaseFive Systems LLC -> Phase Five Systems)
FirewallRules: [{5D009629-8605-448C-B113-BC3C98B7FC1D}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\7.1.41.0\JumpConnect.exe (PhaseFive Systems LLC -> Phase Five Systems)
FirewallRules: [{2FD37FE7-9060-4C70-8D20-3953B27112E3}] => (Allow) C:\Program Files (x86)\Syncios\Syncios Mobile Manager\Syncios Mobile Manager.exe (Anvsoft Inc. -> Syncios)
FirewallRules: [{0AC86FAC-4A5A-4956-B60D-19B4F3136D76}] => (Allow) C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe => No File
FirewallRules: [{FAA73D1B-945E-4683-91C4-E6AC2720ED1A}] => (Allow) C:\Program Files (x86)\Firetrust\MailWasher\MailWasher.exe => No File
FirewallRules: [{EDF0DB9D-482A-45C8-A4C3-EB00D8542819}] => (Allow) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust Limited -> Firetrust)
FirewallRules: [{91874AAA-334E-4EE8-B01E-170839E88C0C}] => (Allow) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust Limited -> Firetrust)
FirewallRules: [{898FEEDC-9115-478E-BD53-1C31C3E2E420}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25031.702.3408.1909_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0959CC77-2BC0-4D44-B666-23B773059ABD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25031.702.3408.1909_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{00BED40A-929A-41BD-9938-C1C1B69E8D40}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25017.203.3370.1174_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F82035B3-C1C8-4EDE-9C69-53B60311B3B1}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25017.203.3370.1174_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6FFF933C-638D-4890-98A8-0D8B6CFAA05C}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [UDP Query User{D17701E8-7DFE-4DA5-A211-205FF5522E59}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{85AC6F39-FEF4-4ECC-A322-EC83DED5B0CB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{7872141E-B561-4B5C-82DC-C3D1FE0B2C29}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{765D93C6-A270-4395-92C6-CF7129207968}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12135.3.3021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8CE837DB-5A22-4EB2-A524-AB4A7FD92DCD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12135.3.3021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B0995E0C-CED7-408E-80E7-AC7B4F124C07}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12135.3.3021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0A82C410-C70D-405A-AC96-1A0A18D81F46}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12135.3.3021.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{054E23AA-0277-4B3C-8BC1-07CE270E1196}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12135.3.3021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{10FDFBAC-0E78-4D11-9FC6-E6DF7FC7D64E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12135.3.3021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A4D0BE2F-BC81-4549-8915-5CEB42F86173}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12135.3.3021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1514BC9A-FA29-44C7-83ED-EF47A59E6D05}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12135.3.3021.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D013624B-749B-4C24-A2E7-315CFE39E8A6}] => (Allow) C:\Users\paule\AppData\Local\Programs\Opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{C634F536-225B-46F2-99BA-C955271ECA39}] => (Allow) C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Service.exe (Privado Networks AG -> Privado Networks AG)
FirewallRules: [{BCBF74E2-D54D-4F0B-910F-C8DAC8F2517D}] => (Allow) C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.exe (Privado Networks AG -> Privado Networks AG)
FirewallRules: [{D0F81FF3-F007-4EBF-8465-5FB1DA3A6412}] => (Allow) C:\Program Files (x86)\PrivadoVPN\PrivadoVPN.Wireguard.Service.exe (Privado Networks AG -> Privado Networks AG)
FirewallRules: [{F1D0B58D-0D6D-416B-B18D-BB44CE3ECF7B}] => (Allow) C:\Program Files (x86)\PrivadoVPN\Devcon\devcon32.exe (Privado Networks LLC -> Microsoft Corporation)
FirewallRules: [{38510F2C-C9C4-420E-9D9B-654F04C068F1}] => (Allow) C:\Program Files (x86)\PrivadoVPN\Devcon\devcon64.exe (Privado Networks LLC -> Microsoft Corporation)
FirewallRules: [{93D533D1-6333-437D-895A-05C1B305FB0B}] => (Allow) C:\Program Files (x86)\PrivadoVPN\OpenVPN\PrivadoOpenVPN.exe (Privado Networks AG -> The OpenVPN Project)
FirewallRules: [{39D112A4-68BD-48B7-906D-2ABA02E24960}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8ED16E12-AF5C-4593-8790-FEE409E54DE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9F78EFB8-6C6D-4DD4-964C-1CD1E66A88D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7B9331D2-E948-41D6-B545-2D68ECB1D1C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7E6B5B9B-0907-4ED9-A27A-42A4346F9D64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{38AE91C9-82C8-4BD3-BAD3-826CC8ADA928}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4548D420-26BA-4E84-8E84-B69831DC1C30}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C5481DC6-D877-450D-A5A4-C4C67B0F2E80}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2F5D597A-23B0-4560-B38C-B7BB3B2885E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CAC05ACB-B7BC-48C3-B765-F2D9682D4204}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E14C76C5-3F3B-4E7B-B737-6D576E9B410D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.258.498.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{796F5E36-3C27-4467-8903-515792C5C3F7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:951.65 GB) (Free:535.75 GB) (56%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/02/2025 12:41:16 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: svchost.exe_WbioSrvc, version: 10.0.26100.1150, time stamp: 0xfdace0d9
Faulting module name: wbiosrvc.dll, version: 10.0.26100.3037, time stamp: 0x6c7530a7
Exception code: 0xc0000409
Fault offset: 0x000000000000b289
Faulting process id: 0x6c64
Faulting application start time: 0x1db8b1c6c6f2eec
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\wbiosrvc.dll
Report Id: 14b4138e-7045-4c7d-ab15-86ddb59436bf
Faulting package full name:
Faulting package-relative application ID:
Error: (03/02/2025 12:28:50 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program SystemSettings.exe version 10.0.26100.3037 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Error: (03/02/2025 12:00:33 PM) (Source: Application Error) (EventID: 1000) (User: PR)
Description: Faulting application name: HideAway.exe, version: 4.21.2.0, time stamp: 0x5ec21650
Faulting module name: hideaway.node, version: 0.0.0.0, time stamp: 0x67ae3617
Exception code: 0xc0000409
Fault offset: 0x0004f888
Faulting process id: 0x629c
Faulting application start time: 0x1db8b0f34182458
Faulting application path: C:\Users\paule\AppData\Local\HideAway\app-4.21.2\HideAway.exe
Faulting module path: \\?\C:\Users\paule\AppData\Local\HideAway\app-4.21.2\resources\app\hideaway\build\Release\hideaway.node
Report Id: 520810f1-bd85-473c-9dc6-821757b87ad1
Faulting package full name:
Faulting package-relative application ID:
Error: (03/02/2025 11:05:30 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={187D45D0-5757-46CD-A8AA-4B41651738C7}: The user SYSTEM dialed a connection named PrivadoVPN (IKEv2) which has failed. The error code returned on failure is 633.
Error: (03/02/2025 11:05:26 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: PR)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=55, authorId=311, vendorId=0, vendorType=0
Error: (03/02/2025 11:05:25 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: PR)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1
Error: (03/02/2025 11:05:25 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: PR)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=55, authorId=311, vendorId=0, vendorType=0
Error: (03/02/2025 11:05:25 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: PR)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1
System errors:
=============
Error: (03/02/2025 12:50:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/02/2025 12:05:00 PM) (Source: DCOM) (EventID: 10010) (User: PR)
Description: The server windows.immersivecontrolpanel_10.0.8.1000_neutral_neutral_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not register with DCOM within the required timeout.
Error: (03/02/2025 11:34:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PrivadoVPN Wireguard service terminated unexpectedly. It has done this 1 time(s).
Error: (03/02/2025 11:12:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the LenovoVantageService service.
Error: (03/02/2025 11:10:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the LenovoVantageService service.
Error: (03/02/2025 11:09:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the LenovoVantageService service.
Error: (03/02/2025 11:07:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the PrivadoVPN Wireguard service to connect.
Error: (03/02/2025 11:03:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (60000 milliseconds) while waiting for the PrivadoVPN Wireguard service to connect.
Windows Defender:
================
Date: 2025-02-28 22:55:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-02-28 15:38:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2025-02-27 23:10:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-02-26 22:49:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-02-25 22:04:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2025-03-02 09:07:18
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: The request is not supported.
Date: 2025-03-01 17:00:37
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: The request is not supported.
Date: 2025-03-01 16:51:18
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: The request is not supported.
Date: 2025-03-01 16:48:40
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.
Date: 2025-03-01 16:39:33
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: The request is not supported.
CodeIntegrity:
===============
Date: 2025-03-02 12:40:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\ProgramData\Acronis\NGMP\shared\aamsi.21.x64.dll that did not meet the Windows signing level requirements.
Date: 2025-03-02 12:22:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\133.0.6943.142\chrome.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO J1CN40WW 08/10/2023
Motherboard: LENOVO LNVNB161216
Processor: 12th Gen Intel® Core™ i7-1260P
Percentage of memory in use: 69%
Total physical RAM: 16108.49 MB
Available physical RAM: 4974.21 MB
Total Virtual: 32492.49 MB
Available Virtual: 15840.23 MB
==================== Drives ================================
Drive c: (Windows-SSD) (Fixed) (Total:951.65 GB) (Free:535.75 GB) (Model: SAMSUNG MZAL41T0HBLB-00BL2) (Protected) NTFS
\\?\Volume{e0d2f480-02df-4972-8191-4b1db550d8a6}\ (WINRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.15 GB) NTFS
\\?\Volume{94e57907-e407-4d23-8243-5fff4b71ca18}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 7BFC65EC)
Partition: GPT.
==================== End of Addition.txt =======================
Sign In
Create Account
