Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-04-2026 01 Ran by geoff (11-04-2026 16:49:29) Running from D:\GS_DOWNLOADS\WIN11 Microsoft Windows 11 Pro Version 23H2 22631.6199 (X64) (2023-12-11 05:31:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2837236113-4052516336-580648045-500 - Administrators - Disabled) DefaultAccount (S-1-5-21-2837236113-4052516336-580648045-503 - Limited - Disabled) defaultuser100001 (S-1-5-21-2837236113-4052516336-580648045-1029 - 0 - Enabled) => C:\Users\defaultuser100001 <==== ATTENTION geoff (S-1-5-21-2837236113-4052516336-580648045-1001 - Administrators - Enabled) => C:\Users\geoff Guest (S-1-5-21-2837236113-4052516336-580648045-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2837236113-4052516336-580648045-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {343E1860-FD6F-AB8D-96E4-A5006AA98D2C} AV: iolo Antivirus (Enabled - Up to date) {970B6311-2CDA-ED73-3084-2EF9DC9CA3D7} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee (Enabled - Up to date) {0BE13B34-492A-21C0-AE43-C1742279CCB6} FW: McAfee (Enabled) {33DABA11-0345-2098-851C-6841DCAA8BCD} FW: Norton 360 (Enabled) {0C059945-B700-AAD5-BDBB-0C35947ACA57} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\uTorrent) (Version: 3.6.0.47012 - BitTorrent Limited) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 26.001.21367 - Adobe) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 9.0.0.29 - Adobe Inc.) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601149}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 19.3.0 - IObit) Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft) Aimersoft Video Converter Ultimate(Build 11.7.4.3) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 11.7.4.3 - Aimersoft Software) Amazon Kindle (HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\Amazon Kindle) (Version: 1.35.0.64251 - Amazon) ANT Drivers Installer x64 (HKLM\...\{D57C47C3-2522-4F61-9707-23EAD3B3B200}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Mobile Device Support (HKLM\...\{49C1298B-7D33-456D-95F1-AB0751E468BE}) (Version: 19.0.0.22 - Apple Inc.) Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.) Ashampoo PDF Pro (HKLM-x32\...\{0A11EA01-2BEB-20CD-8EB7-D2A9A4095299}_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG) Belarc Advisor 12.1 (HKLM-x32\...\Belarc Advisor) (Version: 12.1.0.0 - Belarc, Inc.) BluOS Controller (HKLM\...\d9d7e0d7-39ce-5f4f-a150-fee5f6007ba5) (Version: 4.12.2 - Lenbrook) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BPA+ (HKLM-x32\...\{57448125-3E34-4395-AA83-8587314001C0}) (Version: 1.0.1.0 - Microlife) Hidden BPA+ (HKLM-x32\...\InstallShield_{57448125-3E34-4395-AA83-8587314001C0}) (Version: 1.0.1.0 - Microlife) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.) Canon G3010 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_G3010_series) (Version: 1.03 - Canon Inc.) Canon G3010 series On-screen Manual (HKLM-x32\...\Canon G3010 series On-screen Manual) (Version: 1.2.0 - Canon Inc.) Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.5.3 - Canon Inc.) Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.90.3.36 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.4.0.16 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.7.0 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.) Copilot (HKLM-x32\...\Microsoft Copilot) (Version: 146.0.3856.109 - Microsoft Corporation) Cryptic Disk 2.8.5.0 (HKLM-x32\...\Cryptic Disk_is1) (Version: 2.8.5 - Exlade) Cryptic Disk 5.2.2 (HKLM-x32\...\Exlade.CrypticDisk.5_is1) (Version: 5.2.2 - Exlade) Disk Savvy 15.7.16 (HKLM-x32\...\Disk Savvy) (Version: 15.7.16 - Flexense Computing Systems Ltd.) Duplicate Photo Cleaner 7 (HKLM\...\{DF4FE8F9-110F-4F20-8F4B-204AAA1A64A5}_is1) (Version: 7.16.0.40 - Webminds, Inc.) EaseUS PDF Editor (HKLM-x32\...\{8691C793-7B2C-46C5-9AB2-AB80D129A5EE}_is1) (Version: 6.2.0.2 - EaseUS Co., Ltd.) EaseUS Todo Backup Home 2026 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 2026.1 - EaseUS) Easy Duplicate Finder 7 (HKLM\...\{44055866-8E3F-4B5B-B63D-AD4CB4A0ECE3}_is1) (Version: 7.26.0.51 - Webminds, Inc.) Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2503.5246 - Avira Operations GmbH) Hidden ExpressVPN (HKLM-x32\...\{4524edb4-42af-4443-b1e1-5b609b5803e0}) (Version: 12.104.0.128 - ExpressVPN) ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B89C4D78B1}) (Version: 12.104.0.128 - ExpressVPN) Hidden Ezviz Studio (HKLM-x32\...\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1) (Version: - EZVIZ Inc.) FileCleaner 6.0.0.352 (HKLM\...\{855AF085-7B46-481F-9D1E-FBE3060782CD}_is1) (Version: - Webminds, Inc) FolderClone Standard Edition v2.1.1 (HKLM-x32\...\FolderClone Standard Edition_is1) (Version: - ) Garmin Express (HKLM-x32\...\{acda3a6f-d2ca-421d-9c0f-9fff46e672dc}) (Version: 7.27.1.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{E6DFA576-460E-4729-95F0-7DBA5FEEA62E}) (Version: 7.27.1.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 146.0.7680.180 - Google LLC) HP Dropbox Plugin (HKLM-x32\...\{8F07A2D1-6146-4AAA-9B4F-1A4BF75BB8A2}) (Version: 56.0.480.0 - HP) HP EmailSMTP Plugin (HKLM\...\{07CE223D-3A39-43C8-811F-8D42918F3E0E}) (Version: 56.0.517.0 - HP) HP FTP Plugin (HKLM-x32\...\{1A56829D-476E-414B-8F16-D1F13DE9B264}) (Version: 56.0.480.0 - HP) HP Google Drive Plugin (HKLM-x32\...\{A52E0A5A-EF74-4380-9BD1-3B5F0D513416}) (Version: 56.0.480.0 - HP) HP LaserJet MFP M232-M237 Basic Device Software (HKLM\...\{B1E6D7A0-02BA-4219-AEB4-D1FE940549AE}) (Version: 52.4.4998.24155 - HP Inc.) HP LaserJet MFP M430-431 Basic Device Software (HKLM\...\{53AE0CBE-51BF-457D-8B5B-CDD88FC1C347}) (Version: 52.2.5009.24184 - HP Inc.) HP OCR (HKLM-x32\...\{4416D01E-D13B-4527-ABEC-F870628AF24C}) (Version: 1.0.1020.0 - HP Inc.) HP Scan Basic Device Software (HKLM\...\{21DBE60E-2618-435F-A767-12578B03D26B}) (Version: 63.6.6364.25288 - HP Inc.) HP SFTP Plugin (HKLM\...\{9124BE51-97C3-4A10-BFC0-1000635805CB}) (Version: 56.0.517.0 - HP Inc.) HP SharePoint Plugin (HKLM\...\{242622FD-43B1-445D-A347-8AF9A0EA840A}) (Version: 56.0.517.0 - HP) HPSmartDeviceAgentBase (HKLM-x32\...\{F7270182-8AD0-420F-92A3-52438ED810A9}) (Version: 1.1.0.0 - HP Inc) iCareFone Transfer 5.5.13.1 (HKLM\...\{Tenorshare iCareFone for WhatsApp Transfer}_is1) (Version: 5.5.13.1 - Tenorshare, Inc.) IDrive version 7.0.0.63 (HKLM-x32\...\IDrive_is1) (Version: 7.0.0.63 - IDrive Inc.,) iTunes (HKLM\...\{A2CA2C60-0D79-4E97-9076-464D91083D0E}) (Version: 12.10.11.2 - Apple Inc.) LADMLauncherService (HKLM\...\{854B6F11-4B1A-4069-BD45-785B7D41DDEC}) (Version: 1.0.0843 - Lenovo) Lenovo Accessories and Display Manager (HKLM\...\{E7564DE9-5392-4027-ABF6-3D26A0305918}_is1) (Version: 1.0.6.05 - Lenovo Group Ltd.) Lenovo Professional Wireless Rechargeable Combo (HKLM\...\{909B2FCC-C04A-4F27-884B-D18686B25075}_is1) (Version: 1.0.0.8 - Lenovo) Lenovo Service Bridge (HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.20 - Lenovo) Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.08.03.59 - Lenovo) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.2601.21.0 - Lenovo Group Ltd.) LINE (HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\LINE) (Version: 8.7.0.3302 - LINE Corporation) Logitech Capture (HKLM\...\Capture) (Version: 2.08.11 - Logitech) MediaMonkey 5 (HKLM-x32\...\MediaMonkey 5_is1) (Version: 5 - Ventis Media Inc.) Microsoft .NET Host - 6.0.36 (x64) (HKLM\...\{D6932D97-36F1-40B8-9CDC-CA8365B21000}) (Version: 48.144.23141 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.36 (x64) (HKLM\...\{A9E32B25-994B-4856-A12B-0EBED3050410}) (Version: 48.144.23141 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.36 (x64) (HKLM\...\{C912E33F-956A-4921-9F55-CC11AE8F09AF}) (Version: 48.144.23141 - Microsoft Corporation) Hidden Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.19822.20150 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 146.0.3856.109 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 146.0.3856.109 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Project MUI (English) 2010 (HKLM-x32\...\{90140000-00B4-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Project Standard 2010 (HKLM-x32\...\{90140000-003A-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (HKLM-x32\...\{90120000-002C-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (HKLM\...\{90120000-002A-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (HKLM\...\{90120000-0116-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Visio MUI (English) 2007 (HKLM-x32\...\{90120000-0054-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Visio Standard 2007 (HKLM-x32\...\{90120000-0053-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Visio Standard 2007 (HKLM-x32\...\VISSTD) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 26.040.0301.0001 - Microsoft Corporation) Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.19822.20150 - Microsoft Corporation) Microsoft Project Standard 2010 (HKLM-x32\...\Office14.PRJSTD) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.25.04401 - Microsoft) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211 (HKLM-x32\...\{d8bbe9f9-7c5b-42c6-b715-9ee898a2e515}) (Version: 14.44.35211.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211 (HKLM\...\{86AB2CC9-08BD-4643-B0F9-F82D006D72FF}) (Version: 14.44.35211 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211 (HKLM\...\{43B0D101-A022-48F4-9D04-BA404CEB1D53}) (Version: 14.44.35211 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM\...\{61D4736B-3325-4D4A-BD41-8BD206C6A86E}) (Version: 48.144.23186 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM-x32\...\{0532b8f2-12d7-43de-95fc-7b87006758a8}) (Version: 6.0.36.34217 - Microsoft Corporation) MyNextbase Player (HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\nextbase-replay-4) (Version: 4.14.1 - Nextbase) Norton 360 (HKLM\...\Norton 360) (Version: 26.2.10802.2386 - Gen Digital Inc.) Norton AntiTrack (HKLM-x32\...\NAT) (Version: 4.6.6810.13620 - Norton) Norton Driver Updater (HKLM\...\Norton Driver Updater) (Version: 26.3.6519.7600 - Gen Digital Inc.) Norton Utilities Ultimate (HKLM\...\Norton Utilities) (Version: 26.3.18548.8888 - Gen Digital Inc.) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19822.20104 - Microsoft Corporation) Hidden Paragon Hard Disk Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software) PCPlayer (HKLM-x32\...\{F3D2930B-0D7F-4000-B227-7032734F3AEC}_is1) (Version: 3.18.4.11 - HangZhou Hikvision Digital Technology Co., Ltd.) PDF Complete Office Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.39 - PDF Complete, Inc) Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.9.3 - Canon Inc.) Product Improvement Study for HP LaserJet MFP M232-M237 (HKLM\...\{41956613-6190-43F5-B590-98F3B6C0C335}) (Version: 52.4.4998.24155 - HP Inc.) PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 9.0.0.910 - Samsung Electronics) Snagit (HKLM\...\{6E7A0F6B-AE0C-4D41-AB27-C6FF97D31A23}) (Version: 26.1.0.10201 - TechSmith Corporation) Snagit (HKLM\...\{9DF23037-4FAD-48DE-8B31-579AF9972064}) (Version: 26.1.0 - TechSmith Corporation) Hidden Steganos Privacy Suite 14 (HKLM-x32\...\{9F07D3B6-3801-4C33-B20E-39CC29E63253}) (Version: 14.2.2 - Steganos Software GmbH) Steganos Safe 18 (HKLM-x32\...\{0A81476E-6553-443B-B34F-0BFE17ACAFFB}) (Version: 18.0.2 - Steganos Software GmbH) Steganos Safe 21 (HKLM-x32\...\{CB97DD71-2109-47BA-BD67-FD940A7840A9}) (Version: 21.1.1 - Steganos Software GmbH) supportserver (HKLM-x32\...\{3C20D9D0-B085-4192-982C-BE4FD22239F5}_is1) (Version: - ) Syncios Toolkit 1.1.0 (HKLM-x32\...\Syncios Toolkit) (Version: 1.1.0 - Syncios) Syncios WhatsApp Transfer 2.3.7 (HKLM-x32\...\Syncios WhatsApp Transfer) (Version: 2.3.7 - Syncios) Synology Drive Client (remove only) (HKLM\...\Synology Drive) (Version: 8.0.2.17889 - Synology, Inc.) System Mechanic (HKLM\...\{95129D61-FF52-4FA8-A403-3E31FC5D9696}) (Version: 25.5.0.20 - RealDefense LLC) TaxCalc (HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\TaxCalcHub) (Version: 18.1.170 - Acorah Software Products) TeamViewer (HKLM\...\TeamViewer) (Version: 15.75.5 - TeamViewer) Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 11.17.1029.2024 - Lenovo) update_server (HKLM-x32\...\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1) (Version: - ) uTorrent Web (HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\utweb) (Version: 1.4.0 - BitTorrent Limited) VLC media player (HKLM\...\VLC media player) (Version: 3.0.23 - VideoLAN) Windows 11 Installation Assistant (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.6448 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows PC Health Check (HKLM\...\{B008D72C-0326-421E-BB2F-98BA5F9DDE9C}) (Version: 4.0.2410.23001 - Microsoft Corporation) Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare) Wondershare NativePush(Build 1.0.1.1) (HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\Wondershare NativePush_is1) (Version: - Wondershare Software) Wondershare UniConverter 15(Build 15.7.3.47) (HKLM\...\UniConverter 15_is1) (Version: 15.7.3.47 - Wondershare Software) Wondershare UniConverter 17(Build 17.3.0.531) (HKLM\...\UniConverter 17_is1) (Version: 17.3.0.531 - Wondershare Software) Wondershare Video Converter Ultimate(Build 6.5.0.5) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.5.0.5 - Wondershare Software) Zoom Workplace (HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\ZoomUMX) (Version: 6.7.8 (32670) - Zoom Communications, Inc.) Packages: ========= Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets [2026-04-09] () Any DVD -> C:\Program Files\WindowsApps\15191PeakPlayer.50533F9B98293_3.3.15.0_x64__y5c4dfz5b21fm [2026-03-24] (Any DVD & Office App) AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2026-04-11] (INTEL CORP) [Startup Task] AukZip -> C:\Program Files\WindowsApps\57868Codaapp.37800EEDB46F1_1.0.21.0_x64__4bn2s5v6tep1y [2025-12-03] (Codaapp Studio) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.27.8090.0_x64__rz1tebttyb220 [2026-04-11] (Dolby Laboratories) ELAN TrackPoint for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTrackPointforThinkpa_24.121.51.0_x64__stws0m115j6hg [2026-04-11] (ELAN Microelectronics Corporation) Glance by Mirametrix® -> C:\Program Files\WindowsApps\MirametrixInc.GlancebyMirametrix_11.43.256.0_x64__17mer8kcn3j54 [2026-03-17] (Mirametrix Inc.) [Startup Task] Goodix Fingerprint Reader Preboot Manager -> C:\Program Files\WindowsApps\Goodix.GoodixFingerprintReaderPrebootManager_1.1.24.0_x64__t3jtjqydyk05g [2026-04-11] (Goodix) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_164.1.1128.0_x64__v10z8vjag6ke6 [2026-04-10] (HP Inc.) iCalculator TH -> C:\Program Files\WindowsApps\th.icalculator.com-87021DF7_1.0.0.1_neutral__ccc9n8ry3mscr [2025-09-07] (th.icalculator.com) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2025-09-07] (Instagram) Intel® Graphics Software -> C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.4.2155.0_x64__8j3eq9eme6ctt [2026-03-24] (INTEL CORP) Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.25336.1113.0_x64__8wekyb3d8bbwe [2026-04-11] (Microsoft Corporation) Lenovo Commercial Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoSettingsforEnterprise_20.2511.24.0_x64__k1h2ywk1493x8 [2026-04-09] (LENOVO INC.) LINE -> C:\Program Files\WindowsApps\NAVER.LINEwin8_7.15.0.0_x86__8ptj331gd3tyt [2023-12-10] (LINE Corporation) LINE -> C:\Users\geoff\AppData\Local\LINE\bin\current [2025-10-07] (LY Corporation) Local AI Manager for Microsoft 365 -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI [2026-04-08] () McAfee -> C:\Program Files\McAfee\wps\1.32.165.1 [2025-09-02] () Microsoft 365 companion apps -> C:\Program Files\WindowsApps\Microsoft.M365Companions_2.2510.22000.0_x64__8wekyb3d8bbwe [2025-11-05] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2024-02-09] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2024-02-08] (Microsoft Corporation) [MS Ad] Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2602.23002.0_x64__8wekyb3d8bbwe [2026-04-04] (Microsoft Corporation) [Startup Task] Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-12-16] (Microsoft Corp.) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_56.20201.588.0_x64__8wekyb3d8bbwe [2026-02-17] (Microsoft Corporation) Microsoft.LegacyPhotosMediaEngineAdd-on -> C:\Program Files\WindowsApps\Microsoft.LegacyPhotosMediaEngineAdd-on_2022.2206.0.0_x64__8wekyb3d8bbwe [2023-12-30] (Microsoft Corporation) Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2026-04-08] () MSN Weather -> C:\Program Files\WindowsApps\www.msn.com-7FB783BD_1.0.0.0_neutral__q77jw2zwjvy92 [2025-09-07] (www.msn.com) OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2026-04-11] () Passwords & codes-Safe -> C:\Program Files\WindowsApps\51041SafeInCloud.PasswordManagerSafeInCloud_25.3.0.0_x86__wh7zearnzvtm6 [2025-10-19] (SafeInCloud S.A.S.) [Startup Task] Photos Legacy -> C:\Program Files\WindowsApps\Microsoft.PhotosLegacy_2024.11090.26001.0_x64__8wekyb3d8bbwe [2026-04-09] (Microsoft Corporation) Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-02-29] (Adobe Systems Incorporated) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.53.366.0_x64__dt26b99r8h8gj [2026-04-09] (Realtek Semiconductor Corp) Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.18.194.0_x64__43tkc6nmykmb6 [2025-12-17] (Ookla) SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0 [2026-03-26] (Spotify AB) [Startup Task] TrackPoint -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.TrackPoint_24.121.52.0_x64__stws0m115j6hg [2026-04-09] (ELAN Microelectronics Corporation) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2613.101.0_x64__cv1g1gvanyjgm [2026-04-10] (WhatsApp Inc.) [Startup Task] WinAppRuntime.Main.1.2 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.2_2000.802.31.0_x64__8wekyb3d8bbwe [2024-02-01] (Microsoft Corp.) WinAppRuntime.Main.1.4 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.4_4000.1309.2056.0_x64__8wekyb3d8bbwe [2024-08-15] (Microsoft Corp.) WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe [2025-01-29] (Microsoft Corp.) WinAppRuntime.Main.1.8 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.8_8000.806.2252.0_x64__8wekyb3d8bbwe [2026-03-19] (Microsoft Corp.) WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_8000.770.947.0_x64__8wekyb3d8bbwe [2026-02-11] (Microsoft Corp.) Windows App Runtime DDLM 4000.1082.2259.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x6_4000.1082.2259.0_x64__8wekyb3d8bbwe [2024-04-20] (Microsoft Corporation) Windows App Runtime DDLM 4000.1082.2259.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.1082.2259.0-x8_4000.1082.2259.0_x86__8wekyb3d8bbwe [2024-04-20] (Microsoft Corporation) Windows App Runtime DDLM 4000.964.11.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x6_4000.964.11.0_x64__8wekyb3d8bbwe [2024-01-12] (Microsoft Corporation) Windows App Runtime DDLM 4000.964.11.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.4000.964.11.0-x8_4000.964.11.0_x86__8wekyb3d8bbwe [2024-01-12] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{04271989-C4D2-90C1-A5F5-E6CBEF25FD68} -> [OneDrive - Ceridian HCM Inc] => D:\OneDrive - Ceridian HCM Inc [2023-12-10 20:12] CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\geoff\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{2B72BD98-421B-4411-BED3-46F583C97B8E}\InprocServer32 -> C:\Program Files\Duplicate Photo Cleaner 7\DuplicatePhotoCleaner.exe (Webminds, Inc. -> Webminds, Inc.) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\ContextMenu.dll (Synology Inc. -> ) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{415d65dc-2d5f-f0cf-f79c-7f53e0347c17}\localserver32 -> C:\Program Files\TechSmith\Snagit\SnagitEditor.exe (TechSmith Corporation -> TechSmith Corporation) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll (Synology Inc. -> TODO: ) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll (Synology Inc. -> TODO: ) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{4A93A12D-FD47-45E0-9513-BABEDDC6C494}\InprocServer32 -> C:\Program Files\Easy Duplicate Finder 7\EasyDuplicateFinder.exe (Webminds, Inc. -> Webminds, Inc.) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{52146D8E-DB34-4318-BD40-D061EE9C05C5}\localserver32 -> "NAVER.WIN32_LINEwin8_8ptj331gd3tyt!LINE" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll (Synology Inc. -> TODO: ) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll (Synology Inc. -> TODO: ) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{B353B1B0-3821-4B9C-97DA-FAC7D5FB1C15}\InprocServer32 -> C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll (Synology Inc. -> TODO: ) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll (Synology Inc. -> TODO: ) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{DFCB2071-3E17-41D6-AFFF-812B4C18054A}\InprocServer32 -> C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll (Synology Inc. -> TODO: ) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-2837236113-4052516336-580648045-1001_Classes\CLSID\{f65166a6-57ec-9768-5b72-d66b3d798070}\localserver32 -> C:\Program Files\TechSmith\Snagit\SnagitCapture.exe (TechSmith Corporation -> TechSmith Corporation) ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll [2026-03-12] (Synology Inc. -> TODO: ) ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll [2026-03-12] (Synology Inc. -> TODO: ) ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll [2026-03-12] (Synology Inc. -> TODO: ) ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll [2026-03-12] (Synology Inc. -> TODO: ) ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll [2026-03-12] (Synology Inc. -> TODO: ) ShellIconOverlayIdentifiers: [ 06SyncedAndLockedModule] -> {B353B1B0-3821-4B9C-97DA-FAC7D5FB1C15} => C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll [2026-03-12] (Synology Inc. -> TODO: ) ShellIconOverlayIdentifiers: [ 07SyncingAndLockedModule] -> {DFCB2071-3E17-41D6-AFFF-812B4C18054A} => C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\iconOverlay.dll [2026-03-12] (Synology Inc. -> TODO: ) ShellIconOverlayIdentifiers: [0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\Sync\IDSyncIntIcon64.dll [2026-01-05] (IDrive Inc) [File not signed] ShellIconOverlayIdentifiers: [0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\Sync\IDSyncIntIcon64.dll [2026-01-05] (IDrive Inc) [File not signed] ShellIconOverlayIdentifiers: [0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\Sync\IDSyncIntIcon64.dll [2026-01-05] (IDrive Inc) [File not signed] ShellIconOverlayIdentifiers: [001BUOverlayProtected] -> {9C11454A-4B5C-4586-B0BB-E51BB6033668} => C:\Program Files\Norton\Suite\ashShell.dll [2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers: [002BUOverlayPending] -> {5A4597A9-CC87-4ED2-A7E5-3BC62CF54901} => C:\Program Files\Norton\Suite\ashShell.dll [2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers: [003BUOverlayExcluded] -> {42DE06EE-09E4-4808-A8AA-F63B1D3F6CE5} => C:\Program Files\Norton\Suite\ashShell.dll [2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2026-02-16] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2025-07-23] (IObit CO., LTD -> IObit) ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2026-03-16] (IDrive, Inc. -> ) ContextMenuHandlers1: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) ContextMenuHandlers1: [Norton Utilities Ultimate] -> {13004120-FCAF-4232-A255-807EAD6E7D03} => C:\Program Files\Norton\Utilities\tucontextmenu.dll [2025-12-14] (Gen Digital Inc. -> NortonLifeLock Inc.) ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2025-12-03] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit\DLLx64\SnagitShellExt64.dll [2026-03-10] (TechSmith Corporation -> TechSmith Corporation) ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2013-03-25] (Wondershare Software Co., Ltd. -> ) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2025-07-23] (IObit CO., LTD -> IObit) ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2026-03-16] (IDrive, Inc. -> ) ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2025-12-03] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers2: [SteganosShellExtension] -> {FAE0A3E0-3010-41BA-9DDC-A631394F047F} => C:\Program Files (x86)\Steganos Safe 21\ShellExtension.dll [2023-06-14] (Steganos Software GmbH -> ) ContextMenuHandlers3: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2025-07-23] (IObit CO., LTD -> IObit) ContextMenuHandlers3: [SteganosShellExtension] -> {FAE0A3E0-3010-41BA-9DDC-A631394F047F} => C:\Program Files (x86)\Steganos Safe 21\ShellExtension.dll [2023-06-14] (Steganos Software GmbH -> ) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2025-07-23] (IObit CO., LTD -> IObit) ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2026-03-16] (IDrive, Inc. -> ) ContextMenuHandlers4: [Norton Utilities Ultimate] -> {13004120-FCAF-4232-A255-807EAD6E7D03} => C:\Program Files\Norton\Utilities\tucontextmenu.dll [2025-12-14] (Gen Digital Inc. -> NortonLifeLock Inc.) ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2025-12-03] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit\DLLx64\SnagitShellExt64.dll [2026-03-10] (TechSmith Corporation -> TechSmith Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncShell64.dll [2026-03-29] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) ContextMenuHandlers6: [Norton Utilities Ultimate] -> {13004120-FCAF-4232-A255-807EAD6E7D03} => C:\Program Files\Norton\Utilities\tucontextmenu.dll [2025-12-14] (Gen Digital Inc. -> NortonLifeLock Inc.) ContextMenuHandlers1_S-1-5-21-2837236113-4052516336-580648045-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\ContextMenu.dll [2026-03-12] (Synology Inc. -> ) ContextMenuHandlers6_S-1-5-21-2837236113-4052516336-580648045-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\geoff\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\25\x64\ContextMenu.dll [2026-03-12] (Synology Inc. -> ) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl ==================== Loaded Modules (Whitelisted) ============= 2026-01-23 10:33 - 2024-07-11 08:07 - 000116736 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-c-common.dll 2026-01-23 10:33 - 2024-07-11 08:07 - 000022016 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-c-event-stream.dll 2026-01-23 10:33 - 2024-07-11 08:07 - 000043008 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-checksums.dll 2026-01-23 10:33 - 2024-07-11 08:07 - 000974848 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-cpp-sdk-core.dll 2026-01-23 10:33 - 2024-07-11 08:07 - 003429376 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-cpp-sdk-s3.dll 2026-01-23 10:33 - 2024-07-11 08:07 - 000180224 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\aws-cpp-sdk-transfer.dll 2026-01-23 10:33 - 2024-07-11 08:06 - 000988672 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2026-01-22 09:57 - 2026-01-05 18:03 - 003476480 _____ (IDrive Inc) [File not signed] C:\Program Files (x86)\IDriveWindows\Sync\IDSyncIntIcon64.dll 2026-04-04 19:07 - 2026-04-04 19:07 - 001359872 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL 2023-11-03 23:56 - 2023-11-03 23:56 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll 2023-11-03 23:56 - 2023-11-03 23:56 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2023-11-03 23:56 - 2023-11-03 23:56 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Client\C2R64.dll 2023-11-03 23:56 - 2023-11-03 23:56 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2026-01-23 10:33 - 2024-07-11 08:07 - 004407296 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libcrypto-3.dll 2026-01-23 10:33 - 2024-07-11 08:07 - 001115648 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libssl-3.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nllSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nllSP.sys => ""="Driver" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ============= BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2026-01-27] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.) BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll [2013-05-03] (Wondershare Software Co., Ltd. -> Wondershare Software Co., Ltd.) BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2025-07-23] (IObit CO., LTD -> IObit) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 14\SPMIEToolbar64.dll [2013-07-17] (Steganos Software GmbH -> Steganos Software GmbH) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.) Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 14\SPMIEToolbar.dll [2014-02-25] (Steganos Software GmbH -> Steganos Software GmbH) Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2023-11-29] (Belarc, Inc. -> Belarc, Inc.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-03-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-03-19] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-03-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-03-19] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-03-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-03-19] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2026-03-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2026-03-19] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2022-05-07 06:24 - 2025-06-28 08:37 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts ==================== Network =========================== (Currently there is no automatic fix for this section.) DNS Servers: 192.168.1.254 Windows Firewall is enabled. Network Binding: ============= Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys Norton VPN Wintun: Norton VPN Wintun Adapter -> nllWintun.sys Norton VPN OpenVPN Data Channel Offload: Norton VPN OpenVPN Data Channel Offload -> nll-ovpn-dco.sys Local Area Connection 2: OpenVPN Data Channel Offload for ExpressVPN -> expressvpn-ovpn-dco.sys Local Area Connection: ExpressVPN TUN Driver -> expressvpn-tun.sys Local Area Connection 3: ExpressVPN TAP Adapter -> tapexpressvpn.sys Wi-Fi: Intel(R) Wi-Fi 6E AX211 160MHz -> Netwtw14.sys vms_vsf: Hyper-V Virtual Switch Extension Filter expressvpn-pkf: ExpressVPN Packet Filter vms_vsp: Hyper-V Virtual Switch Extension Protocol ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2837236113-4052516336-580648045-1001\Control Panel\Desktop\\Wallpaper -> D:\OneDrive\Pictures\download (1).jpeg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5) HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: NativePushService => 2 HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "UniConverterUpdateHelper" HKLM\...\StartupApproved\Run32: => "SSS14 File Redirection Starter" HKLM\...\StartupApproved\Run32: => "PDF Complete" HKLM\...\StartupApproved\Run32: => "BrowserPlugInHelper" HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService" HKLM\...\StartupApproved\Run32: => "SPUpDateServerrun" HKLM\...\StartupApproved\Run32: => "Steganos HotKeys" HKLM\...\StartupApproved\Run32: => "SAFE21 Browser Monitor" HKLM\...\StartupApproved\Run32: => "SAFE21 Notifier" HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX2" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\StartupApproved\Run: => "Microsoft.Lists" HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\StartupApproved\Run: => "Teams" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{47A2A0E9-B92D-4B73-97DB-A8B708A4474F}] => (Allow) C:\Users\geoff\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Limited) FirewallRules: [{BFF3561E-9168-48A5-A512-C8439BFEF3FD}] => (Allow) C:\Users\geoff\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Limited) FirewallRules: [{12027B09-0A80-4B45-B1CE-C951F466E4C7}] => (Allow) C:\Users\geoff\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Communications, Inc. -> Zoom Communications, Inc.) FirewallRules: [{4E7998A5-C68D-4078-944B-13131C200599}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{31CD36C1-D88B-4A25-A72A-66A758FF6A57}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{E7F4AF9E-8926-4CDC-B92D-6F2BA1009BC0}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{F814418B-7749-4AEB-B3E2-5E8220CE04F6}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{F68A233D-14E9-418D-A956-EA5C2B168C4C}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{DD37C577-E67A-46F7-812A-6F8B8D3C973E}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [TCP Query User{195A4D2F-38A3-4CAE-8A90-46BADD585CF7}C:\program files (x86)\hik\supportserver\supportserver.exe] => (Allow) C:\program files (x86)\hik\supportserver\supportserver.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> ) FirewallRules: [UDP Query User{7A12B154-8E31-49F8-AAFF-EE3C445F0718}C:\program files (x86)\hik\supportserver\supportserver.exe] => (Allow) C:\program files (x86)\hik\supportserver\supportserver.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> ) FirewallRules: [{6EBAA521-87E9-4624-9B4B-C3F44E887801}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FCB96BBF-C9F4-464F-A3A1-2259AB7D3C62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{55499279-37F5-45AF-9DC7-6A75F48438CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3CD5FBD0-D1CA-4DB3-9D6F-43182AF3859A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{753C51B7-6532-4B5C-B22A-AFE7EFACA29E}] => (Allow) C:\Users\geoff\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Limited) FirewallRules: [{5C41D5CB-3BFF-4628-8C82-40E1EF97E5B3}] => (Allow) C:\Users\geoff\AppData\Roaming\uTorrent Web\utweb.exe (BitTorrent Inc -> BitTorrent Limited) FirewallRules: [{FF4E9A45-AB06-458A-868C-685DE16D5FFC}] => (Allow) C:\Users\geoff\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Limited) FirewallRules: [{9A950298-0819-4D5E-B7E0-F117537C492A}] => (Allow) C:\Users\geoff\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Limited) FirewallRules: [{12D15A6B-F14C-40EA-9721-49FEA97F8894}] => (Allow) C:\Program Files (x86)\Tenorshare\iCareFone Transfer\iCareFone Transfer.exe (Tenorshare Co., Ltd. -> Tenorshare) FirewallRules: [{5CC17887-FDAD-40AB-BA4D-447F22BD4A17}] => (Allow) C:\Program Files (x86)\Tenorshare\iCareFone Transfer\iCareFone Transfer.exe (Tenorshare Co., Ltd. -> Tenorshare) FirewallRules: [{0178BDED-7D6A-4A21-B242-0BC9F7966D22}] => (Allow) C:\Program Files (x86)\Tenorshare\iCareFone Transfer\MicrosoftEdgeWebview2Setup.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5907FF77-D8D4-485D-ABBC-D879B61DB278}] => (Allow) C:\Program Files (x86)\Tenorshare\iCareFone Transfer\MicrosoftEdgeWebview2Setup.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{855777AD-5EBE-4C50-BE14-0AC5D4A51C44}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{F0F65A4E-65C1-4118-B5C9-52D30871A53C}C:\program files (x86)\ezviz studio\ezvizstudio.exe] => (Allow) C:\program files (x86)\ezviz studio\ezvizstudio.exe (杭州萤石软件有限公司 -> EZVIZ Inc.) FirewallRules: [UDP Query User{B934766A-2BA3-421B-82BD-738A40D0B19F}C:\program files (x86)\ezviz studio\ezvizstudio.exe] => (Allow) C:\program files (x86)\ezviz studio\ezvizstudio.exe (杭州萤石软件有限公司 -> EZVIZ Inc.) FirewallRules: [{F670BC58-69A4-4EDE-A827-F8AF70E7D2BD}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{74276EC0-9388-4D4F-8C03-5C56CF0E20AA}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{5254395E-9AF3-4413-A0D9-50FDB371821C}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{490CB7DD-E8C4-4C91-B385-6CBA402F257E}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{A102A0B3-6A3D-4BA9-B6B2-9A788AD0767C}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{F68FAC2D-7BC5-492F-A22E-200D9E32A88C}] => (Allow) C:\Program Files (x86)\MediaMonkey 5\MediaMonkeyEngine.exe (Ventis Media, Inc. -> Ventis Media Inc.) FirewallRules: [{49AECE9B-9117-41B8-87C3-298948CFE870}] => (Allow) C:\Users\geoff\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Communications, Inc. -> Zoom Communications, Inc.) FirewallRules: [{37665AEB-4B79-4C5F-A033-AF0D938EADE2}] => (Allow) C:\Users\geoff\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Communications, Inc. -> Zoom Communications, Inc.) FirewallRules: [{41157DAC-16B9-465B-85AB-D6C3A2830E35}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{5B9495F8-ADAA-4597-9FB6-7CD5268CEED8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{FF0748A1-1EF1-4428-A154-4A90FD127A19}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{A0A8D54D-926A-48D1-A2AF-C0B4AC63EC67}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B5B64A4F-BC2D-4D01-B714-D164B84352F6}] => (Allow) C:\Users\geoff\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare) FirewallRules: [{3AC57CDC-E03C-49F1-954C-5D15388EF304}] => (Allow) LPort=5357 FirewallRules: [{5CB4EB86-D0CD-45A1-97EE-33160F2285B0}] => (Allow) C:\Users\geoff\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Communications, Inc. -> Zoom Communications, Inc.) FirewallRules: [{7FE23566-D66B-44DD-B512-D56073B4A632}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M430-431\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.) FirewallRules: [{C066D2D6-ADDC-4F61-82A9-E32DE89CA489}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M430-431\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.) FirewallRules: [{6F7AA937-EA1A-4EC0-873F-B9FA0E3791D9}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo) FirewallRules: [{F3E62BC7-5DC0-485F-B7AE-259FDF1838DD}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo) FirewallRules: [{6FAA6C72-FB4B-4D43-BC9A-82B9E677495E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File FirewallRules: [{E37523C9-25CA-4442-90F6-64A0516C5821}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File FirewallRules: [{914182F5-72AF-4610-A145-C25233DC4887}] => (Allow) C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe (RealDefense LLC -> RealDefense, LLC) FirewallRules: [{5788F921-6191-4409-97F2-26B598CF221D}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (Gen Digital Inc. -> Gen Digital Inc.) FirewallRules: [{C8AC80B3-7718-4E3D-A018-160B42263F6D}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (Gen Digital Inc. -> Gen Digital Inc.) FirewallRules: [{A1AB9EB9-4DD7-44B9-88EE-44FE06703C9B}] => (Allow) C:\Program Files\Norton\Utilities\NortonUtilitiesUI.exe (Gen Digital Inc. -> NortonLifeLock Inc.) FirewallRules: [{520843D3-DA12-477B-B2EF-AB322D7D9DE8}] => (Allow) C:\Program Files\Norton\Utilities\NortonUtilitiesUI.exe (Gen Digital Inc. -> NortonLifeLock Inc.) FirewallRules: [{E603ACB8-5263-404C-AECC-49E15B5F6EE5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{41588065-D85F-42FA-80B9-5917F19E21AD}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{72CFF737-5086-445F-8897-3BF3B1F3ECF3}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_25275.2501.4002.4859_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{60772E4B-9D52-4779-8727-43906EB93C72}] => (Allow) C:\Program Files\Norton\Driver Updater\NortonDriverUpdUI.exe (Gen Digital Inc. -> NortonLifeLock Inc.) FirewallRules: [{52DFA1C0-BE9C-4529-AFB1-88090E47CA2E}] => (Allow) C:\Program Files\Norton\Driver Updater\NortonDriverUpdUI.exe (Gen Digital Inc. -> NortonLifeLock Inc.) FirewallRules: [{753B02FE-62EF-4AB8-8187-3FE6C68D5493}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M232-M237\bin\EWSProxy.exe (HP Inc. -> HP Inc.) FirewallRules: [{A342DC51-56D3-474E-877A-23D9726C414F}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M232-M237\bin\DigitalWizards.exe (HP Inc. -> HP Inc.) FirewallRules: [{1A03A99D-22FC-4543-A336-F77773481487}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M232-M237\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.) FirewallRules: [{6C612105-608D-4594-8671-8AF27BFFC230}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M232-M237\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.) FirewallRules: [{E143CFAD-4C3D-4A1B-BA9D-854C2B2750E1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{6879FF14-CB09-49C5-BE40-D9F240B018DA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{26B19F32-50EA-4289-890D-CC8AE38D547C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{8FC149E0-B992-43B0-8571-315B6310B419}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{42FC033D-1A6A-4F04-9F5C-953F550838E6}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{F6F72D1D-4218-4EC1-B128-5FBD18FD7480}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{694C3AA3-0003-40D1-ABAC-11F1EDFDE463}] => (Allow) LPort=8303 FirewallRules: [{F9BFACBC-95AE-4159-BD9C-2BEEFF0B1C21}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{2CF40E1C-0076-40EE-8FF6-5F39890D95F9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{DC7C6A8D-E803-4179-8752-226216BC5CE8}] => (Allow) C:\Program Files (x86)\HP\HP Scan\bin\HPScan.exe (HP Inc. -> HP Inc.) FirewallRules: [{D7CD09EE-DDDD-4CBA-AD19-59F39C173075}] => (Allow) C:\Program Files\HP\HP Scan\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.) FirewallRules: [{A59E1AD7-5045-4E9F-921A-4ADD1B1AF1FA}] => (Allow) C:\Program Files\HP\HP Scan\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.) FirewallRules: [{ACDA4293-8AA0-4A13-A7CA-0A7CC96E0334}] => (Allow) C:\Users\geoff\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Communications, Inc. -> Zoom Communications, Inc.) FirewallRules: [{4B28A02F-59BE-4261-8041-A1D80CA00799}] => (Allow) C:\Users\geoff\AppData\Roaming\Zoom\bin\ZoomHybridConf.exe (Zoom Communications, Inc. -> Zoom Communications, Inc.) FirewallRules: [{FE9EF603-B37B-4A9B-B0E5-97FB1D5C4F05}] => (Allow) C:\Users\geoff\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{FF70F2FE-1E5B-4E7D-816F-D7249C3FDDE1}] => (Allow) C:\Users\geoff\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{329793E2-7552-4D91-ABA5-02009B182CF3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{EB3EB4E1-7FF4-40D0-BDD6-7AA5D40DB1BC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{2261BCCF-0DAD-4A37-9681-903A2EF76810}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{4B4417B1-3964-450A-B989-E53CD37CBF20}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{D61C8E3B-C9E4-4E45-9F12-64BB6B54FD3C}] => (Allow) C:\Program Files (x86)\IDriveWindows\id_win.exe (IDrive, Inc. -> IDrive Inc.,) FirewallRules: [{E9D7CFDF-F4BE-4939-AAAC-7DB77A8E4952}] => (Allow) C:\Program Files (x86)\IDriveWindows\id_service.exe (IDrive, Inc. -> IDrive Inc.,) FirewallRules: [{9C6F9C90-0140-4ECC-BFF6-1E6BC5AA104E}] => (Allow) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe (IDrive, Inc. -> IDrive Inc.,) FirewallRules: [{8DF5A68C-3813-49A2-A8AC-DFA1F0501BA7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{40393FEF-643A-4411-9AAF-17DBCDB1C6FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{4011AF6C-A797-4D41-9E4A-88CA10FFF6D1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{36BEBAB3-77DC-4539-B6B9-981B62243989}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{B7674A28-7D2B-4A18-B0C5-2D3F045894CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6EB80899-8E6F-4B2F-85DB-21F6B47A68FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{1B48687C-08BE-49DC-9451-2C17FB88F299}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{9FA0490A-CA57-426F-90FF-F77C11F6B3CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{610EDC44-FE34-4751-8E0C-226AD7E5B521}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{B08511BB-6C57-4495-B1F3-31696963112A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{2F54D0D3-4704-4209-82DA-78B3FB9F6641}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{395754B8-2B9B-4176-B663-56758F13BFC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{DAF5C4E2-41AD-4D70-915C-D2F59C1F9F8D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.286.502.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3D982BBB-3ED9-4941-82F5-0D60456D0D52}] => (Allow) C:\Program Files (x86)\Microsoft\Copilot\Application\mscopilot.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C10574EE-F5D4-44EE-883B-AF9774CC6EA4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: ExpressVPN TAP Adapter Description: ExpressVPN TAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ExpressVPN Service: tapexpressvpn Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: OpenVPN Data Channel Offload for ExpressVPN Description: OpenVPN Data Channel Offload for ExpressVPN Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ExpressVPN Service: expressvpn-ovpn-dco Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (04/10/2026 04:20:43 PM) (Source: Application Error) (EventID: 1000) (User: GEOFF_T14S) Description: Faulting application name: RtkAudUService64.exe, version: 1.1.722.1, time stamp: 0x6847ce6f Faulting module name: ntdll.dll, version: 10.0.22621.6060, time stamp: 0xac55daa3 Exception code: 0xc0000005 Fault offset: 0x0000000000033ffa Faulting process id: 0x0x59d0 Faulting application start time: 0x0x1dcc8ea6594163b Faulting application path: C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_09020ede05a436cf\RtkAudUService64.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 1f9015ca-3b25-4e97-8452-74c5d8cb9173 Faulting package full name: Faulting package-relative application ID: Error: (04/10/2026 02:55:20 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 27952. Message ID: [0x2509]. Error: (04/10/2026 02:52:26 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 38760. Message ID: [0x2509]. Error: (04/10/2026 12:22:18 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (04/10/2026 12:22:18 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (04/10/2026 07:11:08 AM) (Source: Application Error) (EventID: 1000) (User: GEOFF_T14S) Description: Faulting application name: GetPopupInfo.exe, version: 14.4.0.3, time stamp: 0x512751ca Faulting module name: m4a.dll, version: 14.4.0.3, time stamp: 0x5127546c Exception code: 0xc0000005 Fault offset: 0x0003f9cf Faulting process id: 0x0x3680 Faulting application start time: 0x0x1dcc8b0d240cbd0 Faulting application path: C:\Program Files (x86)\Illustrate\dBpoweramp\GetPopupInfo.exe Faulting module path: C:\Program Files (x86)\Illustrate\dBpoweramp\decoder\m4a.dll Report Id: 0debe79c-0ef8-470a-8dca-d63e1aab8541 Faulting package full name: Faulting package-relative application ID: Error: (04/09/2026 02:54:10 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 36744. Message ID: [0x2509]. Error: (04/09/2026 12:01:04 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] System errors: ============= Error: (04/11/2026 04:35:33 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT AUTHORITY) Description: Secure Boot CA/keys need to be updated. This device signature information is included here. DeviceAttributes: FirmwareVersion:N3PET32W (1.23 );OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_21F6_BU_Think_FM_ThinkPad T14s Gen 4;OSArchitecture:amd64; BucketId: 9f6ef8f7464c81e0fbd37ee398bf50cc86a8819ae3368ec7e6a4201df692290d BucketConfidenceLevel: UpdateType: 0 HResult: 0 Error: (04/11/2026 04:35:09 PM) (Source: DCOM) (EventID: 10010) (User: GEOFF_T14S) Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout. Error: (04/11/2026 04:30:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the Intel(R) Platform License Manager Service service to connect. Error: (04/11/2026 04:30:21 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Crash dump initialization failed! Error: (04/11/2026 04:16:11 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The nllbIDSAgent service did not shut down properly after receiving a preshutdown control. Error: (04/11/2026 01:24:22 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT AUTHORITY) Description: Secure Boot CA/keys need to be updated. This device signature information is included here. DeviceAttributes: FirmwareVersion:N3PET32W (1.23 );OEMManufacturerName:LENOVO;OEMModelSKU:LENOVO_MT_21F6_BU_Think_FM_ThinkPad T14s Gen 4;OSArchitecture:amd64; BucketId: 9f6ef8f7464c81e0fbd37ee398bf50cc86a8819ae3368ec7e6a4201df692290d BucketConfidenceLevel: UpdateType: 0 HResult: 0 Error: (04/11/2026 01:22:04 PM) (Source: DCOM) (EventID: 10010) (User: GEOFF_T14S) Description: The server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} did not register with DCOM within the required timeout. Error: (04/11/2026 01:19:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0xc1900101: Windows 11, version 25H2. CodeIntegrity: =============== Date: 2026-04-11 16:45:36 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2026-04-11 16:40:20 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: LENOVO N3PET32W (1.23 ) 12/27/2025 Motherboard: LENOVO 21F6CTO1WW Processor: 13th Gen Intel(R) Core(TM) i7-1355U Percentage of memory in use: 51% Total physical RAM: 32440.88 MB Available physical RAM: 15717.95 MB Total Virtual: 51896.88 MB Available Virtual: 34142.03 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:220.04 GB) (Free:43.93 GB) (Model: Samsung SSD 990 EVO 2TB) NTFS Drive d: (DATA_T14S) (Fixed) (Total:859.5 GB) (Free:88.59 GB) (Model: Samsung SSD 990 EVO 2TB) NTFS Drive o: (M2_250) (Fixed) (Total:238.47 GB) (Free:3.97 GB) (Model: ASMT 2115 SCSI Disk Device) NTFS \\?\Volume{a8e1be2b-8068-4e39-09b0-62250913c74c}\ () (Fixed) (Total:0 GB) (Free:0 GB) \\?\Volume{1b63560a-6055-4071-19cf-bddb2cae05fd}\ (WinRE_DRV) (Fixed) (Total:1.95 GB) (Free:1.94 GB) NTFS \\?\Volume{bc47bb34-78f8-4f87-d6a4-5326e7d817e5}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 012BBBEB) Partition: GPT. ========================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: EC71B8F3) Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================