Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-04-2026 01 Ran by geoff (administrator) on GEOFF_T14S (LENOVO 21F6CTO1WW) (11-04-2026 16:45:15) Running from D:\GS_DOWNLOADS\WIN11\FRST64.exe Loaded Profiles: geoff Platform: Microsoft Windows 11 Pro Version 23H2 22631.6199 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\$WINDOWS.~BT\Sources\setupplatform.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe (C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\FuncRun.exe (C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Reminder.exe (C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantage-(GenericMessagingAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantage-(VantageCoreAddin).exe (C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2> (C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe (C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\aimgr.exe (C:\Program Files\Microsoft OneDrive\OneDrive.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\26.040.0301.0001\OneDrive.Sync.Service.exe (C:\Program Files\Norton\AntiTrack\x86\ATServiceHost.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\AntiTrack\x86\ATTray.exe (C:\Program Files\Norton\Suite\NortonSvc.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\aswEngSrv.exe (C:\Program Files\TechSmith\Snagit\SnagitCapture.exe ->) (TechSmith Corporation -> ) C:\Program Files\TechSmith\Snagit\crashpad_handler.exe <2> (C:\Program Files\TechSmith\Snagit\SnagitCapture.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit\SnagitEditor.exe (C:\Program Files\TechSmith\Snagit\SnagitCapture.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit\SnagPriv.exe (C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.4.2155.0_x64__8j3eq9eme6ctt\VFS\ProgramFilesX64\Intel\Intel Graphics Software\IntelGraphicsSoftware.Service.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel(R) Corporation) C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.4.2155.0_x64__8j3eq9eme6ctt\VFS\ProgramFilesX64\Intel\Intel Graphics Software\PresentMonService.exe (C:\Program Files\WindowsApps\Microsoft.YourPhone_1.26022.64.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.26022.64.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe (C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_526.1202.40.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\146.0.3856.109\msedgewebview2.exe <12> (C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\AliyunWrapExe.exe (cmd.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\AntiTrack\x86\ATNMHost.exe (cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\geoff\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe (drivers\lenovo\UDC\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\AppProvisioningPlugin.exe (DriverStore\FileRepository\elliptichpd.inf_amd64_7737849771edbfcc\EllipticHPDService.exe ->) (Elliptic Laboratories ASA -> Elliptic Laboratories ASA) C:\Windows\System32\DriverStore\FileRepository\elliptichpd.inf_amd64_7737849771edbfcc\EllipticHPDDaemon.exe (DriverStore\FileRepository\fn.inf_amd64_bdd272e4bb83b7fb\driver\tphkload.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_bdd272e4bb83b7fb\driver\shtctky.exe (DriverStore\FileRepository\fn.inf_amd64_bdd272e4bb83b7fb\driver\tphkload.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_bdd272e4bb83b7fb\driver\tposd.exe (DriverStore\FileRepository\ipf_cpu.inf_amd64_5fe37e024ff302b0\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_5fe37e024ff302b0\ipf_helper.exe (EPDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDCtrl.exe (explorer.exe ->) (Gen Digital Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Driver Updater\NortonDriverUpdUI.exe <2> (explorer.exe ->) (Gen Digital Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Utilities\NortonUtilitiesUI.exe <2> (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <40> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\runonce.exe (explorer.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit\SnagitCapture.exe (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonUI.exe <4> (IDrive, Inc. -> IDrive Inc.,) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe (IDrive, Inc. -> IDrive Inc.,) C:\Program Files (x86)\IDriveWindows\id_tray.exe (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe <2> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (PrintCtrl.exe ->) (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe <2> (runonce.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Sources\setupplatform.exe (services.exe ->) () [File not signed] C:\Program Files (x86)\HP\HPSmartDeviceAgentBase\Service\HPSmartDeviceAgentBase.exe (services.exe ->) (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe (services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Endpoint Protection SDK\endpointprotection.exe (services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_52fab4c0c715a075\DAX3API.exe <2> (services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_23d2cb6fdc7a89f7\FusionAPI.exe (services.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.4.2155.0_x64__8j3eq9eme6ctt\VFS\ProgramFilesX64\Intel\Intel Graphics Software\IntelGraphicsSoftware.Service.exe (services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDService.exe (services.exe ->) (Elliptic Laboratories ASA -> Elliptic Laboratories ASA) C:\Windows\System32\DriverStore\FileRepository\elliptichpd.inf_amd64_7737849771edbfcc\EllipticHPDService.exe (services.exe ->) (Elliptic Laboratories ASA -> Elliptic Laboratories ASA) C:\Windows\System32\DriverStore\FileRepository\ellipticvls.inf_amd64_24d97f3a92e5d4d2\VLS\VirtualLockSensor.exe (services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\AntiTrack\x86\ATServiceHost.exe (services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\afwServ.exe (services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\aswidsagent.exe (services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\nllToolsSvc.exe (services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonSvc.exe (services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\VpnSvc.exe (services.exe ->) (Gen Digital Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Driver Updater\NortonDriverUpdSvc.exe (services.exe ->) (Gen Digital Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Utilities\NortonUtilitiesSvc.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (IDrive, Inc. -> IDrive Inc.,) C:\Program Files (x86)\IDriveWindows\id_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_8a3f88e34f6b8385\jhi_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_5ecafabf5082a9c7\ipfsvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_acc665f350c82262\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_5fe37e024ff302b0\ipf_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_47b9a82f73e9dad8\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_a952167d9e98b004\AS\IAS\IntelAudioService.exe (services.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (services.exe ->) (Lenovo -> ) C:\Program Files\Lenovo\LADMLauncherService\bin\LADMAutoInstallService.exe (services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\lenovoaiccdisplay_cmp.inf_amd64_ab1d7000bacd781a\amd64\LenovoAICCLoader.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_f6d79d78edcb4315\LvfInstallService.exe (services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantageService.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_bdd272e4bb83b7fb\driver\tphkload.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\ibmpmsvc.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_3d585c065d8f0236\SmartStandby.exe (services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_4f83e4afb1d34b57\x64\LITSSvc.exe <2> (services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncHelper.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WUDFCompanionHost.exe <2> (services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Suite\wsc_proxy.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_09020ede05a436cf\RtkAudUService64.exe <3> (services.exe ->) (Shenzhen Goodix Technology Co., Ltd. -> Shenzhen Goodix Technology Co., Ltd.) C:\Windows\System32\DriverStore\FileRepository\goodixmocusb.inf_amd64_5775ca5f809fe9e0\GoodixSessionService.exe (services.exe ->) (Synology Inc. -> ) C:\Program Files\Synology\SynologyDrive\bin\vss-service-x64.exe (sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2602.23002.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe (sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_19.2604.38251.0_x64__8wekyb3d8bbwe\m365copilot_autostarter.exe (svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (svchost.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe (svchost.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\lenovoaiccdisplay_cmp.inf_amd64_ab1d7000bacd781a\amd64\LenovoAICCUserAgent.exe (svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileCoAuth.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [333784 2021-03-31] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [9523624 2025-05-24] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [610080 2024-10-27] (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com) HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit\SnagitCapture.exe [9877920 2026-03-10] (TechSmith Corporation -> TechSmith Corporation) HKLM\...\Run: [NortonUI.exe] => C:\Program Files\Norton\Suite\AvLaunch.exe [924840 2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) HKLM\...\Run: [Norton Utilities UI] => C:\Program Files\Norton\Utilities\NortonUtilitiesUI.exe [7212768 2026-03-24] (Gen Digital Inc. -> NortonLifeLock Inc.) HKLM\...\Run: [Norton Driver Updater UI] => C:\Program Files\Norton\Driver Updater\NortonDriverUpdUI.exe [7220448 2026-03-24] (Gen Digital Inc. -> NortonLifeLock Inc.) HKLM\...\Run: [UniConverterUpdateHelper] => C:\Program Files\Wondershare\UniConverter 17\WSVCUUpdateHelper.exe [42200 2026-03-30] (Wondershare Technology Group Co.,Ltd -> ) HKLM-x32\...\Run: [SSS14 File Redirection Starter] => C:\Program Files (x86)\Steganos Privacy Suite 14\fredirstarter.exe [17920 2014-02-25] (Steganos Software GmbH) [File not signed] HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe [1969440 2013-05-03] (Wondershare Software Co., Ltd. -> ) HKLM-x32\...\Run: [SPUpDateServerrun] => C:\Program Files (x86)\hicloud\update_server\startUp.exe [14832 2015-09-10] (EZVIZ Inc. -> ) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1138752 2018-03-27] (PDF Complete Inc. -> PDF Complete Inc) HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [384872 2025-08-01] (Expressco Services LLC -> ExpressVPN) HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 21\SteganosHotKeyService.exe [134504 2025-07-16] (Steganos Software GmbH -> Steganos Software GmbH) HKLM-x32\...\Run: [SAFE21 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 21\SteganosBrowserMonitor.exe [1514384 2025-07-16] (Steganos Software GmbH -> Steganos Software GmbH) HKLM-x32\...\Run: [SAFE21 Notifier] => C:\Program Files (x86)\Steganos Safe 21\Notifier.exe [5812064 2025-07-16] (Steganos Software GmbH -> Steganos Software GmbH) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [279240 2016-12-09] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [TrayProcess] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe [1030160 2025-12-03] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [84304 2026-03-16] (IDrive, Inc. -> IDrive Inc.,) HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [602960 2026-03-16] (IDrive, Inc. -> IDrive Inc.,) HKLM-x32\...\Run: [NortonAntiTrack] => C:\Program Files\Norton\AntiTrack\x86\ATTray.exe [221920 2026-04-05] (Gen Digital Inc. -> Gen Digital Inc.) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4746600 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4746600 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4746600 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\Run: [Microsoft.Lists] => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\OneDrive.Sync.Service.exe [953192 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\geoff\AppData\Local\Microsoft\Teams\Update.exe [2583584 2025-09-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [42086872 2026-04-01] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [6026456 2026-03-02] (IObit CO., LTD -> IObit) HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\MountPoints2: {a2b3c818-35a0-11f1-afe3-04e8b9c6ed95} - "E:\setup.exe" HKU\S-1-5-21-2837236113-4052516336-580648045-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> HKLM\...\Windows x64\Print Processors\ActMaskR: C:\Windows\System32\spool\prtprocs\x64\ActPrint.dll [55584 2024-10-26] (ActMask Group Co., Ltd -> ActMask Co.,Ltd hxxp://ALL2PDF.COM) HKLM\...\Windows x64\Print Processors\Canon G3010 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDEI.DLL [506368 2023-06-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor G3010 series: C:\Windows\system32\CNMLMEI.DLL [1325568 2023-06-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\PDFC: C:\Windows\system32\pdfc_port.dll [27680 2018-03-27] (PDF Complete Inc. -> PDF Complete, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [3101848 2026-03-18] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\146.0.7680.180\Installer\chrmstp.exe [7359128 2026-04-11] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {19D3E72A-6C28-471D-A715-16648A00625F} - \McAfee\WPS\McAfee PC Optimizer Task -> No File <==== ATTENTION Task: {3E8E6F15-E926-4260-A122-117B16D0751F} - \McAfee\WPS\McAfee Cloud Configuration Check -> No File <==== ATTENTION Task: {4302A9DE-2EA9-4513-B304-70B7C9CB61E5} - \McAfee\WPS\McAfee Scheduled Tracker Remover -> No File <==== ATTENTION Task: {6AC4D395-2A7F-4798-BA3A-E37F4D6EBB44} - \McAfee\WPS\McAfee Message Check -> No File <==== ATTENTION Task: {831286A8-F036-4A85-99A6-C686A1AE08D0} - \McAfee\WPS\McAfee Hotfix -> No File <==== ATTENTION Task: {8C77631F-EE17-4C90-A80B-48E7C0FDBEFB} - \McAfee\WPS\McAfee Anti-Tracker Scanner -> No File <==== ATTENTION Task: {A5F34454-8347-444C-AD19-50086D6E5879} - \McAfee\WPS\McAfee Fake Alert Blocker -> No File <==== ATTENTION Task: {BF634F0F-C25A-4F4A-A5E8-327AF0355699} - \McAfee\WPS\McAfee restart of PC -> No File <==== ATTENTION Task: {D0D94CCB-B360-485B-813B-CB6BAAE88FF0} - \McAfee\WPS\McAfee Windows Notification Token -> No File <==== ATTENTION Task: {DB4B90A8-FD68-498D-AD85-6692E3B6FA6B} - \McAfee\WPS\McAfee Scheduled AV Scan -> No File <==== ATTENTION Task: {E335EC28-A815-4D3F-A095-D8DF9F2FE6FE} - \McAfee\WPS\McAfee Virus Definition Update -> No File <==== ATTENTION Task: {E5C75206-59E4-4026-AF01-0B06A79BE1F0} - \McAfee\WPS\McAfee Anti-tracker notification -> No File <==== ATTENTION Task: {EA61E327-DE2F-4D72-8C4D-E7B0677F5C1F} - \McAfee\wps\McAfee Updater -> No File <==== ATTENTION Task: {EDC65C98-4FDA-4F90-82FB-852F7FB76563} - \McAfee\WPS\McAfee Health Check -> No File <==== ATTENTION Task: {7963B3F7-87D9-452D-8A4D-A1B22E2D6425} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1612800 2026-01-23] (Adobe Inc. -> Adobe Inc.) Task: {9779A0A1-EAEF-4371-BF8B-0D224B89ED03} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-geoff_shutt@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {85B07685-C9C4-4A36-BCEB-5E69B1CBFCA1} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [9523624 2025-05-24] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {4317E216-937C-4B4D-9453-7F605399567F} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [9838504 2025-05-24] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {9F00DFC6-D4F7-4E7C-BF0B-C79D8E50873C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.) Task: {19E55E1B-7D24-4AD3-B48C-DE8869C0CAA3} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [5573848 2026-03-02] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/Task <==== ATTENTION Task: {00D41072-F8D3-4391-9C00-2D7F56194A0C} - System32\Tasks\ASC_SkipUac_geoff => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [11471568 2026-03-12] (IObit CO., LTD -> IObit) -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/SkipUac <==== ATTENTION Task: {AE2270E6-B3DC-4DAF-ABE8-09A69B66FD45} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5620984 2025-11-12] (Microsoft Windows -> Microsoft Corporation) Task: {58CF5032-5EBD-4E3B-A51E-D525336A9384} - System32\Tasks\DuplicatePhotoCleaner => C:\Program Files\Duplicate Photo Cleaner 7\DuplicatePhotoCleaner.exe [7219984 2023-11-10] (Webminds, Inc. -> Webminds, Inc.) Task: {D7EE5794-8E45-470C-8839-DC0CA4EF7FE4} - System32\Tasks\EasyDuplicateFinder => C:\Program Files\Easy Duplicate Finder 7\EasyDuplicateFinder.exe [9812752 2023-11-03] (Webminds, Inc. -> Webminds, Inc.) Task: {1C621EFB-2BF5-4E70-993C-5FA45D31193B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [31056 2025-11-10] (Garmin International, Inc. -> ) Task: {A5132247-AECF-4257-BF82-917CADE5EF01} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6441.0{0196B774-7584-4399-B22D-F9FF28891C3B} => "C:\Program Files (x86)\Google\GoogleUpdater\126.0.6441.0\updater.exe" --wake --system (No File) Task: {D491B758-5DBC-421D-91C4-44EF4FA39D48} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem148.0.7730.0{ECF73BDC-3287-4E5C-AF47-00A6F7E7D626} => C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe [8459416 2026-03-12] (Google LLC -> Google LLC) Task: {ED1B8140-62CB-4AF0-B938-C1CCD0E8789D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [95240 2026-04-10] (HP Inc. -> HP Inc.) Task: {9DB42B25-F053-4D07-8368-9C3B28154B9B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [95240 2026-04-10] (HP Inc. -> HP Inc.) Task: {9D94DA2E-F224-4883-A5F6-F8FBB21F9955} - System32\Tasks\HPCustParticipation HP LaserJet MFP M232-M237 => C:\Program Files\HP\HP LaserJet MFP M232-M237\Bin\HPCustPartic.exe [6737880 2024-06-03] (HP Inc. -> HP Inc.) Task: {61A2FF98-3341-46EA-BF98-9ED14FD5F8FB} - System32\Tasks\IDriveServiceHealthCheck => C:\Program Files (x86)\IDriveWindows\id_healthcheck.exe [85840 2026-03-16] (IDrive, Inc. -> IDrive Inc.,) Task: {1DD16945-60DF-40FE-8DFD-D4AC5C497498} - System32\Tasks\iolo\ActiveMessenger => C:\Program Files\iolo technologies\System Mechanic\ActiveBridge.exe [3665800 2025-08-11] (RealDefense LLC -> RealDefense, LLC) -> C:\Program Files\iolo technologies\System Mechanic\\-appexecutable iolo.exe -ammode Task: {858870FB-E9DB-4EB8-AE81-6460C6B7E08F} - System32\Tasks\iolo\iolo Tray app => C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe [1890696 2025-08-11] (RealDefense LLC -> RealDefense, LLC) Task: {AFDDD2D6-3BB6-4AD4-81E6-ABA0AC5E47BA} - System32\Tasks\iolo\Live Boost Process Governor => C:\Program Files\iolo technologies\System Mechanic\LBGovernor.exe [1068424 2025-08-11] (RealDefense LLC -> RealDefense LLC) Task: {90EB46E1-71E1-48B2-9DC1-AE8FA4F6452F} - System32\Tasks\iolo\Multi Product Notification Service => C:\Program Files\iolo technologies\System Mechanic\mpns.exe [29064 2025-08-11] (RealDefense LLC -> RealDefense, LLC) Task: {53842384-8AE9-411A-B91F-3D54A68D17F6} - System32\Tasks\iolo\SmartScan => C:\Program Files\iolo technologies\System Mechanic\smartscan.exe [100232 2025-08-11] (RealDefense LLC -> ) Task: {17517C14-75EA-4093-B679-6C431A09672C} - System32\Tasks\Lenovo\AICC\LAICCUserAgent => C:\Windows\System32\DriverStore\FileRepository\lenovoaiccdisplay_cmp.inf_amd64_ab1d7000bacd781a\amd64\LenovoAICCUserAgent.exe [193920 2023-09-07] (Lenovo -> Lenovo Group Limited) Task: {E7156740-8F13-441F-9835-46783A03E588} - System32\Tasks\Lenovo\AICC\ReApplyHandler => C:\Windows\System32\DriverStore\FileRepository\lenovoaiccdisplay_cmp.inf_amd64_ab1d7000bacd781a\amd64\LenovoAICCReApplyHandler.exe [70528 2023-09-07] (Lenovo -> ) Task: {D2C02525-B27C-4846-A2B1-021C1F42E220} - System32\Tasks\Lenovo\AICC\UninstallTask => C:\Program Files\Lenovo\AICC\LenovoAICCUninstaller.exe [167168 2023-03-06] (Lenovo -> Lenovo Group Limited) Task: {21CC41FD-A1B5-4ECB-8DBB-D14CBE550EED} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {7694E887-36B3-4BBD-BA45-DDA5420F6927} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService Task: {19CE4A6A-8E2F-452C-A78D-3A8C583C8FC0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\14e57adb-9077-41af-a586-1b763f330304 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {226E133B-C90C-4B7E-999E-41D0363B170A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e38ee3e1-cd3e-4036-9131-ec6f017fae8a => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {FFF1E298-0A24-466D-AD39-620D69D38B54} - System32\Tasks\Lenovo\Lenovo Professional Ultraslim Wireless Combo Gen2 OSD task => C:\Program Files\Lenovo\Lenovo Professional Wireless Rechargeable Combo\UltraslimOSD.exe [5146144 2024-04-23] (Lenovo -> ) Task: {8801926B-85C9-4B58-AAEA-0C1450DB6551} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2837236113-4052516336-580648045-1001 => C:\Users\geoff\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [93520 2026-03-06] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {7B6973B2-2AF4-4D08-B50E-20961B068F90} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [130488 2025-11-09] (Lenovo -> Lenovo) Task: {1BB99269-D7F6-44FB-8A34-489D8D8450BC} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [67512 2025-11-09] (Lenovo -> ) Task: {8618937F-CEF9-4607-84BF-08BCE8595F99} - System32\Tasks\Lenovo\SmartStandby\Daily analysis => C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_3d585c065d8f0236\AutonomicMgr.exe [76728 2025-11-14] (Lenovo -> ) Task: {7620872F-19AA-4B51-9AAF-C6FE87272954} - System32\Tasks\Lenovo\SmartStandby\Uninstall Monitor => C:\Windows\system32\SmartStandbyInst.exe [46008 2025-11-14] (Lenovo -> ) Task: {D59559C7-8F5F-4644-800A-09A9CBD18571} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210 Task: {579CB9B0-5C98-42C5-98D4-4FAB4E1549E5} - System32\Tasks\Lenovo\UDC\Lenovo UDC Lazy Deployment => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 221 Task: {112428FB-2246-431C-AEE1-63DD835BA5F4} - System32\Tasks\Lenovo\UDC\Lenovo UDC Maintainance Task => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 220 Task: {A94837D6-BF7A-4B20-A67A-050539950521} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [252856 2026-01-25] (Lenovo -> Lenovo Group Ltd.) Task: {FA64341D-9B55-49F0-8F3A-7A5C5157C7E9} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService Task: {389A3196-9FCB-429D-B89E-C77703FE3302} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-18] (Lenovo -> Lenovo) Task: {906CAB6A-0A66-417F-9D95-01EC9E9577C4} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-18] (Lenovo -> Lenovo) Task: {1E14C222-4F40-4969-BC81-BFBA80224255} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin_Pulsation => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-18] (Lenovo -> Lenovo) Task: {23619D30-3E49-487D-9312-EE5D1026B87D} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-18] (Lenovo -> Lenovo) Task: {F0D29E90-8557-4EFA-A770-F3C67D75AC99} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-18] (Lenovo -> Lenovo) Task: {3E530991-ED43-45A8-9A0E-71F7F84FDD62} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-18] (Lenovo -> Lenovo) Task: {85BD2952-2A3F-4D5C-98CE-A9AD8543A640} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.1.0.22\x86\IdleScheduleEventAction.exe [173536 2026-03-30] (Lenovo -> ) Task: {6444E37D-8659-41CC-9D05-55BD98F92DAE} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-18] (Lenovo -> Lenovo) Task: {E07A4843-D555-409C-A894-CB1445164F8A} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File) Task: {566D843F-EB7D-4566-BB47-A95AFCF623B9} - System32\Tasks\LvfCleanup => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [450560 2024-02-06] (Microsoft Windows -> Microsoft Corporation) -> -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$s = Get-Service 'LvfInstallService' -ErrorAction SilentlyContinue; if (-not $s -or $s.StartType -eq 'Disabled' -or $s.Status -eq 'Stopped') { Start-Sleep -Seconds 5; sc.exe delete 'LvfInstallService'; schtasks /Delete /TN 'LvfGuiRemov (the data entry has 107 more characters). Task: {9FA510FF-0751-487D-AC24-3101AA7AB969} - System32\Tasks\LvfDriverRemoval => C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_f6d79d78edcb4315\LvfInstallService.exe [99768 2026-02-11] (Lenovo -> Lenovo Group Ltd.) Task: {FE4ECB07-9661-45B8-AC98-BD3DCDF220A8} - System32\Tasks\LvfGuiRemoval => C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_f6d79d78edcb4315\LvfInstallService.exe [99768 2026-02-11] (Lenovo -> Lenovo Group Ltd.) Task: {33C641DC-5A82-427A-A946-0F7AD79C842F} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [16404776 2026-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {269F029A-CDA5-468D-B93B-DD1DD150A8D7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28535616 2026-04-01] (Microsoft Corporation -> Microsoft Corporation) Task: {37302EA5-4B11-4351-A074-EF222BF49BE7} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [73568 2026-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {5206BB68-DF07-43A3-8A33-C399DE6243F9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28535616 2026-04-01] (Microsoft Corporation -> Microsoft Corporation) Task: {ED52AF53-7F03-4603-8A26-AD47FBE3C59A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [426776 2026-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {10837EAD-6380-4A23-B0C0-D8FEEF31BCB2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [426776 2026-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {F6790B1D-8DB3-49D3-9338-A5102179EC9C} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1349920 2026-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {7BA9D4CE-5AF7-448D-8FBF-58353E76441C} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4416544 2026-04-01] (Microsoft Corporation -> Microsoft Corporation) Task: {144DF455-7735-4B62-A78E-965D54DD5ACA} - System32\Tasks\Microsoft\Office\Office Startup Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [16404776 2026-04-06] (Microsoft Corporation -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File) Task: {BF374B0C-8A9D-4BFA-B510-3478768523F5} - System32\Tasks\Norton\Norton 360 Patcher => C:\Program Files\Common Files\Norton\Icarus\norton-suite\icarus.exe [9583328 2026-03-16] (Gen Digital Inc. -> Gen Digital Inc.) Task: {54546FD3-30D4-4C67-B550-2213D81BE6E2} - System32\Tasks\Norton\Norton Driver Updater BugReport => C:\Program Files\Norton\Driver Updater\AvBugReport.exe [6444768 2026-03-24] (Gen Digital Inc. -> NortonLifeLock Inc.) -> --send "dumps|report" --silent --product 191 --programpath "C:\Program Files\Norton\Driver Updater" --configpath "C:\ProgramData\Norton\Driver Updater" --path "C:\ProgramData\Norton\Driver Updater\log" --path "C:\ProgramData\Norton\Icarus\Logs" --logpath "C:\ProgramData\Norton\Driver Updater\log" - (the data entry has 42 more characters). Task: {229176A9-F6C0-44E5-B42F-D034191A40F3} - System32\Tasks\Norton\Norton Driver Updater Update => C:\Program Files\Common Files\Norton\Icarus\norton-du\icarus.exe [9761136 2026-03-23] (Gen Digital Inc. -> Gen Digital Inc.) Task: {99D68DD1-5367-4ACD-B4F0-8D7108621151} - System32\Tasks\Norton\Norton Utilities BugReport => C:\Program Files\Norton\Utilities\AvBugReport.exe [6444768 2026-03-24] (Gen Digital Inc. -> NortonLifeLock Inc.) -> --send "dumps|report" --silent --product 189 --programpath "C:\Program Files\Norton\Utilities" --configpath "C:\ProgramData\Norton\Utilities" --path "C:\ProgramData\Norton\Utilities\log" --path "C:\ProgramData\Norton\Icarus\Logs" --logpath "C:\ProgramData\Norton\Utilities\log" --guid e64ad60c-5a4b- (the data entry has 22 more characters). Task: {BD91B33F-6BC0-41DA-BD8C-171DD8E6070D} - System32\Tasks\Norton\Norton Utilities Update => C:\Program Files\Common Files\Norton\Icarus\norton-tu\icarus.exe [9761136 2026-03-24] (Gen Digital Inc. -> Gen Digital Inc.) Task: {DC67E3A3-EEF4-4D53-8A80-B4BCE46829A1} - System32\Tasks\Norton\Norton VPN Bug Report => C:\Program Files\Norton\Suite\AvBugReport.exe [6423720 2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 187 --programpath "C:\Program Files\Norton\Suite" --configpath "C:\ProgramData\Norton\VPN" --path "C:\ProgramData\Norton\VPN\log" --path "C:\ProgramData\Norton\Icarus\Logs" --logpath "C:\ProgramData\Norton\VPN\log" --guid f4d88b32-a421-4d04-8f0d-79f08e3b9fa9 Task: {F496A21C-7755-4C1A-AA5E-6F011C7385E5} - System32\Tasks\Norton\Overseer => C:\Program Files\Common Files\Norton\Overseer\overseer.exe [2979552 2025-10-21] (Gen Digital Inc. -> Gen Digital Inc.) Task: {D5B87708-A2EE-402C-BF4B-7CEE955D01C1} - System32\Tasks\Norton\Suite Emergency Update => C:\Program Files\Norton\Suite\AvEmUpdate.exe [5658280 2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) Task: {602FFC4C-E902-46FC-A979-893DEE39C33C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4428136 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) Task: {4C556767-E685-4370-AA1D-1BC84FA2CAC6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2837236113-4052516336-580648045-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4428136 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) Task: {BEC02478-939B-41A6-BAE3-FBD7414702BB} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2837236113-4052516336-580648045-1006 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4428136 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) Task: {B4404DBC-D0D5-4FC4-B0E9-B5BACF42E023} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2837236113-4052516336-580648045-1008 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4428136 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) Task: {ABCF74F5-8511-40DF-8305-D3A8AA9777D9} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2837236113-4052516336-580648045-1013 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4428136 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) Task: {84319826-4627-478B-84D8-95CE122DE56B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2837236113-4052516336-580648045-1017 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4428136 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) Task: {31F503CB-CADC-4DF2-BEFC-17A06F0444CA} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2837236113-4052516336-580648045-1001 => C:\Program Files\Microsoft OneDrive\26.040.0301.0001\OneDriveLauncher.exe [757648 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) Task: {5901B54A-A45C-4870-8DC6-AD7C76F226D0} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2837236113-4052516336-580648045-1006 => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\OneDriveLauncher.exe /startInstances (No File) Task: {DE91CD42-6184-4F09-9EE9-87DE02FACFC8} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2837236113-4052516336-580648045-1008 => C:\Program Files\Microsoft OneDrive\25.155.0811.0002\OneDriveLauncher.exe /startInstances (No File) Task: {81340193-76EB-4672-AB38-5CC03A571A85} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2837236113-4052516336-580648045-1013 => C:\Program Files\Microsoft OneDrive\25.164.0824.0003\OneDriveLauncher.exe /startInstances (No File) Task: {7D889F13-9B63-49C0-98E3-27E98C67360D} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2837236113-4052516336-580648045-1017 => C:\Program Files\Microsoft OneDrive\25.209.1026.0002\OneDriveLauncher.exe /startInstances (No File) Task: {3BDD3555-F470-4CAC-BFAC-9DD9DFE00B8B} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_09020ede05a436cf\RtkAudUService64.exe [3001320 2025-08-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {C509B103-917A-49FF-8B6D-4DCD8CE27798} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [154438440 2025-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\--disable-gpu-sandbox /AUTOHIDE Task: {815B2714-3B7B-4874-9BA8-276C2A5BAB33} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904536 2024-07-14] (Lenovo -> ) Task: {41205312-6EEE-486E-8124-C2E5490C8838} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904536 2024-07-14] (Lenovo -> ) Task: {9342F870-B3D4-4D6C-81EE-4A4991D41E18} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-2837236113-4052516336-580648045-1001 => C:\Users\geoff\AppData\Roaming\Zoom\bin\Zoom.exe [507784 2026-03-16] (Zoom Communications, Inc. -> Zoom Communications, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{225e553c-e954-4362-b324-4182202100d3}: [NameServer] 10.72.0.1 Tcpip\..\Interfaces\{3e50102b-62cb-48b1-887b-02bb74cd3cd2}: [DhcpNameServer] 9.9.0.1 Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}: [DhcpDomain] home Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\341627C647F6E60284F64756C6022416E676B6F6B6: [DhcpNameServer] 8.8.8.8 172.27.0.1 Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\341627C647F6E60284F64756C6022416E676B6F6B6: [DhcpDomain] localdomain Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\35B495440585D405: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\35B495440585D405: [DhcpDomain] Home Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\744535F5537484A7: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\8494C445F4E4021435F4B454: [DhcpNameServer] 172.27.0.1 Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\8494C445F4E4021435F4B454: [DhcpDomain] localdomain Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\8496C647F6E60284F6E6F62737: [DhcpNameServer] 4.2.2.1 Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\84F6C69646169794E6E6: [DhcpNameServer] 172.27.0.1 Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\84F6C69646169794E6E6: [DhcpDomain] localdomain Tcpip\..\Interfaces\{5d53ae43-86a7-46dc-a683-83683f61052a}\84F6E64616D234573747F6D65627: [DhcpNameServer] 208.91.112.53 208.91.112.52 Tcpip\..\Interfaces\{68ae1355-72b0-4c50-9980-90a55cebec05}: [DhcpNameServer] 10.41.0.1 Tcpip\..\Interfaces\{79ad9330-c919-4329-8ec0-5ad49d832231}: [NameServer] 100.64.100.1 Tcpip\..\Interfaces\{d195db91-07fd-428d-b785-d48886436d8c}: [NameServer] 10.9.0.1 Tcpip\..\Interfaces\{e566ec70-1ff9-4637-a493-31773f62df22}: [NameServer] 10.8.0.1 FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3 FF Extension: (Steganos Password Manager) - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3 [2023-12-16] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt FF Extension: (Wondershare Video Converter Ultimate) - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt [2023-12-17] [Legacy] [not signed] FF HKU\S-1-5-21-2837236113-4052516336-580648045-1001\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2026-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2025-12-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2025-12-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.23 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2025-12-31] (VideoLAN -> VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2026-04-01] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-12-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: shipin7 -> C:\Program Files (x86)\hik\PCPlayer\npSP7WebVideoPlugin.dll [2015-10-30] (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> ) FF Plugin-x32: shipin7safebox -> C:\Program Files (x86)\hik\PCPlayer\npSafePlugin.dll [2015-10-30] (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> ) FF Plugin-x32: shipin7update -> C:\Program Files (x86)\hik\PCPlayer\npUpdataPlugin.dll [2015-10-30] (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> ) Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default [2026-04-11] Edge Notifications: Default -> hxxps://calendar.google.com; hxxps://meet.google.com; hxxps://www.facebook.com; hxxps://www.messenger.com; hxxps://www.qatarairways.com; hxxps://www.tiktok.com Edge HomePage: Default -> hxxps://ceridian.sharepoint.com/sites/YourSource Edge StartupUrls: Default -> "hxxp://www.google.co.uk/" Edge Session Restore: Default -> is enabled. Edge Extension: (LastPass: Free Password Manager) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2026-04-01] Edge Extension: (Password Manager SafeInCloud) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bfilcmnckjfhldbbkaeofghnhpbehipd [2024-11-02] Edge Extension: (ExpressKeys: Password Manager) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blgcbajigpdfohpgcmbbfnphcgifjopc [2026-04-01] Edge Extension: (Norton AntiTrack) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpijioncddkancpiedagilpojbgmoni [2026-04-05] Edge Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2025-03-02] Edge Extension: (BlockSite Block Websites & Stay Focused) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2026-04-04] Edge Extension: (Video Downloader Professional) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2026-03-13] Edge Extension: (McAfee® WebAdvisor) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2026-03-13] Edge Extension: (ExpressVPN: VPN & proxy browser extension) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2026-02-28] Edge Extension: (Google Docs Offline) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-04-01] Edge Extension: (Google Mail Checker) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\glbpkcehjkihaknkjifkehdpjfngbdga [2023-12-10] Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2026-04-09] Edge Extension: (Cisco Webex Extension) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2023-12-10] Edge Extension: (IObit Surfing Protection) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn [2025-02-22] Edge Extension: (Cisco Webex Extension) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2023-12-10] Edge Extension: (Edge relevant text changes) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-03] Edge Extension: (Zoom Chrome Extension) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2026-03-04] Edge Extension: (McAfee® Web Boost) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lamehkegphbbfdailghaeeleoajilfho [2023-12-10] Edge Extension: (BlockSite Block Websites & Stay Focused) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lbnblmjlpifpfpefbcgefbhnlcnnjgjk [2026-03-04] Edge Extension: (RoboForm Password Manager) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2026-04-01] Edge Extension: (All Video Downloader professional) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mbpnbnogejaolbhfpfgagldkeahefbhd [2024-08-19] Edge Extension: (AdBlock — block ads across the web) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2026-04-09] Edge Extension: (uBlock Origin) - C:\Users\geoff\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2026-03-11] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default [2026-04-11] CHR Notifications: Default -> hxxps://app.okkami.com; hxxps://meet.google.com; hxxps://portal.dusit.com; hxxps://shopee.co.th; hxxps://tinder.com; hxxps://www.etoro.com; hxxps://www.expat.hsbc.com; hxxps://www.hsbc.co.uk; hxxps://www.qatarairways.com; hxxps://www.radissonhotels.com; hxxps://www.tradingview.com; hxxps://www.youtube.com CHR HomePage: Default -> hxxp://www.google.co.uk/ CHR StartupUrls: Default -> "hxxp://www.google.co.uk/" CHR Session Restore: Default -> is enabled. CHR Extension: (Norton AntiTrack) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aajahhgggmjeoanmebkebnikpnfkbejb [2026-04-05] CHR Extension: (uBlock Origin) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2025-05-17] CHR Extension: (Videostream for Google Chromecast™) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2023-12-10] CHR Extension: (uBlock Origin Lite) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkjiahejlhfcafbddmgiahcphecmpfh [2026-04-09] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2026-04-10] CHR Extension: (BlockSite Block Websites & Stay Focused) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2026-04-04] CHR Extension: (AdBlock — block ads across the web) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2026-04-09] CHR Extension: (LastPass: Free Password Manager) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2026-04-09] CHR Extension: (Zoom Chrome Extension) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2026-03-04] CHR Extension: (Passwords & codes-Safe) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchdigjbcmdgcfeijpfkpadacbijihjl [2025-06-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-10] CHR Extension: (RoboForm Password Manager) - C:\Users\geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2026-04-04] CHR Profile: C:\Users\geoff\AppData\Local\Google\Chrome\User Data\System Profile [2025-12-31] CHR HKU\S-1-5-21-2837236113-4052516336-580648045-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2023-12-17] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [180216 2026-01-23] (Adobe Inc. -> Adobe Inc.) R2 AdvancedSystemCareService19; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1858264 2026-03-02] (IObit CO., LTD -> IObit) <==== ATTENTION S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103888 2025-08-21] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13233472 2026-04-01] (Microsoft Corporation -> Microsoft Corporation) S4 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [765736 2025-11-11] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_52fab4c0c715a075\DAX3API.exe [2787920 2025-07-01] (Dolby Laboratories, Inc. -> Dolby Laboratories) R2 DolbyFusionAPI; C:\Windows\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_23d2cb6fdc7a89f7\FusionAPI.exe [794296 2025-07-22] (Dolby Laboratories, Inc. -> Dolby Laboratories) R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_5ecafabf5082a9c7\ipfsvc.exe [572520 2025-06-30] (Intel Corporation -> Intel Corporation) R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [60432 2025-12-03] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) R2 EllipticHPDService; C:\Windows\System32\DriverStore\FileRepository\elliptichpd.inf_amd64_7737849771edbfcc\EllipticHPDService.exe [1252176 2025-11-03] (Elliptic Laboratories ASA -> Elliptic Laboratories ASA) R2 EllipticVLS; C:\Windows\System32\DriverStore\FileRepository\ellipticvls.inf_amd64_24d97f3a92e5d4d2\VLS\VirtualLockSensor.exe [631864 2025-02-28] (Elliptic Laboratories ASA -> Elliptic Laboratories ASA) R2 EndpointProtectionService; C:\Program Files\Endpoint Protection SDK\endpointprotection.exe [12233184 2025-03-14] (Avira Operations GmbH -> Avira Operations GmbH) S3 EndpointProtectionService2; C:\Program Files\Endpoint Protection SDK\endpointprotection.exe [12233184 2025-03-14] (Avira Operations GmbH -> Avira Operations GmbH) R2 EPDService; C:\Windows\System32\EPDService.exe [217160 2026-03-02] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) S4 ExpressVPN App Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe [440680 2025-08-01] (Expressco Services LLC -> ExpressVPN) S4 ExpressVPN System Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe [440680 2025-08-01] (Expressco Services LLC -> ExpressVPN) S4 ExpressVPN VPN Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe [440680 2025-08-01] (Expressco Services LLC -> ExpressVPN) R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\26.040.0301.0001\FileSyncHelper.exe [3602280 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [244232 2026-04-10] (HP Inc. -> HP Inc.) R2 HPSmartDeviceAgentBase; C:\Program Files (x86)\HP\HPSmartDeviceAgentBase\Service\HPSmartDeviceAgentBase.exe [68608 2017-10-25] () [File not signed] R2 IBMPMSVC; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\ibmpmsvc.exe [1067920 2025-10-27] (Lenovo -> Lenovo) R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [474448 2026-03-16] (IDrive, Inc. -> IDrive Inc.,) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [460992 2025-04-18] (Canon Inc. -> ) R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) S2 Intel(R) Platform License Manager Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_b4ad878dc01a7e41\lib\PlatformLicenseManagerService.exe [741600 2024-03-13] (Intel Corporation -> Intel(R) Corporation) R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_a952167d9e98b004\AS\IAS\IntelAudioService.exe [532960 2025-12-30] (Intel Corporation -> Intel) R2 IntelGraphicsSoftwareService; C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.4.2155.0_x64__8j3eq9eme6ctt\VFS\ProgramFilesX64\Intel\Intel Graphics Software\IntelGraphicsSoftware.Service.exe [312832 2026-03-23] (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_5fe37e024ff302b0\ipf_uf.exe [3357664 2026-02-10] (Intel Corporation -> Intel Corporation) R2 LADMLauncherService; C:\Program Files\Lenovo\LADMLauncherService\bin\LADMAutoInstallService.exe [2412832 2024-07-10] (Lenovo -> ) S4 LenovoAccessoriesandDisplayManagerService; C:\Program Files\Lenovo\Lenovo Accessories and Display Manager\UDCCBackGroundService.exe [246560 2025-01-15] (Lenovo -> Lenovo) R2 LenovoAICCLoader; C:\Windows\System32\DriverStore\FileRepository\lenovoaiccdisplay_cmp.inf_amd64_ab1d7000bacd781a\amd64\LenovoAICCLoader.exe [265704 2023-09-07] (Lenovo -> Lenovo Group Limited) S4 LenovoBrightCtrl; C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_4f83e4afb1d34b57\x64\BrightnessControl.exe [261048 2025-12-19] (Lenovo -> Lenovo.) R2 LenovoSmartStandby; C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_3d585c065d8f0236\SmartStandby.exe [350648 2025-11-14] (Lenovo -> Lenovo) R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantageService.exe [34368 2026-03-18] (Lenovo -> Lenovo) R2 LITSSVC; C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_4f83e4afb1d34b57\x64\LITSSvc.exe [1292216 2025-12-19] (Lenovo -> Lenovo.) R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [497568 2021-10-25] (Logitech Inc -> Logitech) S2 LPlatSvc; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\LPlatSvc.exe [895888 2025-10-27] (Lenovo -> Lenovo) R2 LvfInstallService; C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_f6d79d78edcb4315\LvfInstallService.exe [99768 2026-02-11] (Lenovo -> Lenovo Group Ltd.) S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe [1431160 2024-09-25] (Microsoft Windows Publisher -> Microsoft Corporation) S3 MicrosoftCopilotElevationService; C:\Program Files (x86)\Microsoft\Copilot\Application\146.0.3856.109\elevation_service.exe [3499048 2026-04-06] (Microsoft Corporation -> Microsoft Corporation) S4 MonitorService; C:\Program Files\Easy Duplicate Finder 7\EDFMonitor.exe [7099160 2021-12-14] (Webminds, Inc. -> Webminds, Inc.) S4 NativePushService; C:\Users\geoff\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [595864 2024-03-20] (Wondershare Technology Group Co.,Ltd -> Wondershare) R3 nllbIDSAgent; C:\Program Files\Norton\Suite\aswidsagent.exe [8143528 2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) R2 Norton Antivirus; C:\Program Files\Norton\Suite\NortonSvc.exe [1041576 2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) R2 Norton Firewall; C:\Program Files\Norton\Suite\afwServ.exe [2639016 2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) R2 Norton Tools; C:\Program Files\Norton\Suite\nllToolsSvc.exe [1094312 2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) R2 NortonATServiceHost; C:\Program Files\Norton\AntiTrack\x86\ATServiceHost.exe [222432 2026-04-05] (Gen Digital Inc. -> Gen Digital Inc.) R2 NortonDriverUpdSvc; C:\Program Files\Norton\Driver Updater\NortonDriverUpdSvc.exe [19063008 2026-03-24] (Gen Digital Inc. -> NortonLifeLock Inc.) R2 NortonUtilitiesSvc; C:\Program Files\Norton\Utilities\NortonUtilitiesSvc.exe [21552352 2026-03-24] (Gen Digital Inc. -> NortonLifeLock Inc.) R2 NortonVpn; C:\Program Files\Norton\Suite\VpnSvc.exe [14817448 2026-03-17] (Gen Digital Inc. -> Gen Digital Inc.) R2 NortonWscReporter; C:\Program Files\Norton\Suite\wsc_proxy.exe [76552 2025-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\26.040.0301.0001\OneDriveUpdaterService.exe [4003688 2026-03-29] (Microsoft Corporation -> Microsoft Corporation) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1750592 2018-03-27] (PDF Complete Inc. -> PDF Complete Inc) S4 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [497448 2025-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [803096 2025-11-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SessionSvc; C:\Windows\System32\DriverStore\FileRepository\goodixmocusb.inf_amd64_5775ca5f809fe9e0\GoodixSessionService.exe [69840 2026-03-10] (Shenzhen Goodix Technology Co., Ltd. -> Shenzhen Goodix Technology Co., Ltd.) R2 Synology Drive VSS Service x64; C:\Program Files\Synology\SynologyDrive\bin\vss-service-x64.exe [372968 2026-01-20] (Synology Inc. -> ) S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [26113384 2026-03-03] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_bdd272e4bb83b7fb\driver\TPHKLOAD.exe [316992 2025-12-26] (Lenovo -> Lenovo) R2 UDCService; C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe [72632 2026-01-25] (Lenovo -> Lenovo Group Ltd.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe [3199656 2024-09-25] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe [133704 2024-09-25] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WsDrvInst; C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\Transfer\DriverInstall.exe [112496 2020-04-13] (WONBO TECHNOLOGY Co.,LIMITED -> Wondershare) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AKCCID; C:\Windows\System32\drivers\AKCCID.sys [111904 2025-11-12] (Alcorlink Corp. -> ) R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [47904 2025-07-23] (IObit CO., LTD -> IObit) R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [31944 2025-08-08] (Microsoft Windows Hardware Compatibility Publisher -> IObit) R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [179768 2025-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Avira Operations GmbH) R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [223296 2025-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Avira Operations GmbH) S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2023-11-03] (Microsoft Corporation) [File not signed] R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2026-04-11] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION R2 CrypticDisk; C:\Windows\SysWOW64\Drivers\CrypticDisk.sys [86592 2009-02-26] (Microolap technologies -> EXLADE, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [175824 2024-10-17] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk64bit.sys [23464 2008-07-26] (EldoS Corporation -> EldoS Corporation) R3 EPD; C:\Windows\System32\drivers\EPD.sys [168008 2026-03-02] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [75848 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [55352 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [35440 2025-05-15] (WDKTestCert dev,133917607052546064 -> CHENGDU YIWO Tech Development Co., Ltd) R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [565456 2024-07-11] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd) R3 euimgprt; C:\Windows\System32\DRIVERS\euimgprt.sys [45776 2024-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R0 EUSSRDVR; C:\Windows\System32\drivers\EUSSRDVR.sys [119512 2024-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R1 ExCrDisk4Drv; C:\Windows\System32\Drivers\CrDisk4.sys [214448 2015-10-21] (Software Security Systems ChTUP -> Exlade) S3 expressvpn-ovpn-dco; C:\Windows\System32\drivers\expressvpn-ovpn-dco.sys [107088 2025-04-30] (Expressco Services LLC -> OpenVPN, Inc) R1 expressvpn-pkf; C:\Windows\system32\DRIVERS\expressvpn-pkf.sys [67152 2025-08-01] (Expressco Services LLC -> ExpressVPN) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys [46712 2025-08-01] (ExprsVPN LLC -> ExpressVPN) R3 expressvpntun; C:\Windows\System32\drivers\expressvpn-tun.sys [41976 2025-08-01] (Expressco Services LLC -> ExpressVPN) R0 fse; C:\Windows\System32\drivers\fse.sys [218528 2025-06-12] (Microsoft Windows -> Microsoft Corporation) R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_c804e238af0965e6\iaLPSS2_GPIO2_ADL.sys [142800 2025-11-10] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_bf2893ea319d70a7\iaLPSS2_I2C_ADL.sys [212944 2025-11-10] (Intel Corporation -> Intel Corporation) R3 IBMPMDRV; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\ibmpmdrv.sys [56720 2025-10-27] (Lenovo -> Lenovo) R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_e736ed4bed7f97b4\gna.sys [100736 2025-10-07] (Intel Corporation -> Intel Corporation) R3 iobit_monitor_server2021; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [33256 2025-07-23] (IObit CO., LTD -> IObit) R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_f5073569ebfc3cd9\ipf_acpi.sys [90600 2026-02-10] (Intel Corporation -> Intel Corporation) R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_5fe37e024ff302b0\ipf_cpu.sys [552928 2026-02-10] (Intel Corporation -> Intel Corporation) R3 necbatt; C:\Windows\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.) S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 nll-ovpn-dco; C:\Windows\System32\drivers\nll-ovpn-dco.sys [148728 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> OpenVPN, Inc) R0 nllArDisk; C:\Windows\System32\drivers\nllArDisk.sys [21088 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllArPot; C:\Windows\System32\drivers\nllArPot.sys [296544 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllbidsdriver; C:\Windows\System32\drivers\nllbidsdriver.sys [439904 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllbidsh; C:\Windows\System32\drivers\nllbidsh.sys [304736 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllbuniv; C:\Windows\System32\drivers\nllbuniv.sys [88152 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllElam; C:\Windows\System32\drivers\nllElam.sys [29144 2025-09-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.) R1 nllKbd; C:\Windows\System32\drivers\nllKbd.sys [33888 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllMonFlt; C:\Windows\System32\drivers\nllMonFlt.sys [290912 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllNetHub; C:\Windows\System32\drivers\nllNetHub.sys [585312 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllRdr; C:\Windows\System32\drivers\nllRdr2.sys [97888 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllRvrt; C:\Windows\System32\drivers\nllRvrt.sys [73312 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllSnx; C:\Windows\System32\drivers\nllSnx.sys [905824 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R1 nllSP; C:\Windows\System32\drivers\nllSP.sys [1287264 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R3 nllStm; C:\Windows\System32\drivers\nllStm.sys [242272 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R0 nllVmm; C:\Windows\System32\drivers\nllVmm.sys [458848 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) S3 nllVpnRdr; C:\Windows\System32\drivers\nllVpnRdr.sys [75872 2026-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.) R3 nllWintun; C:\Windows\System32\drivers\nllWintun.sys [40640 2025-09-02] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifeLock Inc.) S3 nllWireGuard; C:\Windows\System32\drivers\nllWireguard.sys [174704 2025-09-02] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifeLock Inc.) R2 NPF; C:\Program Files (x86)\hik\PCPlayer\npf64.sys [36600 2015-10-15] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R1 pgfilter; C:\Windows\System32\drivers\pgfilter.sys [96280 2025-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) R1 PMDRVS; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\pmdrvs.sys [42384 2025-10-27] (Lenovo -> Lenovo) R1 rtp1; C:\Windows\System32\DRIVERS\rtp1.sys [440488 2025-03-13] (Avira Operations GmbH -> Avira Operations GmbH) R1 rtp2; C:\Windows\System32\DRIVERS\rtp2.sys [440464 2025-03-13] (Avira Operations GmbH -> Avira Operations GmbH) S0 rtp_elam; C:\Windows\System32\DRIVERS\rtp_elam.sys [28792 2025-03-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH) S3 rtu53cx22x64; C:\Windows\System32\DriverStore\FileRepository\rtu53cx22x64.inf_amd64_1ee4faae43c39815\rtu53cx22x64.sys [1166376 2026-01-28] (Realtek Semiconductor Corp. -> Realtek Corporation) S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_03831aeaaa2c730e\rtux64w10.sys [683520 2022-05-07] (Microsoft Windows -> Realtek Corporation) R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Patric Remus - ArchiCrypt - (Patric W.Remus) -> Softwareentwicklung Remus - ArchiCrypt -) R1 SLEE_19_DRIVER; C:\Windows\Sleen1964.sys [117848 2023-06-14] (Softwareentwicklung Patric Remus - ArchiCrypt - (Patric W.Remus) -> Softwareentwicklung Remus - ArchiCrypt -) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174264 2024-10-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50896 2024-10-17] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 STGMFEngine64; C:\Windows\system32\drivers\STGMFEngine64.sys [28576 2013-07-17] (Steganos Software GmbH -> Softwareentwicklung Remus - ArchiCrypt.com) S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [51192 2025-03-13] (OpenVPN Inc. -> The OpenVPN Project) S3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [41136 2025-08-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102576 2015-09-03] (Paragon Software GmbH -> ) R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25904 2015-09-03] (Paragon Software GmbH -> ) R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [701232 2015-09-03] (Paragon Software GmbH -> ) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2023-12-10] (Microsoft Windows -> ) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22080 2024-09-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [602392 2024-09-25] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2024-09-25] (Microsoft Windows -> Microsoft Corporation) R3 WiManHu; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_1d81bc4f31bf65c7\WiManHu\WiManHu.sys [218528 2025-10-20] (Intel Corporation -> Intel Corporation) S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2025-08-29] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) S3 ipf_lf; \SystemRoot\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_049e38a37c46edc4\ipf_lf.sys [X] S3 LenovoDiagnosticsDriver; \??\C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\3.6.0.15\LenovoDiagnosticsDriver.sys [X] S1 netprotection_network_filter; System32\drivers\netprotection_network_filter.sys [X] S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X] S1 S; C [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2026-04-11 16:44 - 2026-04-11 16:45 - 000000000 ____D C:\FRST 2026-04-11 16:30 - 2026-04-11 16:30 - 000003788 _____ C:\Windows\system32\Tasks\LvfCleanup 2026-04-11 16:30 - 2026-04-11 16:30 - 000003684 _____ C:\Windows\system32\Tasks\LvfGuiRemoval 2026-04-11 16:30 - 2026-04-11 16:30 - 000003032 _____ C:\Windows\system32\Tasks\LvfDriverRemoval 2026-04-11 14:36 - 2026-04-11 16:34 - 000000000 ___HD C:\$WINDOWS.~BT 2026-04-11 13:30 - 2026-04-11 13:30 - 000000000 ___HD C:\$GetCurrent 2026-04-11 13:28 - 2026-04-11 13:28 - 000005865 _____ C:\Users\geoff\AppData\LocalLow\ef7ba1911526c18b439a6cd2ee4fc846300fcd9a554925fe5c450c5d82905f0e 2026-04-11 13:28 - 2026-04-11 13:28 - 000000026 _____ C:\Users\geoff\AppData\LocalLow\041f53e514705154eef71e23616ec1099047b839d0389056ea7bb721642599a5 2026-04-11 13:27 - 2026-04-11 13:27 - 000001360 _____ C:\Users\geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk 2026-04-11 13:27 - 2026-04-11 13:27 - 000000000 ____D C:\Users\geoff\AppData\Local\PCHealthCheck 2026-04-11 13:26 - 2026-04-11 13:26 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant 2026-04-09 12:10 - 2026-04-11 13:23 - 000000000 ____D C:\Users\geoff\AppData\Local\D3DSCache 2026-04-09 10:40 - 2026-04-09 10:40 - 000000000 ____D C:\Windows\Minidump 2026-04-09 10:29 - 2026-04-09 10:29 - 000002264 _____ C:\Users\geoff\AppData\LocalLow\a40b9b80bda974540c6df592081c2808a5b27847b4a2dccf3fe65480e0ccea25 2026-04-09 10:27 - 2026-04-11 15:20 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\1216cfd2dc61d2b87567f87b49bf602188ae20d02420a425bb41cae2c26c4495 2026-04-09 10:27 - 2026-04-09 12:48 - 000002999 _____ C:\Users\geoff\AppData\LocalLow\319fcd818fdf67eda5f434ea0c2484677de91213492316cd314b06ea0c1e311f 2026-04-08 14:27 - 2026-04-08 14:27 - 000000128 _____ C:\Users\geoff\f7abcaeb11afa8d716d5721ce0ae73df02a9d630 2026-04-08 14:26 - 2026-04-12 01:28 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TaxCalcHub 2026-04-08 14:21 - 2026-04-08 14:21 - 000000000 ____D C:\Program Files\Acorah Software Products 2026-04-07 13:57 - 2026-04-07 13:57 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2026-04-05 14:12 - 2026-04-12 01:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiTrack 2026-04-05 14:12 - 2026-04-10 14:17 - 000000000 ____D C:\Users\geoff\AppData\Local\Norton AntiTrack 2026-04-04 12:04 - 2026-04-10 15:52 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\5a2b93c18146f4a0108c931162c7d79528ca7c8f3ffdca85210a5d1b701354fb 2026-04-04 12:04 - 2026-04-04 12:04 - 000000026 _____ C:\Users\geoff\AppData\LocalLow\af510ca894bc2042de0b102f37d1b034c575daa664d936c09d38185a7a615146 2026-04-04 10:34 - 2026-04-04 10:34 - 000003082 _____ C:\Windows\system32\Tasks\ASC_SkipUac_geoff 2026-04-04 10:26 - 2026-04-04 10:26 - 000621680 _____ C:\Windows\system32\FNTCACHE.DAT 2026-03-31 07:59 - 2026-04-12 01:28 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2026-03-31 07:59 - 2026-04-04 09:45 - 000003422 _____ C:\Windows\system32\Tasks\ZoomUpdateTaskUser-S-1-5-21-2837236113-4052516336-580648045-1001 2026-03-29 08:27 - 2026-03-29 08:27 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2026-03-29 08:26 - 2026-03-29 08:26 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2026-03-25 08:20 - 2026-04-12 01:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2026-03-21 13:41 - 2026-03-21 13:41 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2026-03-17 18:45 - 2026-04-12 01:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive 2026-03-17 17:59 - 2026-03-17 17:58 - 000323752 _____ (Gen Digital Inc.) C:\Windows\system32\nllBoot.exe 2026-03-12 17:59 - 2026-04-12 01:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology 2026-03-12 17:58 - 2026-03-12 17:59 - 000000000 ____D C:\Users\geoff\AppData\Local\SynologyDrive 2026-03-12 17:58 - 2026-03-12 17:58 - 000000000 ____D C:\Program Files\Synology ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2026-04-12 01:28 - 2026-02-15 03:42 - 000000000 ____D C:\Users\defaultuser100000.GEOFF_T14S.001\AppData\Roaming\Microsoft\Windows 2026-04-12 01:28 - 2026-02-15 03:42 - 000000000 ____D C:\Users\defaultuser100000.GEOFF_T14S.001\AppData\Roaming\Microsoft\Spelling 2026-04-12 01:28 - 2026-01-23 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 2026-04-12 01:28 - 2025-12-20 12:13 - 000000000 ____D C:\Users\defaultuser100000.GEOFF_T14S.000\AppData\Roaming\Microsoft\Windows 2026-04-12 01:28 - 2025-12-20 12:13 - 000000000 ____D C:\Users\defaultuser100000.GEOFF_T14S.000\AppData\Roaming\Microsoft\Spelling 2026-04-12 01:28 - 2025-12-04 10:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician 2026-04-12 01:28 - 2025-11-18 08:30 - 000000000 ____D C:\Users\defaultuser100000.GEOFF_T14S\AppData\Roaming\Microsoft\Windows 2026-04-12 01:28 - 2025-11-18 08:30 - 000000000 ____D C:\Users\defaultuser100000.GEOFF_T14S\AppData\Roaming\Microsoft\Spelling 2026-04-12 01:28 - 2025-11-15 07:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2026-04-12 01:28 - 2025-10-13 20:45 - 000000000 ____D C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Windows 2026-04-12 01:28 - 2025-10-13 20:45 - 000000000 ____D C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Spelling 2026-04-12 01:28 - 2025-10-08 18:22 - 000000000 ____D C:\Windows\SysWOW64\DATA 2026-04-12 01:28 - 2025-08-11 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iolo 2026-04-12 01:28 - 2025-08-04 02:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2026-04-12 01:28 - 2025-06-01 11:47 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Windows 2026-04-12 01:28 - 2025-06-01 11:47 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Spelling 2026-04-12 01:28 - 2025-02-13 05:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileCleaner 2026-04-12 01:28 - 2025-02-11 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo 2026-04-12 01:28 - 2025-02-10 11:51 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2026-04-12 01:28 - 2024-11-12 10:13 - 000000000 ____D C:\Windows\SysWOW64\installpath 2026-04-12 01:28 - 2024-06-07 07:48 - 000000000 ____D C:\Windows\system32\%userprofile% 2026-04-12 01:28 - 2024-03-31 09:15 - 000000000 ____D C:\Windows\system32\%LOCALAPPDATA% 2026-04-12 01:28 - 2024-02-17 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2026-04-12 01:28 - 2024-01-30 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCareFone Transfer 2026-04-12 01:28 - 2023-12-26 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyDuplicateFinder 2026-04-12 01:28 - 2023-12-17 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Safe 18 2026-04-12 01:28 - 2023-12-17 14:32 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nextbase 2026-04-12 01:28 - 2023-12-17 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DuplicatePhotoCleaner 2026-04-12 01:28 - 2023-12-17 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2026-04-12 01:28 - 2023-12-17 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter 2026-04-12 01:28 - 2023-12-16 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Privacy Suite 14 2026-04-12 01:28 - 2023-12-16 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2026-04-12 01:28 - 2023-12-16 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FolderClone 2026-04-12 01:28 - 2023-12-16 15:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exlade Cryptic Disk 5 2026-04-12 01:28 - 2023-12-16 15:13 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2026-04-12 01:28 - 2023-12-16 14:56 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2026-04-12 01:28 - 2023-12-16 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Savvy 2026-04-12 01:28 - 2023-12-16 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey 5 2026-04-12 01:28 - 2023-12-12 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon G3010 series On-screen Manual 2026-04-12 01:28 - 2023-12-12 09:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptic Disk 2026-04-12 01:28 - 2023-12-12 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete 2026-04-12 01:28 - 2023-12-12 09:18 - 000000000 ____D C:\Windows\SHELLNEW 2026-04-12 01:28 - 2023-12-12 09:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2026-04-12 01:28 - 2023-12-10 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 2026-04-12 01:28 - 2023-12-10 18:55 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE 2026-04-12 01:28 - 2023-12-10 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 15 Suite 2026-04-12 01:28 - 2023-12-10 16:57 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2026-04-12 01:28 - 2023-12-10 15:40 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Windows 2026-04-12 01:28 - 2023-12-10 15:40 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Spelling 2026-04-12 01:28 - 2023-12-10 15:40 - 000000000 ____D C:\Users\geoff 2026-04-12 01:28 - 2022-05-25 20:09 - 000000000 __RHD C:\Users\Public\AccountPictures 2026-04-12 01:28 - 2022-05-07 07:10 - 000000000 ____D C:\Windows\system32\Hydrogen 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\InstallShield 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\SecurityHealth 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\NDF 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\MsDtc 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\Drivers\DriverData 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\AppLocker 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellComponents 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\Registration 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows 2026-04-12 01:28 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2026-04-11 22:16 - 2026-02-15 03:42 - 000000000 ___SD C:\Users\defaultuser100000.GEOFF_T14S.001\AppData\Roaming\Microsoft\Crypto 2026-04-11 22:16 - 2026-02-15 03:42 - 000000000 ____D C:\Users\defaultuser100000.GEOFF_T14S.001 2026-04-11 22:16 - 2025-12-20 12:13 - 000000000 ___SD C:\Users\defaultuser100000.GEOFF_T14S.000\AppData\Roaming\Microsoft\Crypto 2026-04-11 22:16 - 2025-12-20 12:13 - 000000000 ____D C:\Users\defaultuser100000.GEOFF_T14S.000 2026-04-11 22:16 - 2025-11-18 08:31 - 000000000 ___SD C:\Users\defaultuser100000.GEOFF_T14S\AppData\Roaming\Microsoft\Crypto 2026-04-11 22:16 - 2025-11-18 08:30 - 000000000 ____D C:\Users\defaultuser100000.GEOFF_T14S 2026-04-11 22:16 - 2025-10-13 20:45 - 000000000 ___SD C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Crypto 2026-04-11 22:16 - 2025-10-13 20:45 - 000000000 ____D C:\Users\defaultuser100001 2026-04-11 22:16 - 2025-06-01 11:47 - 000000000 ___SD C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Crypto 2026-04-11 22:16 - 2025-06-01 11:47 - 000000000 ____D C:\Users\defaultuser100000 2026-04-11 22:16 - 2023-12-10 16:33 - 000000000 ___SD C:\Users\geoff\AppData\Roaming\Microsoft\Crypto 2026-04-11 16:39 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF 2026-04-11 16:38 - 2023-11-04 00:03 - 000871862 _____ C:\Windows\system32\PerfStringBackup.INI 2026-04-11 16:38 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp 2026-04-11 16:38 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2026-04-11 16:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness 2026-04-11 16:35 - 2025-06-27 01:12 - 001243302 _____ C:\Users\geoff\AppData\LocalLow\280a335bccbc086ab0a6b571e6ad2a72cec7fdba5ac66aee8e67056040e45ff9 2026-04-11 16:34 - 2024-10-25 10:18 - 000001212 _____ C:\ProgramData\pdinst.ini 2026-04-11 16:32 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2026-04-11 16:30 - 2025-09-02 04:10 - 000000000 ____D C:\ProgramData\Norton 2026-04-11 16:30 - 2025-04-01 01:31 - 000000000 ____D C:\Program Files\Endpoint Protection SDK 2026-04-11 16:30 - 2025-03-31 03:29 - 000012288 ___SH C:\DumpStack.log.tmp 2026-04-11 16:30 - 2023-12-11 06:30 - 000001623 _____ C:\Windows\system32\config\VSMIDK 2026-04-11 16:30 - 2022-05-25 20:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2026-04-11 16:30 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ServiceState 2026-04-11 16:23 - 2022-05-25 20:06 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2026-04-11 16:16 - 2025-04-01 01:32 - 011382656 _____ C:\Windows\system32\rtp.db 2026-04-11 16:16 - 2022-05-07 06:17 - 001835008 _____ C:\Windows\system32\config\BBI 2026-04-11 16:15 - 2023-11-04 00:16 - 000001908 _____ C:\Windows\diagwrn.xml 2026-04-11 16:15 - 2023-11-04 00:16 - 000001908 _____ C:\Windows\diagerr.xml 2026-04-11 14:54 - 2026-03-05 07:38 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\7c986b761eb8b1b31ae3d9d9d3f9ea87f705e254509db3cd4e3ae9c98cee3d26 2026-04-11 14:45 - 2022-05-25 21:03 - 000000000 ____D C:\Windows\panther 2026-04-11 14:29 - 2025-01-25 02:35 - 000000000 ____D C:\ProgramData\Goodix 2026-04-11 14:29 - 2022-05-25 20:05 - 000000000 ____D C:\Windows\system32\SleepStudy 2026-04-11 14:15 - 2025-06-24 09:12 - 000000298 _____ C:\Users\geoff\AppData\LocalLow\fa2d7766937a8a091ba45c72c7db2c2af649069bebe28e9b724f4eaebbcd8952 2026-04-11 13:54 - 2023-12-17 11:26 - 000000000 ____D C:\Users\geoff\AppData\Local\Wondershare 2026-04-11 13:41 - 2025-06-27 01:12 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\5b7314b95713eed7294f0feac9775a2d0b4036e9cd0270b6865fe91c5a0a120c 2026-04-11 13:22 - 2023-12-10 19:22 - 000000000 ____D C:\ProgramData\ProductData3 2026-04-11 13:04 - 2026-02-19 07:37 - 000003542 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2026-04-11 13:04 - 2023-12-29 21:17 - 000002870 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-geoff_shutt@outlook.com 2026-04-11 11:39 - 2025-08-10 08:06 - 000202556 _____ C:\Users\geoff\AppData\LocalLow\a4682aa374782ac4300c7d9ab1694f730f25167cabedfa3fb945a4909731f2af 2026-04-11 11:37 - 2025-06-23 01:22 - 000120069 _____ C:\Users\geoff\AppData\LocalLow\b10927f4f99d016456bdc0ed30cfe0747cecdd879fce222bdc605200f42671c9 2026-04-11 08:16 - 2023-12-26 10:51 - 000000000 ____D C:\Users\geoff\AppData\Roaming\utorrent 2026-04-11 08:15 - 2023-12-16 12:45 - 000000000 ____D C:\Users\geoff\AppData\Local\Adobe 2026-04-11 07:38 - 2026-03-05 07:38 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\d4246a59ca2e5f20d6494096481f7e3a14a6dbd2bb370927a3923c4bbc7e4a65 2026-04-11 07:35 - 2026-03-05 07:38 - 000357997 _____ C:\Users\geoff\AppData\LocalLow\8b133c3db8a984953a80c4af709ad9f4f170f08867bb6a0324a60d9a56d1750a 2026-04-11 06:51 - 2023-12-10 16:49 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2026-04-10 17:22 - 2023-12-10 17:32 - 000000000 ____D C:\Users\geoff\AppData\Local\CrashDumps 2026-04-10 15:30 - 2025-08-24 09:46 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\4569a27922b731987c581c6dbf4276a0872d7419db9c5da3719645d36a8330d6 2026-04-10 15:29 - 2023-12-16 16:22 - 000000000 ____D C:\Windows\system32\Tasks\HP 2026-04-10 15:29 - 2023-12-16 16:22 - 000000000 ____D C:\Program Files\HPPrintScanDoctor 2026-04-10 14:30 - 2025-08-24 09:46 - 000649394 _____ C:\Users\geoff\AppData\LocalLow\d51a2cf3d84c8c82af036bfa50e3d56c24acd3b2927a9ac7b1e314043e074b71 2026-04-10 11:33 - 2023-12-11 06:33 - 000000000 ____D C:\ProgramData\WindowsPerformanceRecorder 2026-04-10 07:03 - 2023-12-10 20:00 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Excel 2026-04-10 06:24 - 2025-12-07 07:06 - 000000000 ____D C:\Wondershare UniConverter 17 2026-04-09 16:50 - 2023-12-26 10:47 - 000000000 ____D C:\Users\geoff\AppData\Local\BitTorrentHelper 2026-04-09 15:05 - 2025-06-24 09:12 - 000182966 _____ C:\Users\geoff\AppData\LocalLow\bfaaca2235a95a6418ba2e4f2f65b2b5244a4d42c8b2962201ae1749cb378c49 2026-04-09 14:25 - 2023-12-10 16:35 - 000000000 ____D C:\Users\geoff\AppData\Local\packages 2026-04-09 12:13 - 2023-12-16 12:48 - 000000000 ____D C:\Program Files\Adobe 2026-04-09 08:44 - 2024-02-09 13:38 - 000000000 ____D C:\Users\geoff\AppData\Local\ElevatedDiagnostics 2026-04-09 08:30 - 2023-12-10 18:10 - 000000000 ____D C:\Windows\TempInst 2026-04-08 14:26 - 2023-12-16 13:26 - 000264890 _____ C:\Users\geoff\AppData\Local\asp_taxcalc_install_log.txt 2026-04-08 14:26 - 2023-12-16 13:26 - 000000000 ____D C:\Program Files (x86)\Acorah Software Products 2026-04-08 14:22 - 2023-12-16 13:26 - 000000000 ____D C:\Users\geoff\AppData\Local\Acorah Software Products 2026-04-08 08:45 - 2023-11-03 23:56 - 000000000 ____D C:\Program Files\Microsoft Office 2026-04-08 08:44 - 2023-12-17 10:23 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Word 2026-04-08 06:45 - 2022-05-25 20:06 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2026-04-08 06:45 - 2022-05-25 20:06 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2026-04-07 14:19 - 2023-12-26 17:30 - 000000000 ____D C:\Users\geoff\AppData\Roaming\vlc 2026-04-05 14:12 - 2025-09-02 04:41 - 000000000 ____D C:\Program Files\Norton 2026-04-05 09:47 - 2023-12-10 20:00 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\Office 2026-04-04 16:14 - 2023-12-10 17:39 - 000000000 ____D C:\ProgramData\launcher 2026-04-04 15:24 - 2023-12-17 13:07 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Microsoft\OIS 2026-04-04 10:33 - 2022-05-25 20:06 - 000000000 ____D C:\ProgramData\Packages 2026-04-04 10:26 - 2023-12-26 16:24 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2026-04-04 08:32 - 2023-12-10 19:57 - 000000000 ____D C:\Users\geoff\AppData\Roaming\Zoom 2026-04-02 15:56 - 2025-10-26 08:33 - 000074276 _____ C:\Users\geoff\AppData\LocalLow\f08c931f57cec0d616cc1994f4ac2a72d9ec6e0e50027f61f97f291035c96312 2026-04-02 15:55 - 2025-10-26 08:34 - 000000026 _____ C:\Users\geoff\AppData\LocalLow\6fc45a6a2fc12127f7280951d8891c3ffd77e03ed4016595b89e23735ce34fcc 2026-04-02 12:38 - 2023-12-12 10:11 - 000000000 ____D C:\ProgramData\CanonIJPLM 2026-04-02 10:09 - 2025-06-26 11:04 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\3625852ab16555c824812cdd0efaaba256b7d58920da617448b9557f15c77a26 2026-04-01 15:41 - 2025-12-17 06:36 - 000002264 _____ C:\Users\geoff\AppData\LocalLow\52f2559d0e62a8268d824845240908d9f2e428c1d01c0029637b5ccd422bd90b 2026-04-01 15:41 - 2025-08-10 08:06 - 000000634 _____ C:\Users\geoff\AppData\LocalLow\6a7eccf3f5e6eafd31a7224bc5029ea755c3067e43a15c37f20da7d4237f812f 2026-04-01 15:38 - 2025-07-07 03:29 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\f9f72d6c44faefeee51414aeb62639d0ca35f91237e9de88717f680ee71d639d 2026-04-01 06:59 - 2025-07-07 03:29 - 000132404 _____ C:\Users\geoff\AppData\LocalLow\5da71f2edea7a6ce04249bca1189d51e794c06d6a313bb3383bcd9df4b78b466 2026-04-01 06:59 - 2025-06-18 02:36 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\6c52bd95712cdd3b9938208cc707d398b5e6182a1987038aa22fbcc3893e401c 2026-03-29 15:21 - 2025-07-03 04:48 - 000000130 _____ C:\Users\geoff\AppData\LocalLow\e26b03febab361362bcd2386e22ecfe37c94e0b21f716466a4fe677d3acce274 2026-03-29 08:26 - 2025-01-18 14:25 - 000003546 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2837236113-4052516336-580648045-1001 2026-03-29 08:26 - 2023-12-10 16:40 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2837236113-4052516336-580648045-1001 2026-03-25 08:21 - 2023-12-11 06:31 - 000000000 ____D C:\ProgramData\Package Cache 2026-03-20 15:06 - 2025-06-24 09:12 - 000105082 _____ C:\Users\geoff\AppData\LocalLow\8517d0ed2921178a5fd5820d09f8956a56abe5dbf20ea76a81f4567947d28b07 2026-03-20 14:59 - 2025-07-03 04:48 - 000000026 _____ C:\Users\geoff\AppData\LocalLow\1c3fb9226d57ab2c1fe5dc19cc25c93d08fefe7dba191d52ff48479fc7ecc413 2026-03-20 14:58 - 2025-07-03 04:38 - 000000026 _____ C:\Users\geoff\AppData\LocalLow\6b468e038d03d356a9398b737039fabea8c32b40f30de6d5e0c889fd27be6546 2026-03-20 09:46 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp 2026-03-17 18:45 - 2026-01-22 09:58 - 000003944 _____ C:\Windows\system32\Tasks\IDriveServiceHealthCheck 2026-03-17 18:45 - 2026-01-22 09:57 - 000000000 ____D C:\ProgramData\IDrive 2026-03-17 18:45 - 2026-01-22 09:57 - 000000000 ____D C:\Program Files (x86)\IDriveWindows 2026-03-17 18:40 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\ELAMBKUP 2026-03-17 17:59 - 2025-09-02 04:11 - 000000000 ____D C:\Windows\system32\Tasks\Norton 2026-03-16 13:32 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2026-03-14 17:23 - 2023-12-17 14:32 - 000000000 ____D C:\Program Files\TeamViewer 2026-03-12 12:53 - 2025-02-10 11:51 - 000000000 ____D C:\Users\geoff\AppData\Local\LenovoServiceBridge ==================== Files in the root of some directories ======== 2023-12-16 13:26 - 2026-04-08 14:26 - 000264890 _____ () C:\Users\geoff\AppData\Local\asp_taxcalc_install_log.txt 2024-05-20 01:39 - 2024-05-20 01:39 - 000000000 _____ () C:\Users\geoff\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================