Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2026 Ran by ThinkPad (01-05-2026 23:08:42) Running from C:\Attachments to Agent Microsoft Windows 10 Pro Version 22H2 19045.7184 (X64) (2023-02-12 12:58:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-392841454-1143268526-995401741-500 - Administrators - Enabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-392841454-1143268526-995401741-503 - Limited - Disabled) Guest (S-1-5-21-392841454-1143268526-995401741-501 - Limited - Disabled) ThinkPad (S-1-5-21-392841454-1143268526-995401741-1001 - Administrators - Enabled) => C:\Users\ThinkPad WDAGUtilityAccount (S-1-5-21-392841454-1143268526-995401741-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Disabled - Up to date) {A537353A-1D6A-F6B5-9153-CE1CF80FBE66} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Symantec Endpoint Protection (Enabled - Up to date) {105FEBEE-B416-F6CA-F07C-C106F8D8DB93} FW: Symantec Endpoint Protection (Enabled) {28646ACB-FE79-F792-DB23-6833060B9CE8} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov) Acronis Drivers (HKLM\...\{29A4182B-A142-46CD-9A4F-7542675C98A4}) (Version: 30.0.42752 - Acronis) Hidden Acronis True Image for Western Digital (HKLM-x32\...\{9DE75035-386E-4DF5-8A83-4D24A9B6A7EF}) (Version: 30.0.42752 - Acronis) Hidden Acronis True Image for Western Digital (HKLM-x32\...\{9DE75035-386E-4DF5-8A83-4D24A9B6A7EF}Visible) (Version: 30.0.42752 - Acronis) Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_3) (Version: 24.3.0.376 - Adobe Inc.) Advanced Renamer (32-bit) (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.85 - Hulubulu Software) Any Video Converter 9.1.10 (HKLM-x32\...\Any Video Converter) (Version: 9.1.10 - Anvsoft) AnyViewer 5.2.0 (HKLM-x32\...\{3FCBAE69-8C96-4FBC-BD80-D4C1EFA9A629}_is1) (Version: 5.2.0.0 - AOMEI International Network Limited) ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 8.6 - A Must in Every Office BV - Bastien Mensink) Audacity 3.7.7 (HKLM\...\Audacity_is1) (Version: 3.7.7 - Audacity Team) Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden Avidemux VC++ 64bits (HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\{079f8112-7370-4329-bb8f-11d8aa491676}) (Version: 2.8.1 - Mean) Backblaze (HKLM-x32\...\{1C1D7880-DD16-480F-9B12-3D66312BD64B}) (Version: 10.0.0.1029 - Backblaze, Inc) Better File Rename 6.27 (HKLM\...\Better File Rename 6_is1) (Version: - publicspace.net) BleachBit (HKLM-x32\...\BleachBit) (Version: 5.0.2.3065 - BleachBit) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bullzip PDF Printer 11.1.0.2600 (HKLM-x32\...\Bullzip PDF Printer_is1) (Version: 11.1.0.2600 - Bullzip) Bullzip PDF Printer 12.0.0.2872 (HKLM\...\Bullzip PDF Printer_is1) (Version: 12.0.0.2872 - Bullzip) BurnAware Professional 7.8 (HKLM-x32\...\BurnAware Professional_is1) (Version: - Burnaware) calibre 64bit (HKLM\...\{98516208-E016-4DED-842C-26035BAE385E}) (Version: 9.7.0 - Kovid Goyal) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP) ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - ) Copilot (HKLM-x32\...\Microsoft Copilot) (Version: 147.0.3912.93 - Microsoft Corporation) Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{E640FF5E-9022-414D-B665-79C146EDCAA3}) (Version: 22.1.514 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM (x64) (HKLM\...\{0E0F6EBF-E2BA-4B1A-ADEC-CAF4612B2AC7}) (Version: 22.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content BR (x64) (HKLM\...\{AE21B6DA-78D3-4772-81EF-9A0163BDB0C6}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content CS (x64) (HKLM\...\{EFAB3BB7-4DD2-428F-B895-F915A689B46B}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content CT (x64) (HKLM\...\{54DADE81-4911-41B9-9FA6-76C57647FB34}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content CZ (x64) (HKLM\...\{2573B4F8-4C8F-4028-A1A9-500EE2ADE30A}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content DE (x64) (HKLM\...\{9A7ABF9B-1CF1-452F-B6A9-1FD425AD12D9}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content EN (x64) (HKLM\...\{C796DB48-473A-4F12-998D-0D690570D633}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content ES (x64) (HKLM\...\{38B83748-7D9B-48DB-94EE-004D49E84BD3}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content FR (x64) (HKLM\...\{E2E7B6E9-3A6F-4421-8D1F-24ED7647B00A}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content IT (x64) (HKLM\...\{EEC60482-484C-4B29-BB56-0C04F086B372}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content JP (x64) (HKLM\...\{7AB150FE-BF0D-44F9-934A-7BC87CB9FB01}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content NL (x64) (HKLM\...\{0A404310-BE95-47B5-BE1C-5C664490EE17}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content PL (x64) (HKLM\...\{5FC18E59-85FC-478D-93C8-266AB375FF1F}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content RU (x64) (HKLM\...\{F015285B-E950-48BF-A4C6-0A1DD2C9739E}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content TR (x64) (HKLM\...\{034009FF-1AB3-4340-A66D-CBF594C1A0F2}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Writing Tools (x64) (HKLM\...\{F404C086-454C-4485-B5F1-F3C11B8DF452}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM (x64) (HKLM\...\{91244601-943D-4CE5-B536-BE4602B3A6F0}) (Version: 25.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content BR (x64) (HKLM\...\{A87F3C91-627A-4B6D-8AC1-A9B1BA312D32}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content CS (x64) (HKLM\...\{57B65B6F-FC7D-44D3-B471-5DDCC24AD7DF}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content CT (x64) (HKLM\...\{0420CFDD-7A5B-4E04-9AFF-A4916F5CEEFC}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content CZ (x64) (HKLM\...\{5CE82AD2-88AB-434E-A79F-57994AC28479}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content DE (x64) (HKLM\...\{5C4737BC-2976-47D0-B563-5DD2956FE764}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content EN (x64) (HKLM\...\{BF53959A-347C-4066-BB86-581E15E87C14}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content ES (x64) (HKLM\...\{55AA8F93-77A0-4F27-9588-E43D5EA11FDA}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content FR (x64) (HKLM\...\{1D409361-3941-4E90-B872-3E74BF573EB9}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content IT (x64) (HKLM\...\{B2E5A043-7CA9-4ECA-AD33-297B474C5A98}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content JP (x64) (HKLM\...\{F39221A5-DD47-47F1-B290-5CC32A76D549}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content NL (x64) (HKLM\...\{C114B1A6-24FC-4937-8D7D-A67F6FE1AB06}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content PL (x64) (HKLM\...\{419CD930-FB7B-48D8-A1DA-D9FBE2FC14BF}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content RU (x64) (HKLM\...\{294FDD8F-DFDA-40D2-A2C7-C839DC04ECA7}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content SV (x64) (HKLM\...\{662C2DD8-039A-4A8A-8E4C-B13FF4C7361E}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - IPM Content TR (x64) (HKLM\...\{DC3232F3-51FC-44D6-B02D-B94AE029A97A}) (Version: 25.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 - Writing Tools (x64) (HKLM\...\{25277E1E-327C-45C3-9326-D4ED625A0315}) (Version: 25.2 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2024 (HKLM\...\_{BF7DC911-5F92-49B9-A914-E91E19DF4A12}) (Version: 25.2.0.301 - Corel Corporation) Crucial Storage Executive (HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\Crucial Storage Executive 10.01.012024.00) (Version: 10.07.072024.01 - Crucial) Defraggler (HKLM-x32\...\Defraggler) (Version: 2.22 - Piriform) DeltaVision Classic Menu for Office 2019 (HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\DELTAVISION OFFICE 2019 CLASSIC MENU (USERSETUP)_IS1) (Version: 3.1 - DeltaVision Informatik GmbH) Driver Support One (HKLM-x32\...\DSOne) (Version: 1.4.7446.23844 - Asurvio, LP) <==== ATTENTION DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) Eraser 6.2.0.2992 (HKLM\...\{6735C886-F5F0-446A-BB8C-03B92BA6775D}) (Version: 6.2.2992 - The Eraser Project) Exact Audio Copy 1.8 (HKLM-x32\...\Exact Audio Copy) (Version: 1.8 - Andre Wiethoff) ExtractNow (HKLM-x32\...\ExtractNow) (Version: 4.8.2.0 - Nathan Moinvaziri) Family Tree Heritage (HKLM-x32\...\Family Tree Heritage) (Version: 16.3 - Individual Software Inc) FastStone Capture 11.2 (HKLM-x32\...\FastStone Capture) (Version: 11.2 - FastStone Corporation) FFmpeg v2.2.2 for Audacity - 64bit (HKLM\...\FFmpeg for Audacity_is1) (Version: - ) FileZilla 3.69.5 (HKLM-x32\...\FileZilla Client) (Version: 3.69.5 - Tim Kosse) Forté Agent (HKLM-x32\...\{9B867430-CF67-4989-A414-68DF625D5D15}) (Version: 8.00.1272 - Forté Internet Software, Inc.) Freemake Video Converter version 6.0.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 6.0.0 - Mixbyte Inc.) Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries) Ghostscript GPL 10.03.1 (Msi Setup) (HKLM\...\_{476FD34A-6D96-497A-9B55-63F3A9A8B3C0}) (Version: 10.03.1 - Corel Corporation) Ghostscript GPL 10.03.1 (Msi Setup) (HKLM\...\{476FD34A-6D96-497A-9B55-63F3A9A8B3C0}) (Version: 10.03.1 - Corel Corporation) Hidden GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.13.5 - Siber Systems) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 147.0.7727.138 - Google LLC) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.56.1) (Version: 9.56.1 - Artifex Software Inc.) GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.) GSplit 3 (HKLM-x32\...\GSplit3Set) (Version: 3.0.1.0 - G.D.G. Software) HD Video Converter Factory Pro 27.6 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 27.6 - WonderFox Soft, Inc.) Hekasoft Backup & Restore 1.0.0.0 (HKLM\...\{PBR27112011-M1447-7KS6-C3E2-1X8374W715U4}_is1) (Version: 1.0.0.0 - Hekasoft) Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod) High-Logic MainType 11 (HKLM\...\MainType4_is1) (Version: - High-Logic B.V.) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Chipset Device Software (HKLM\...\{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel(R) Corporation) IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.3.0.11 - IObit) IrfanView 4.73 (64-bit) (HKLM\...\IrfanView64) (Version: 4.73 - Irfan Skiljan) ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH) KC Softwares Ignition (HKLM-x32\...\KC Softwares Ignition_is1) (Version: 2.26.3.77 - KC Softwares) Kindle Previewer (HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\KindlePreviewer) (Version: 2.94 - Amazon) Kits Configuration Installer (HKLM-x32\...\{CF83D17D-FB70-21A1-36E4-37EE7EC1B587}) (Version: 10.1.22000.832 - Microsoft) Hidden Legacy 9.0 (HKLM-x32\...\Legacy 9.0) (Version: 9.0 - Millennia Corporation) Lenovo Service Bridge (HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.20 - Lenovo) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.2601.21.0 - Lenovo Group Ltd.) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) Macrium Reflect Free (HKLM\...\{A302C59F-C733-4DA0-9611-1286A9051D15}) (Version: 8.0.7783 - Paramount Software (UK) Ltd.) Hidden Macrium Reflect Free (HKLM\...\MacriumReflect) (Version: v8.0.7783 - Paramount Software (UK) Ltd.) Malwarebytes version 5.5.4.252 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.5.4.252 - Malwarebytes) MediaInfo 0.7.92 (HKLM-x32\...\MediaInfo) (Version: 0.7.92 - MediaArea.net) MediaInfo 25.04 (HKLM\...\MediaInfo) (Version: 25.04 - MediaArea.net) Microsoft .NET Core Host - 3.1.22 (x64) (HKLM\...\{B343AEBD-9A5A-40B7-A032-81163019A913}) (Version: 24.88.30721 - Microsoft Corporation) Hidden Microsoft .NET Core Host FX Resolver - 3.1.22 (x64) (HKLM\...\{87DE9382-0F95-4768-98B8-BB5C1AB2B94F}) (Version: 24.88.30721 - Microsoft Corporation) Hidden Microsoft .NET Core Runtime - 3.1.22 (x64) (HKLM\...\{44D628C6-14F5-48F2-89F9-6C0A5FF2B9F0}) (Version: 24.88.30721 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.10 (x64) (HKLM\...\{0222FFF1-57A3-48A6-9AD2-0D6B5D0172B3}) (Version: 48.43.48869 - Microsoft Corporation) Hidden Microsoft .NET Host - 8.0.8 (x64) (HKLM\...\{3BA242F8-BDB5-4096-9FBC-333CD663BBAD}) (Version: 64.32.18380 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.10 (x64) (HKLM\...\{A93C4E12-1BAB-4CFB-ADBC-9CE0B93176FF}) (Version: 48.43.48869 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 8.0.8 (x64) (HKLM\...\{7FE24458-0796-4428-99C2-9A0F8DAB93CC}) (Version: 64.32.18380 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.10 (x64) (HKLM\...\{A2A39CB9-677D-4299-8537-C00B99F3D4A4}) (Version: 48.43.48869 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 8.0.8 (x64) (HKLM\...\{9ACB23DB-4D32-49ED-A5E3-F4E2F8D9D2AA}) (Version: 64.32.18380 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 147.0.3912.98 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 147.0.3912.86 - Microsoft Corporation) Hidden Microsoft Office Home and Business 2019 - en-us (HKLM\...\HomeBusiness2019Retail - en-us) (Version: 16.0.19127.20302 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-392841454-1143268526-995401741-500\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{90120064-0070-0000-0000-4000000FF1CE}) (Version: 7.1.00.00 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{90F60409-7000-11D3-8CFE-0150048383C9}) (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (HKLM\...\{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211 (HKLM-x32\...\{d8bbe9f9-7c5b-42c6-b715-9ee898a2e515}) (Version: 14.44.35211.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34438 (HKLM-x32\...\{ba10fda9-f731-441f-a999-000bbb7ceec2}) (Version: 14.42.34438.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211 (HKLM\...\{86AB2CC9-08BD-4643-B0F9-F82D006D72FF}) (Version: 14.44.35211 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211 (HKLM\...\{43B0D101-A022-48F4-9D04-BA404CEB1D53}) (Version: 14.44.35211 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34438 (HKLM-x32\...\{A5592FEF-F948-4BA6-A066-8BBFC2DC7EE1}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34438 (HKLM-x32\...\{5D0C4511-3CA1-4FF8-A4BA-C0E1957ABEEA}) (Version: 14.42.34438 - Microsoft Corporation) Hidden Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 3.1.22 (x64) (HKLM\...\{D5C6F442-F51D-4D15-82C1-61E3435BA3C8}) (Version: 24.88.30721 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 3.1.22 (x64) (HKLM-x32\...\{68de94b9-46ac-495e-a96b-de484c02f5b3}) (Version: 3.1.22.30721 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.10 (x64) (HKLM\...\{3EC7701F-54F2-491D-AFD1-0395F465BC5A}) (Version: 48.43.48870 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.10 (x64) (HKLM-x32\...\{ff748137-9c9a-4056-be0a-48c7e465453c}) (Version: 6.0.10.31726 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 8.0.8 (x64) (HKLM\...\{663E7053-3B36-4AE5-8223-234867FAEAE6}) (Version: 64.32.18376 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 8.0.8 (x64) (HKLM-x32\...\{33832ff3-5583-4b81-b270-d9fd42760e1a}) (Version: 8.0.8.33916 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: 7.83 - mIRC Co. Ltd.) MKVToolNix 95.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 95.0.0 - Moritz Bunkus) MKVToolNix 98.0.0 (64-bit) (HKLM\...\MKVToolNix) (Version: 98.0.0 - Moritz Bunkus) Movavi Slideshow Maker 23 (HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\Movavi Slideshow Maker 23) (Version: 23.3.0 - Movavi) Movavi Slideshow Maker 8 (HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\Movavi Slideshow Maker 8) (Version: 8.0.0 - Movavi) Movavi Video Editor 23 (HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\Movavi Video Editor 23) (Version: 23.5.1 - Movavi) Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox) (Version: 150.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.11.0 - Mozilla) Mozilla Thunderbird ESR (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 140.5.0 ESR (x86 en-US)) (Version: 140.5.0 - Mozilla) MSI Development Tools (HKLM-x32\...\{95A498A9-5E6E-5779-1523-876224F41F94}) (Version: 10.1.22000.832 - Microsoft Corporation) Hidden Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.90 - DJI Interprises, LLC) Nitro PDF Pro (HKLM\...\{9AA308E2-8B8E-4870-A5C7-9AF232940FA6}) (Version: 14.43.6.0 - Nitro) Hidden Nitro PDF Pro (HKLM-x32\...\{5e1066d8-77e5-41c8-94f1-747c8ebe8633}) (Version: 14.43.6.0 - Nitro) NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.5.0.1028 - Nord Security) NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 8.1.2.0 - Nord Security) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.8.1 - Notepad++ Team) NZBGet (HKLM-x32\...\NZBGet) (Version: 25.4 - nzbget.com) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.19127.20154 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.19127.20154 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.19127.20302 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Open-Shell (HKLM\...\{F4B6EE58-F183-4B0D-930B-4480673C0F5B}) (Version: 4.4.160 - The Open-Shell Team) Orca (HKLM-x32\...\{3305BEAE-D87B-A4BB-F4C3-C96848AD7D4D}) (Version: 10.1.22000.832 - Microsoft Corporation) Passware Kit Forensic 13.5 (32-bit) (HKLM-x32\...\{A7675596-D739-465F-8F2E-3761469AA30B}) (Version: 13.5.8557 - Passware) PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden PDFPasswordRemoverPro Personal Edition (HKLM-x32\...\{DC2735D0-E2CE-4EB2-9DAF-E6283CCB8138}) (Version: 4.0 - XenArmor) Hidden PowerToys (Preview) (HKLM\...\{23F8E1BE-FE45-4FAD-B98C-1932DCDD0B70}) (Version: 0.99.1 - Microsoft Corporation) Hidden PowerToys (Preview) x64 (HKLM\...\{39FF9837-4722-49F9-92B9-051A50B1E36F}) (Version: 0.99.1 - Microsoft Corporation) Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.67.7 - Quicken) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) Recuva (HKLM\...\Recuva) (Version: 1.54 - Piriform) ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 7.5.0.0 - den4b Team) RoboForm 9-9-4-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 9.9.4.6 - Siber Systems) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.50.0 - Samsung Electronics Co., Ltd.) Sandboxie 5.31.6 (32-bit) (HKLM-x32\...\Sandboxie) (Version: 5.31.6 - Sandboxie Holdings, LLC) Shutter Encoder (64bit) (HKLM-x32\...\{AC8B2037-70E7-46C7-92B9-DC797E4F4674}_is1) (Version: 20.0 - Paul Pacifico) Sigil 2.4.2 (HKLM\...\Sigil_is1) (Version: 2.4.2 - Sigil-Ebook) SizeMe 2,0,0,1926 (HKLM-x32\...\SizeMe) (Version: 2,0,0,1926 - Werner Werner & Werner ANS) Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.22044.1 - Samsung Electronics Co., Ltd.) Hidden Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.22044.1 - Samsung Electronics Co., Ltd.) SoftOrbits version 1.2 (HKLM-x32\...\SoftOrbits_is1) (Version: 1.2 - SoftOrbits) Subtitle Edit (HKLM\...\SubtitleEdit_is1) (Version: 4.0.15.0 - Nikse) Symantec Endpoint Protection (HKLM\...\{D2DF790F-FA74-46BB-B250-8B494599BCEB}) (Version: 14.3.3384.1000 - Broadcom) TreeSize Free V4.8.1 (HKLM\...\TreeSize Free_is1) (Version: 4.8.1 - JAM Software) TurboFTP (remove only) (HKLM\...\TurboFTP) (Version: - ) TurboTax 2015 WinPerFedFormset (HKLM-x32\...\{08D0C864-211B-4095-8C3E-2D2CAB64CDA9}) (Version: 015.000.2677 - Intuit Inc.) Hidden TurboTax 2015 WinPerFuegoContent (HKLM-x32\...\{B48A745E-B79A-417F-8775-421EF44C92D1}) (Version: 015.000.0429 - Intuit Inc.) Hidden TurboTax 2022 (HKLM-x32\...\{E02EC8E6-200F-4BF9-AF32-572FEA31F457}) (Version: 022.000.0587 - Intuit Inc.) TurboTax 2023 (HKLM\...\{E562E609-8B17-48CF-A82C-0A78ED485299}) (Version: 023.000.0449 - Intuit Inc.) TurboTax 2024 (HKLM\...\{56B8F481-EA41-46F5-9053-E3873DFE9290}) (Version: 024.000.0350 - Intuit Inc.) TurboTax 2025 (HKLM\...\{0F2DF2C8-F0B4-47E0-9F1F-3DE01AF7CDCA}) (Version: 025.000.0290 - Intuit Inc.) Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 4.0.0 - Tweaking.com) UltraISO Premium V9.76 (HKLM-x32\...\UltraISO_is1) (Version: 9.76 - EZB Systems, Inc.) UltraSearch V1.6.1 (HKLM-x32\...\UltraSearch_is1) (Version: 1.6.1 - JAM Software) Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod) Unlocker 1.9.0 (HKLM-x32\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb) Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation) UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.23 - VideoLAN) VSO ConvertXToDVD 5 (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.43 - VSO Software) VueScan x64 (HKLM\...\VueScan x64) (Version: 9.8.53.01 - Hamrick Software) WD Backup (HKLM-x32\...\{2d518703-86c4-46c8-99c1-f3789dd3ecd0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc.) WD Backup (HKLM-x32\...\{5491B486-8812-4202-AB8C-865AB636ACF0}) (Version: 1.9.7435.38388 - Western Digital Technologies, Inc) Hidden WD Desktop App 2.1.0.313 (HKLM-x32\...\{756e70ec-1fb0-41c8-896b-df0302d17bff}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden WD Desktop App 2.1.0.313 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.327 - Western Digital Technologies, Inc.) WD Drive Utilities (HKLM-x32\...\{9bfddacf-c81d-4423-854e-5b33098ecdfd}) (Version: 2.1.0.20 - Western Digital Technologies, Inc.) WD Drive Utilities (HKLM-x32\...\{AA160179-CE65-4B26-BD74-CAD9390503BC}) (Version: 2.1.0.20 - Western Digital Technologies, Inc.) Hidden WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden WinCatalog 2024 (HKLM-x32\...\{94145C48-3CDB-42FA-A8F4-8DAD34A564C5}_is1) (Version: 2024.16.0.1124 - OrangeCat Software) Windows Movie Maker 2022 (HKLM\...\{9CC29C6A-B5FE-497B-8F23-52A2557A92C0}}_is1) (Version: - VideoWin) Windows PC Health Check (HKLM\...\{00DC4B60-5FC9-4629-8147-EF81ADF0EEA6}) (Version: 2.3.2106.25001 - Microsoft Corporation) Windows PC Health Check (HKLM\...\{B008D72C-0326-421E-BB2F-98BA5F9DDE9C}) (Version: 4.0.2410.23001 - Microsoft Corporation) Windows SDK EULA (HKLM-x32\...\{93F9D7FA-F2FD-837D-E53F-D79767071E44}) (Version: 10.1.22000.832 - Microsoft Corporations) Hidden Windows Software Development Kit - Windows 10.0.22000.832 (HKLM-x32\...\{d6a76ead-c762-4d93-9c24-1fa3efa1e12d}) (Version: 10.1.22000.832 - Microsoft Corporation) WinMerge 2.16.30.0 x64 (HKLM\...\WinMerge_is1) (Version: 2.16.30.0 - Thingamahoochie Software) WinRAR 7.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.20.0 - win.rar GmbH) WinX DVD Ripper Platinum 8.22.4 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.) WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. ) wnyiperStateIS (HKLM\...\{9243E83C-9F7B-4247-AC76-5D7A9B64D13F}) (Version: 023.000.0121 - Intuit Inc.) Hidden wnyiperStateIS (HKLM\...\{BEA1F47E-F893-4062-9A80-252EC20B64EB}) (Version: 024.000.0111 - Intuit Inc.) Hidden wnyiperStateIS (HKLM\...\{FA0A3BDE-DBAC-4243-B272-AD2C1B9EDA9A}) (Version: 025.000.0109 - Intuit Inc.) Hidden wnyiperStateIS (HKLM-x32\...\{A7F09047-5CAF-4CA7-877F-E88967ED077A}) (Version: 022.000.0108 - Intuit Inc.) Hidden WonderFox DVD Ripper Pro 20.5 (HKLM-x32\...\WonderFox DVD Ripper Pro) (Version: 20.5 - WonderFox Soft, Inc.) WonderFox DVD Video Converter 28.2 (HKLM-x32\...\WonderFox DVD Video Converter) (Version: 28.2 - WonderFox Soft, Inc.) Wondershare Video Converter Ultimate(Build 8.7.2.1) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.7.2.1 - Wondershare Software) XenArmor Asterisk Password Recovery Pro Personal Edition (HKLM-x32\...\{DF99A32F-C0F3-4FEA-A64E-5CD81C46E549}) (Version: 7.0 - XenArmor) Hidden XenArmor PDFPasswordRemoverPro Personal Edition 2022 (HKLM-x32\...\PDFPasswordRemoverPro Personal Edition 4.0) (Version: 4.0 - XenArmor) XYplorer 27.20 (HKLM-x32\...\XYplorer) (Version: 27.20.0600 - Donald Lessau, Cologne Code Company) YTD Video Downloader 7.6.7.0 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 7.6.7.0 - Azureus Software, Inc.) <==== ATTENTION Zoom (HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.) Packages: ========= Audibly — Audiobook Player -> C:\Program Files\WindowsApps\38488StewartRyan.24898061B3F0E_2.2.9.0_x64__8hz582d7yec5r [2025-11-13] (rstewa35) Command Palette -> C:\Program Files\WindowsApps\Microsoft.CommandPalette_0.10.11181.0_x64__8wekyb3d8bbwe [2026-05-01] (Microsoft Corporation) [Startup Task] Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.30201.210.0_x64__rz1tebttyb220 [2025-12-29] (Dolby Laboratories) ELAN Touchpad for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadforThinkpad_24.121.15.0_x64__stws0m115j6hg [2026-01-30] (ELAN Microelectronics Corporation) ELAN TrackPoint for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTrackPointforThinkpa_24.121.51.0_x64__stws0m115j6hg [2026-01-30] (ELAN Microelectronics Corporation) Glance by Mirametrix® -> C:\Program Files\WindowsApps\MirametrixInc.GlancebyMirametrix_11.43.256.0_x64__17mer8kcn3j54 [2026-03-18] (Mirametrix Inc.) [Startup Task] Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2026-01-30] (INTEL CORP) [Startup Task] Intel® Graphics Software -> C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.8.2209.0_x64__8j3eq9eme6ctt [2026-05-01] (INTEL CORP) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2511.10.0_x64__k1h2ywk1493x8 [2026-01-30] (LENOVO INC.) Local Artificial Intelligence Manager -> C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\AI [2025-12-29] () Microsoft.Office.ActionsServer -> C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\ActionsServer [2025-12-29] () Notepad For Windows 10 -> C:\Program Files\WindowsApps\54135ChetanCorporation.NotepadForWindows10_1.1.6.0_x64__36bf889e4z0vw [2025-05-26] (PiceScorp Ltd) OfficePushNotificationsUtility -> C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16 [2025-12-29] () Pantone Color of the Year 2022 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.PantoneColoroftheYear2022_1.0.0.0_neutral__8wekyb3d8bbwe [2024-04-06] (Microsoft Corp.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2024-04-06] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.36.273.0_x64__dt26b99r8h8gj [2025-12-29] (Realtek Semiconductor Corp) Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2025-12-31] (Fortemedia) Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2025-12-29] (INTEL CORP) VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2024-04-06] (VideoLAN) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1FAC1B21-9468-D082-778B-DDEE85889A47} => No File CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F598D86-9468-D082-D01D-28EE85889A47} => No File CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{0440049F-D1DC-4E46-B27B-98393D79486B}\InprocServer32 -> C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{0e6d5bdd-d5f8-4692-a089-8bb88cdd37f4}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.BgcodePreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{113b8d53-e3e1-b7a2-c90a-176c40f3f722}\localserver32 -> C:\ProgramData\Lenovo\Udc\Hosts\x64\MessagingPlugin.exe (Lenovo -> ) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> "C:\Program Files\HandBrake\HandBrake.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> c:\program files\macrium\common\reflectmonitor.exe (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{3f5d0051-61b8-0f45-6166-996cfb4f914f}\localserver32 -> "C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> NordVPN) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{51694bf6-7178-71ba-ba8c-cd64aadfc7f1}\localserver32 -> "C:\ProgramData\Lenovo\Udc\Hosts\24.10.0.10\x64\MessagingPlugin.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{51B4D7E5-7568-4234-B4BB-47FB3C016A69}\InprocServer32 -> C:\Program Files\PowerToys\WinUI3Apps\PowerToys.ImageResizerExt.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{5c93a1e4-99d0-4fb3-991c-6c296a27be21}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.BgcodeThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 -> C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{84D68575-E186-46AD-B0CB-BAEB45EE29C0}\InprocServer32 -> C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{A5A41CC7-02CB-41D4-8C9B-9087040D6098}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.PdfPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{D8BB9942-93BD-412D-87E4-33FAB214DC1A}\InprocServer32 -> C:\Program Files\PowerToys\PowerToys.PdfThumbnailProviderCpp.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {6C685709-9468-D082-5FC7-199D85889A47} => No File CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {43025E44-9468-D082-12CE-73B285889A47} => No File CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{dd5cacda-7c2e-4997-a62a-04a597b58f76}\localserver32 -> "C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe" -ToastActivated => No File CustomCLSID: HKU\S-1-5-21-392841454-1143268526-995401741-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC) SSODL: WDFSMountNotificator-wdfsconnect2017 - {77830CD0-A269-4046-93F3-CF76479E9836} - C:\Windows\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed] SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {77830CD0-A269-4046-93F3-CF76479E9836} - C:\Windows\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed] ShellServiceObjects: Virtual Storage Mount Notification -> {77830CD0-A269-4046-93F3-CF76479E9836} => C:\Windows\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed] ShellServiceObjects-x32: No Name -> {6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03} => ShellServiceObjects-x32: No Name -> {7007ACCF-3202-11D1-AAD2-00805FC1270E} => ShellServiceObjects-x32: Virtual Storage Mount Notification -> {77830CD0-A269-4046-93F3-CF76479E9836} => C:\Windows\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed] ShellServiceObjects-x32: No Name -> {A1607060-5D4C-467a-B711-2B59A6F25957} => ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_30_0_42752.dll [2026-02-13] (Acronis International GmbH -> ) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-02-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-02-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-02-20] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed] ShellIconOverlayIdentifiers-x32: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => -> No File ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed] ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-02-20] (Adobe Inc. -> ) ContextMenuHandlers1: [DefragglerShellExtension] -> -{4380C993-0C43-4E02-9A7A-0D40B6EA7590} => -> No File ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => -> No File ContextMenuHandlers1-x32: [GSplitShell] -> {B46C1E0F-F61D-4B19-BC55-B68D8BB3CAFE} => C:\Program Files (x86)\Common Files\GSplit\gspshell.dll [2008-12-03] (G.D.G. Software SARL -> G.D.G. Software, www.gdgsoft.com) ContextMenuHandlers1-x32: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64\vpshell2.dll [2020-12-03] (Symantec Corporation -> Broadcom) ContextMenuHandlers1: [Nitro.Pro.ShellExtension.Shim] -> {211B6F25-950C-49CD-AB86-A448EF85686A} => C:\Program Files\Common Files\Nitro\Nitro.Pro.ShellExtension.Shim.dll [2026-03-20] (Nitro Software, Inc. -> Nitro Software, Inc.) ContextMenuHandlers1-x32: [Quick Par] -> {D120D80B-BD26-4A74-8E43-2C2AF0966139} => C:\Program Files (x86)\QuickPar\QuickParShlExt.dll [2013-01-06] (Peter B Clements) [File not signed] ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) ContextMenuHandlers1: [TurboFTP] -> {AFEC8518-7AB9-47D0-B012-B7477881E94B} => C:\Program Files\TurboFTP\tbshex.dll [2017-06-13] () [File not signed] ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology) ContextMenuHandlers1: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation) ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2023-02-27] (Takashi Sawanaka -> hxxps://winmerge.org) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2026-02-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2026-02-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64\vpshell2.dll [2020-12-03] (Symantec Corporation -> Broadcom) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) ContextMenuHandlers2: [TurboFTP] -> {AFEC8518-7AB9-47D0-B012-B7477881E94B} => C:\Program Files\TurboFTP\tbshex.dll [2017-06-13] () [File not signed] ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2007-07-17] (EZB Systems, Inc.) [File not signed] ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2023-02-27] (Takashi Sawanaka -> hxxps://winmerge.org) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-04-23] (Malwarebytes Inc -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files (x86)\Recuva\RecuvaShell64.dll [2024-05-22] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ContextMenuHandlers4: [TurboFTP] -> {AFEC8518-7AB9-47D0-B012-B7477881E94B} => C:\Program Files\TurboFTP\tbshex.dll [2017-06-13] () [File not signed] ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2007-07-17] (EZB Systems, Inc.) [File not signed] ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology) ContextMenuHandlers4: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-21] (Western Digital Technologies, Inc. -> Western Digital Corporation) ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2023-02-27] (Takashi Sawanaka -> hxxps://winmerge.org) ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files\WinMerge\ShellExtensionX64.dll [2023-02-27] (Takashi Sawanaka -> hxxps://winmerge.org) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-02-20] (Adobe Inc. -> ) ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2021-02-12] (Heidi Computers Ltd -> The Eraser Project) ContextMenuHandlers6-x32: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll -> No File ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64\vpshell2.dll [2020-12-03] (Symantec Corporation -> Broadcom) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-04-23] (Malwarebytes Inc -> Malwarebytes) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files (x86)\Recuva\RecuvaShell64.dll [2024-05-22] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2020-09-26] (Open-Shell) [File not signed] ContextMenuHandlers6: [TurboFTP] -> {AFEC8518-7AB9-47D0-B012-B7477881E94B} => C:\Program Files\TurboFTP\tbshex.dll [2017-06-13] () [File not signed] ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2007-07-17] (EZB Systems, Inc.) [File not signed] ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology) ContextMenuHandlers6-x32: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [2010-07-04] () [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2026-02-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2026-02-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2_S-1-5-21-392841454-1143268526-995401741-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2026-04-29] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3_S-1-5-21-392841454-1143268526-995401741-1001: [FileLocksmithExt] -> {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2026-04-29] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3_S-1-5-21-392841454-1143268526-995401741-1001: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2026-04-29] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5_S-1-5-21-392841454-1143268526-995401741-1001: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2026-04-29] (Microsoft Corporation -> Microsoft Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\ThinkPad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f450a585e1f0d851\ADB for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=njhehnieenekbompacofnhlljnobgcga ==================== Loaded Modules (Whitelisted) ============= 2025-04-10 18:50 - 2021-03-17 14:19 - 000074752 _____ () [File not signed] C:\Program Files (x86)\AnyViewer\zlib1.dll 2017-06-13 11:45 - 2017-06-13 11:45 - 000137728 _____ () [File not signed] C:\Program Files\TurboFTP\tbshex.dll 2021-03-02 19:58 - 2020-10-02 13:29 - 000221696 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll 2021-04-02 15:18 - 2007-07-17 11:07 - 000130560 _____ (EZB Systems, Inc.) [File not signed] C:\Program Files (x86)\UltraISO\isoshl64.dll 2023-04-11 19:57 - 2022-07-15 10:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2021-04-02 17:26 - 2021-04-02 17:26 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll 2021-04-02 17:26 - 2021-04-02 17:26 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll 2021-04-14 19:57 - 2016-05-27 09:40 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\Newtonsoft.Json.dll 2026-04-15 15:53 - 2026-04-15 15:53 - 003866624 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\702dfbd2cf458c253fbc70498772d49e\Newtonsoft.Json.ni.dll 2020-09-26 14:47 - 2020-09-26 14:47 - 002659328 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll 2020-09-26 14:48 - 2020-09-26 14:48 - 000562688 _____ (Open-Shell) [File not signed] C:\Windows\system32\StartMenuHelper64.dll 2021-03-03 19:04 - 2020-10-29 09:31 - 000089088 _____ (publicspace.net) [File not signed] C:\Program Files\Better File Rename 6\BfrExt6.dll 2025-04-10 18:50 - 2024-06-13 17:55 - 000485376 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\AnyViewer\libcurl.dll 2025-04-10 18:50 - 2024-05-27 09:11 - 001214976 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AnyViewer\LIBEAY32.dll 2025-04-10 18:50 - 2024-05-27 09:11 - 000275456 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AnyViewer\SSLEAY32.dll 2021-07-01 14:45 - 2017-11-10 12:51 - 000180224 _____ (Western Digital Technologies, Inc.) [File not signed] C:\Windows\system32\wdfsconnectMntNtf2017.dll 2021-04-14 19:57 - 2016-07-12 16:20 - 000072704 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppCollect.dll 2021-04-14 19:57 - 2016-07-12 16:20 - 000325632 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppCommon.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:08E66DA43F239C5A [50] AlternateDataStreams: C:\ProgramData\TEMP:1C425DFF [118] AlternateDataStreams: C:\ProgramData\TEMP:EC76150E [208] AlternateDataStreams: C:\Users\ThinkPad\https:mkvtoolnix.mtxcfg [757] AlternateDataStreams: C:\Users\ThinkPad\Downloads\Improve Your Game: One-handed backhand tip.mp4 [22851118] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-392841454-1143268526-995401741-1001\Software\Classes\regfile: <==== ATTENTION HKU\S-1-5-21-392841454-1143268526-995401741-1001\Software\Classes\.reg: => <==== ATTENTION HKU\S-1-5-21-392841454-1143268526-995401741-1001\Software\Classes\.bat: => <==== ATTENTION HKU\S-1-5-21-392841454-1143268526-995401741-1001\Software\Classes\.cmd: => <==== ATTENTION ==================== Internet Explorer (Whitelisted) ============= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-392841454-1143268526-995401741-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-392841454-1143268526-995401741-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-392841454-1143268526-995401741-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-392841454-1143268526-995401741-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/ HKU\S-1-5-21-392841454-1143268526-995401741-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-392841454-1143268526-995401741-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-392841454-1143268526-995401741-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-392841454-1143268526-995401741-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/ HKU\S-1-5-21-392841454-1143268526-995401741-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM-x32 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\S-1-5-21-392841454-1143268526-995401741-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-392841454-1143268526-995401741-1001 -> {CBCBB016-3D81-4407-891E-EC8675CB2BC7} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2025-09-08] (Microsoft Corporation -> Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed] BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\9.7.9.9_1\RoboForm-x64.dll => No File BHO: No Name -> {77830CD0-A269-4046-93F3-CF76479E9836}' -> No File BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2020-09-26] (Open-Shell) [File not signed] BHO-x32: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2020-09-26] (Open-Shell) [File not signed] BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\9.7.9.9_1\roboform.dll => No File BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2020-09-26] (Open-Shell) [File not signed] Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\9.7.9.9_1\RoboForm-x64.dll No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2020-09-26] (Open-Shell) [File not signed] Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\9.7.9.9_1\roboform.dll No File Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2020-09-26] (Open-Shell) [File not signed] Toolbar: HKU\S-1-5-21-392841454-1143268526-995401741-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: HKLM-x32 {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\123simsen.com -> www.123simsen.com There are 7942 more sites. ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 05:14 - 2024-08-12 16:10 - 000480584 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm-prd-da1.licenses.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 practivate-da1.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 uds.licenses.adobe.com 127.0.0.1 licenses.adobe.com 127.0.0.1 license.adobe.com 127.0.0.1 helpexamples.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 ic.adobe.io 127.0.0.1 cc-api-data.adobe.io There are 16358 more lines. 2021-02-11 19:21 - 2021-02-11 19:21 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Network =========================== (Currently there is no automatic fix for this section.) DNS Servers: 192.168.1.1 Windows Firewall is enabled. Network Binding: ============= NordLynx: NordLynx Tunnel -> wireguard.sys Local Area Connection 2: TAP-NordVPN Windows Adapter V9 -> tapnordvpn.sys Wi-Fi: Intel(R) Wi-Fi 6 AX201 160MHz -> Netwtw10.sys Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys OpenVPN Data Channel Offload for NordVPN: OpenVPN Data Channel Offload -> ovpn-dco.sys symc_teefer2: Symantec Endpoint Protection Firewall ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-392841454-1143268526-995401741-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-392841454-1143268526-995401741-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\DesktopSpotlight\Assets\Images\image_0.jpg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: ) HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\StartupFolder: => "NovaBACKUP Tray Control.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{34A6C66C-FC1F-4939-BCAF-D88D2E6163AB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{3170B2FE-AE01-4225-9250-B17693E24A24}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{656FDB3E-4BBD-4E44-818A-9A56FBEFBE1C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{1467E68B-F63A-4ADF-AE7D-050F1D06F677}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{B936252D-0965-4330-A2DB-B71274F14A68}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{DF011DAC-010D-40D1-AFDD-999F0F4F9350}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{14422193-8379-4307-A313-5DD2092C16AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{820EF664-09BB-4FB0-B9F0-CE683F2EE75C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{05735BD1-928B-4630-A0EE-5C1AF5AA5215}] => (Allow) C:\Program Files (x86)\NewsBin\newsbinpro64.exe (DJI Interprises, LLC -> CMCEI) [File not signed] FirewallRules: [{BC7ABA7F-10F3-4248-895F-BFFDF142C663}] => (Allow) C:\Program Files (x86)\NewsBin\newsbinpro64.exe (DJI Interprises, LLC -> CMCEI) [File not signed] FirewallRules: [{C84A6756-1AB0-4D50-9DCD-30C5C07D0A91}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A30FC747-B6D7-4774-AAEB-E077F5B71BD1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D2A6CC60-C3D6-43E3-9853-A705ECC3101A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0693946D-BA27-42EB-9982-01488DC11E19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{99E50C7E-9D0E-41E7-AFDD-DFBC21CD622D}] => (Allow) LPort=33338 FirewallRules: [{7C3435D5-9272-4CE6-8A54-0EE09FBD7B79}] => (Allow) LPort=33333 FirewallRules: [{091B91DA-8FC2-4200-BA51-76CE15AAB626}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (Siber Systems Inc -> ) FirewallRules: [{8E88550E-072C-4202-BB54-2DDC39FEA16D}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (Siber Systems Inc -> ) FirewallRules: [{2B8C222F-E5EB-4585-BFD3-AFE6C6057BB1}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe (Siber Systems Inc -> ) FirewallRules: [{54F52908-7CC3-40C0-A77A-630B2AD537C0}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe (Siber Systems Inc -> ) FirewallRules: [{98B1EF26-0750-4EC3-9555-5FC69A8B08A1}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe (Siber Systems Inc -> ) FirewallRules: [{3969F31E-A799-4AF9-8F54-754EC1B3C86E}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe (Siber Systems Inc -> ) FirewallRules: [{C04F59D0-C747-43D5-AD2C-FCEB64A2CAC5}] => (Block) C:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelPP.exe => No File FirewallRules: [{6E88D2AF-43CD-4ED6-8796-FA28F77288D8}] => (Block) C:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDrw.exe => No File FirewallRules: [{76C37E17-3F46-44B9-B8E0-FFB4EF306C5E}] => (Allow) C:\Users\ThinkPad\AppData\Roaming\Zoom\bin\airhost.exe (Access Denied) [File not signed?] FirewallRules: [{09637CBF-5915-4D90-B4E1-588FE26ABE1E}] => (Allow) C:\Users\ThinkPad\AppData\Roaming\Zoom\bin\airhost.exe (Access Denied) [File not signed?] FirewallRules: [{4D955DDF-B183-4EAA-83DA-731A89E4443B}] => (Allow) C:\Users\ThinkPad\AppData\Roaming\Zoom\bin\Zoom.exe (Access Denied) [File not signed?] FirewallRules: [{9D143363-43F5-4D12-B6D2-FF5A322B6C36}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{0088DC1C-5592-4C9E-9674-7D874E88BD2E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{689A01C0-A636-4B86-B7AD-DD849514337B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{1EAB6ABA-C200-47EA-B18F-E557C721E139}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{4D7431F2-C661-4CC3-BC94-1E40D6D81941}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{AC7A2677-4EAA-497D-9A51-C7A1980F8AAC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{8310F9A8-08E9-4B1A-9683-CA7E41C10974}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{9146285A-F4E7-4657-BF36-27B1E3DB1E33}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] FirewallRules: [{EACF4409-3503-48D5-A1D5-183F4D71CC01}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File FirewallRules: [{4CAB158C-7657-4D37-9229-00B3E15C012D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => No File FirewallRules: [{FE5BB84A-C007-4E54-A0DD-B895CE2F9087}] => (Allow) C:\Program Files (x86)\Acronis\Agent\bin\bckp_amgr.exe => No File FirewallRules: [{E4C173B9-1814-496B-9328-F2AFBEA585A4}] => (Allow) C:\Program Files (x86)\Acronis\Agent\bin\task-manager.exe => No File FirewallRules: [{6BEC8484-7CA7-4040-BA71-7D7213B1A86B}] => (Allow) C:\Program Files\TurboTax\Individual 2024\64bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors) FirewallRules: [{314BF4E8-517E-45BD-9095-E2E35771502B}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdater.exe (INTUIT INC. -> Intuit Inc.) FirewallRules: [{7AF09A83-3980-4057-9CA9-5501A176D52F}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (INTUIT INC. -> Intuit Inc.) FirewallRules: [{62B731D1-896A-4F43-AAB8-11821D112DAA}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (INTUIT INC. -> Intuit Inc.) FirewallRules: [{2C15E927-E66A-4289-92DC-3AF9A7CF3F9B}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (INTUIT INC. -> Intuit Inc.) FirewallRules: [{461C55E7-724A-46BC-A11E-7C4339242CAE}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (INTUIT INC. -> Intuit Inc.) FirewallRules: [{530499BD-B55B-4B59-9563-B4FBB67FE0EF}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (INTUIT INC. -> Intuit Inc.) FirewallRules: [{92A2DB3D-A8DC-44D4-BA59-22CD439CF7C8}] => (Allow) C:\Program Files (x86)\AnyViewer\RCClient.exe (AOMEI International Network Limited -> AOMEI International Network Limited) FirewallRules: [{E3FD408C-B0EB-4A69-AD57-7CBF302AFF53}] => (Allow) C:\Program Files (x86)\AnyViewer\RCClient.exe (AOMEI International Network Limited -> AOMEI International Network Limited) FirewallRules: [{97A282CA-C589-4E52-9F66-E687187BB970}] => (Allow) C:\Program Files (x86)\AnyViewer\avcore.exe (AOMEI International Network Limited -> AOMEI International Network Limited) FirewallRules: [{FEE69888-3264-4D2E-B7BF-BA47A7519704}] => (Allow) C:\Program Files (x86)\AnyViewer\avcore.exe (AOMEI International Network Limited -> AOMEI International Network Limited) FirewallRules: [{F3BC6F82-B322-4973-9D4D-F6A04ADF846D}] => (Allow) C:\Program Files\Common Files\Acronis\ActiveProtection\active_protection_service.exe (Acronis International GmbH -> Acronis International GmbH) FirewallRules: [{05F0CB31-A2B7-406B-BE93-4A8B64E8E72C}] => (Allow) C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe (Acronis International GmbH -> Acronis International GmbH) FirewallRules: [{43EAB9B7-8CC2-4AC0-B452-B0627277541D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BC6933E3-15D5-49DE-BAB1-14EFAD1CC531}] => (Allow) C:\Program Files\TurboTax\Individual 2025\64bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors) FirewallRules: [{411D5B03-6401-4555-BD93-601A0DCE9E94}] => (Allow) C:\Program Files\TurboTax\Individual 2025\64bit\TurboTax.exe (INTUIT INC. -> Intuit) FirewallRules: [{D1EA15BB-0246-4EA3-BB0F-819CB7A88E8B}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software -> Hamrick Software) FirewallRules: [{391A53A8-F41F-49EC-ACD9-5B80DAC8F5D5}] => (Allow) C:\Program Files\VueScan\vuescan.exe (Hamrick Software -> Hamrick Software) FirewallRules: [{C953E9AE-B202-4952-85E8-D88B048E631A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH) FirewallRules: [{F227269E-9048-4CCB-931A-66348E7F572C}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> ) FirewallRules: [{D9827AFD-17E1-47C4-8A5C-2DB5660FCA06}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> ) FirewallRules: [{02933360-65B5-4BEC-9DE7-BA4CCE198060}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) FirewallRules: [{DBDDC58A-CF57-4A95-AB2B-510BDCA0B24B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> ) FirewallRules: [{F073B3FB-9453-4A3E-AB3A-3C626EA182EA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> ) FirewallRules: [{CD7B8EA7-B350-4BF9-B274-2EE5F6FD1CD3}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> ) FirewallRules: [{14A296D6-1890-4C5E-95CE-5DF17E7670BB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> ) FirewallRules: [{89B5B0E2-0355-4667-9358-CE3FE5C69D8D}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> ) FirewallRules: [{0FBF5FFB-269C-42CE-8DF3-D23A943479A2}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> ) FirewallRules: [{11A2FE54-9E0E-4E4E-81B3-EA8ABF488D73}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\bckp_amgr.exe (Acronis International GmbH -> Acronis International GmbH) FirewallRules: [{E4F26879-0F94-476E-9A1C-DF0A23B0BE8D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\task-manager.exe (Acronis International GmbH -> Acronis International GmbH) FirewallRules: [{F34D00F4-186B-41AF-A3CA-D7DDDFA8D5E8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{42D22926-6563-47DD-98C4-9CAE1B899D5D}] => (Allow) C:\Program Files (x86)\Microsoft\Copilot\Application\mscopilot.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B3C238FD-A5F5-4D72-AF97-B10E4DBFD6B8}] => (Allow) C:\Program Files\PowerToys\PowerToys.MouseWithoutBorders.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 15-04-2026 10:04:44 Windows Modules Installer 22-04-2026 14:42:31 Scheduled Checkpoint 26-04-2026 21:24:29 Revo Uninstaller Pro's restore point - CloneCD 30-04-2026 11:57:42 April 30 2025 11.56am restore point 01-05-2026 09:01:03 Revo Uninstaller Pro's restore point - Virtual CloneDrive 01-05-2026 09:02:51 Revo Uninstaller Pro's restore point - Virtual CloneDrive 01-05-2026 09:15:50 Revo Uninstaller Pro's restore point - Virtual CloneDrive(1) 01-05-2026 18:11:48 PowerToys (Preview) x64 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/01/2026 02:44:57 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (05/01/2026 10:59:15 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (05/01/2026 10:59:15 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (05/01/2026 10:59:15 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (05/01/2026 10:59:15 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] Error: (04/30/2026 11:09:53 AM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 25524. Message ID: [0x2509]. Error: (04/29/2026 07:44:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.. Error: (04/29/2026 07:44:25 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.] System errors: ============= Error: (05/01/2026 06:10:26 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e24a87f5-e5f7-4404-9819-d0b97351f128}, had event 74 Error: (05/01/2026 03:25:40 PM) (Source: DCOM) (EventID: 10010) (User: THINKPAD) Description: The server Microsoft.Windows.Search_1.14.18.19041_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout. Error: (05/01/2026 03:25:39 PM) (Source: DCOM) (EventID: 10010) (User: THINKPAD) Description: The server Microsoft.Windows.Search_1.14.18.19041_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXf8r3d8cn5hd71h9jyzah6ak9f3shj2d2.mca did not register with DCOM within the required timeout. Error: (05/01/2026 03:25:37 PM) (Source: DCOM) (EventID: 10010) (User: THINKPAD) Description: The server Microsoft.Windows.Search_1.14.18.19041_neutral_neutral_cw5n1h2txyewy!ShellFeedsUI did not register with DCOM within the required timeout. Error: (05/01/2026 03:09:41 PM) (Source: cdrom) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\CdRom0. Error: (05/01/2026 02:46:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the SynaHlp service to connect. Error: (05/01/2026 02:45:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (45000 milliseconds) while waiting for the Intel(R) TPM Provisioning Service service to connect. Error: (05/01/2026 12:12:56 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {e24a87f5-e5f7-4404-9819-d0b97351f128}, had event 74 Error: (04/29/2026 12:15:12 PM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Windows Defender: ================ Date: 2025-04-09 13:29:07 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patcher&threatid=2147659947&enterprise=0 Name: HackTool:Win32/Patcher Severity: High Category: Tool Path: file:_C:\PROGRA~2\ADOBEG~1\GENPVE~1.1\GENP-3~1.EXE Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe Security intelligence Version: AV: 1.417.380.0, AS: 1.417.380.0, NIS: 1.417.380.0 Engine Version: AM: 1.1.24070.3, NIS: 1.1.24070.3 Event[0]: Date: 2024-08-29 16:07:01 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.303.25.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16400.2 Error code: 0x8007045b Error description: A system shutdown is in progress. CodeIntegrity: =============== Date: 2026-05-01 20:00:03 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64\symamsi.dll that did not meet the Windows signing level requirements. Date: 2026-05-01 20:00:03 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. Date: 2026-05-01 15:25:20 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO R1EET65W(1.65 ) 07/22/2025 Motherboard: LENOVO 20TD003HUS Processor: 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz Percentage of memory in use: 57% Total physical RAM: 16086.11 MB Available physical RAM: 6828.59 MB Total Virtual: 32470.11 MB Available Virtual: 20948.39 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:952.62 GB) (Free:355.44 GB) (Model: WDC PC SN730 SDBQNTY-1T00-1001) NTFS Drive w: (Acronis WD Backups) (Fixed) (Total:3725.9 GB) (Free:1980.7 GB) (Model: WD My Book 25ED USB Device) NTFS Drive y: (Backup Files & Folders) (Fixed) (Total:3726.02 GB) (Free:2578.24 GB) (Model: WD My Book 25ED USB Device) NTFS \\?\Volume{eae67c1b-826c-40a9-820f-b4eba7994271}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.17 GB) NTFS \\?\Volume{2a4b422c-d36c-48e5-a582-0d5724832fc8}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 953.9 GB) (Disk ID: 992D74BA) Partition: GPT. ========================================================== Disk: 1 (Size: 3726 GB) (Disk ID: 16F2A91F) Partition: GPT. ========================================================== Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================