Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2026 Ran by ThinkPad (administrator) on THINKPAD (LENOVO 20TD003HUS) (01-05-2026 23:07:36) Running from C:\Attachments to Agent\FRST64.exe Loaded Profiles: ThinkPad Platform: Microsoft Windows 10 Pro Version 22H2 19045.7184 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe (C:\Program Files (x86)\Backblaze\bzbui.exe ->) (BACKBLAZE, INC. -> ) C:\Program Files (x86)\Backblaze\bzbuitray.exe (C:\Program Files (x86)\Common Files\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\bckp_amgr.exe (C:\Program Files (x86)\Common Files\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\grpm-mini.exe (C:\Program Files (x86)\Common Files\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\monitoring-mini.exe (C:\Program Files (x86)\Common Files\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\sh-inventory.exe (C:\Program Files (x86)\Common Files\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\task-manager.exe (C:\Program Files (x86)\Common Files\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\adp-agent.exe (C:\Program Files (x86)\Common Files\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Common Files\Acronis\Agent\bin\updater.exe (C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantage-(GenericMessagingAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantage-(VantageCoreAddin).exe (C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files (x86)\Mozilla Thunderbird\crashhelper.exe (C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe ->) (Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\9.9.4.6\robotaskbaricon-x64.exe (C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe ->) (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe (C:\Program Files\Mozilla Firefox\firefox.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files\Mozilla Firefox\crashhelper.exe (C:\Program Files\Mozilla Firefox\firefox.exe ->) (Siber Systems -> Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\9.9.4.6\rf-chrome-nm-host.exe (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.FancyZones.exe (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerOCR.exe (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe (C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.QuickAccess.exe (C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.8.2209.0_x64__8j3eq9eme6ctt\VFS\ProgramFilesX64\Intel\Intel Graphics Software\IntelGraphicsSoftware.Service.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel(R) Corporation) C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.8.2209.0_x64__8j3eq9eme6ctt\VFS\ProgramFilesX64\Intel\Intel Graphics Software\PresentMonService.exe (cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\ThinkPad\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe (drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\MessagingPlugin.exe (DriverStore\FileRepository\cui_dch.inf_amd64_fc1b619200a17491\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_fc1b619200a17491\igfxEMN.exe (DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_2d3e2e42e0f8523f\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe (DriverStore\FileRepository\fn.inf_amd64_8e91a39d67d49dc4\driver\tphkload.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\FN2033~1.INF\driver\shtctky.exe (DriverStore\FileRepository\fn.inf_amd64_8e91a39d67d49dc4\driver\tphkload.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\FN2033~1.INF\driver\tposd.exe (ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe (explorer.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (explorer.exe ->) (BACKBLAZE, INC. -> ) C:\Program Files (x86)\Backblaze\bzbui.exe (explorer.exe ->) (Cologne Code Company e.K. -> Cologne Code Company) C:\Program Files (x86)\XYplorer\XYplorer.exe (explorer.exe ->) (High-Logic B.V. -> High-Logic B.V.) C:\Program Files\High-Logic MainType\FmsProxy.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <4> (explorer.exe ->) (nordvpn s.a. -> NordVPN) C:\Program Files\NordVPN\NordVPN.exe (explorer.exe ->) (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe (explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe (explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.CommandPalette_0.10.11181.0_x64__8wekyb3d8bbwe\Microsoft.CmdPal.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13> (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Agent\aakore.exe (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe (services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files\Common Files\Acronis\ActiveProtection\active_protection_service.exe (services.exe ->) (AOMEI International Network Limited -> AOMEI International Network Limited) C:\Program Files (x86)\AnyViewer\RCService.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (services.exe ->) (BACKBLAZE, INC. -> ) C:\Program Files (x86)\Backblaze\bzserv.exe (services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_2d3e2e42e0f8523f\DAX3API.exe (services.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.8.2209.0_x64__8j3eq9eme6ctt\VFS\ProgramFilesX64\Intel\Intel Graphics Software\IntelGraphicsSoftware.Service.exe (services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe (services.exe ->) (High-Logic B.V. -> High-Logic B.V.) C:\Program Files\High-Logic FontService\fontservice.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_fc1b619200a17491\igfxCUIServiceN.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_8a3f88e34f6b8385\jhi_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b93b03b10df5194a\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_2c17521ca0d3f79c\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe (services.exe ->) (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (services.exe ->) (INTUIT INC. -> Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe (services.exe ->) (IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe (services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantageService.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_8e91a39d67d49dc4\driver\tphkload.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\ibmpmsvc.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_3d585c065d8f0236\SmartStandby.exe (services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_59184464213308df\x64\LITSSvc.exe (services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe (services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe (services.exe ->) (nordvpn s.a. -> NordVPN) C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe (services.exe ->) (nordvpn s.a. -> NordVPN) C:\Program Files\NordVPN\nordvpn-service.exe (services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ed3f04e1261e4822\RtkAudUService64.exe <3> (services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe (services.exe ->) (Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-updater.exe (services.exe ->) (Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin\ccSvcHst.exe <2> (services.exe ->) (Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64\ccSvcHst.exe (services.exe ->) (Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64\sepWscSvc64.exe (services.exe ->) (Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\SAEP\IDS\bin\SISIDSService.exe (services.exe ->) (Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\SAEP\IPS\bin\SISIPSService.exe (services.exe ->) (Symantec Corporation -> Broadcom) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\SAEP\IPS\bin\sisipsutil.exe (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated.) C:\Windows\System32\WBFResetService108.exe (services.exe ->) (Western Digital Technologies, Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (services.exe ->) (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe (Siber Systems -> Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.28.240.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (Western Digital Technologies, Inc.) [File not signed] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [216576 2020-09-26] (Open-Shell) [File not signed] HKLM\...\Run: [FmsProxy] => C:\Program Files\High-Logic MainType\FmsProxy.exe [4947640 2022-12-12] (High-Logic B.V. -> High-Logic B.V.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [640064 2026-02-13] (Acronis International GmbH -> Acronis International GmbH) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1070664 2021-02-12] (Heidi Computers Ltd -> The Eraser Project) HKLM\...\Run: [] => [X] HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [11859680 2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (No File) HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81359872 2021-07-01] (Western Digital Corporation) [File not signed] HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [24720 2020-05-11] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6999696 2026-02-13] (Acronis International GmbH -> ) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2253824 2022-04-22] (Western Digital Technologies, Inc.) [File not signed] HKLM-x32\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [4514392 2026-04-23] (Siber Systems -> Siber Systems) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [464456 2026-02-13] (Acronis International GmbH -> Acronis International GmbH) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [4250360 2026-02-19] (BACKBLAZE, INC. -> ) HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\Policies\Explorer: [NoSecuritryTab] 0 HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\MountPoints2: {63b33df3-0b6a-11f1-8657-8c8caa7a44b2} - "D:\LaunchU3.exe" -a HKU\S-1-5-21-392841454-1143268526-995401741-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [5026632 2026-04-30] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-392841454-1143268526-995401741-500\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [4514392 2026-04-23] (Siber Systems -> Siber Systems) HKU\S-1-5-21-392841454-1143268526-995401741-500\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [588720 2025-04-02] (nordvpn s.a. -> NordVPN) HKU\S-1-5-21-392841454-1143268526-995401741-500\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [4250360 2026-02-19] (BACKBLAZE, INC. -> ) HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [221696 2020-10-02] (Bullzip) [File not signed] HKLM\...\Print\Monitors\Nitro PDF Port 14 Monitor: C:\WINDOWS\system32\NxPrinterMonitor14.dll [457448 2026-03-20] (Nitro Software, Inc. -> Nitro Software, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [>OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [3971224 2026-04-18] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\147.0.7727.138\Installer\chrmstp.exe [7428248 2026-05-01] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{296985B0-9E7B-49B0-9C65-7847A6489C4D}] -> C:\Program Files (x86)\ASAP Utilities\Add_ASAP_Utilities_to_the_Excel_menu.exe [3168744 2023-08-16] (A Must in Every Office B.V. -> A Must in Every Office BV) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\143.0.7499.193\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel=stable Startup: C:\Users\ThinkPad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-08-08] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NordVPN.lnk [2023-06-27] ShortcutTarget: NordVPN.lnk -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> NordVPN) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy-Firefox: Restriction <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {67845216-6E6D-4D66-BE0F-AD19441B46DF} - \CreateExplorerShellUnelevatedTask -> No File <==== ATTENTION Task: {D6043F85-FD36-42D0-916E-3E2EC5282676} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-A3ONV2K-ThinkPad => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {A0B10C50-DFC0-49BC-B2B2-10C6C9E8B80B} - System32\Tasks\CorelUpdateHelperTask-7CCE9781ADFB970CD535C05EC8E341CE => C:\Program Files (x86)\Corel\CUH\v2\CUH.EXE [3834384 2024-01-12] (Corel Corporation -> Corel Corporation) Task: {71ABAAC0-A26C-4957-806D-A38707E9F04B} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.EXE [3834384 2024-01-12] (Corel Corporation -> Corel Corporation) Task: {C621ADA6-D6A7-4BA6-939E-FC23B74959E3} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem148.0.7730.0{30E36D59-6E8E-4247-977D-20125AF19932} => C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe [8459416 2026-03-12] (Google LLC -> Google LLC) Task: {DD0CCCA1-8DB7-4500-A407-C4B1A9F0574B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {EB444571-ECB1-4780-B1A6-8FB14ABA602D} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService Task: {FD21EB57-F211-4877-BFA8-2F75B53BB168} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {3DF8959D-40F6-438D-9BA9-A91AF4772AF2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4ed5e735-66e3-4759-8236-654fc3e34ce2 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {ACFF4E12-4767-4930-8E60-C1FCB91C8B9A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\90d23afa-fca9-41b1-b3f6-398c7ce0b369 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {43556FE4-4D8D-41EB-9A2C-BAD0753EE8C1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\df4515b4-16fa-471b-831d-35804606788d => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) Task: {EF740F02-2783-480A-AA8A-DDAE02D2825A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-392841454-1143268526-995401741-1001 => C:\Users\ThinkPad\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [93520 2026-03-06] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {8BFAC803-303E-481A-BA03-96F2DFE5C16E} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [129880 2025-06-04] (Lenovo -> Lenovo) Task: {0D49BEC9-ECDB-48BB-B33B-4E502E5F29D3} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [67416 2025-06-04] (Lenovo -> ) Task: {0198F63D-A3DF-4729-AB93-F8F40425933D} - System32\Tasks\Lenovo\SmartStandby\Daily analysis => C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_3d585c065d8f0236\AutonomicMgr.exe [76728 2025-11-14] (Lenovo -> ) Task: {F3ADA0E6-9FA8-4F78-B2A5-256498852F2B} - System32\Tasks\Lenovo\SmartStandby\Uninstall Monitor => C:\WINDOWS\system32\SmartStandbyInst.exe [46008 2025-11-14] (Lenovo -> ) Task: {D7862AA0-BA68-43BC-A048-2BE2DC2F6F04} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210 Task: {E5F29150-2679-4249-8B65-FE7A8FF53CA2} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [91048 2025-10-20] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle Task: {0A7D6C8D-6AE7-4BD0-8235-8D5D4EDC5DDA} - System32\Tasks\Lenovo\UDC\Lenovo UDC Lazy Deployment => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 221 Task: {ED8AA2D9-6252-494C-ADFE-28770D9F3D9E} - System32\Tasks\Lenovo\UDC\Lenovo UDC Maintainance Task => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 220 Task: {D31B949B-770B-4FF8-BF1B-4FAC4AB242F9} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [246160 2025-10-20] (Lenovo -> Lenovo Group Ltd.) Task: {95412564-B339-4FF1-913B-FDA8E008EA08} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService Task: {4EE0EF85-C5E3-43E1-9491-E7AB7DFD08E1} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {A0C53B2E-AEAE-4D31-87C9-0D1F3D7DE4C5} - System32\Tasks\Lenovo\Vantage\Schedule\ConsumerAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {3038D756-F012-4BB3-BBE1-1A63F08067DC} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {547C5DA1-FA26-4651-B3EF-223641DA9767} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {90CB0751-04DC-4B6D-AAD3-4D90EC5CE321} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin_Pulsation => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {A1CCC75F-5500-408B-BF61-9532988BE42D} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {9766514D-9384-466A-B252-D545BD57A57E} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {CCA73E74-7F35-4644-BF53-96E91BC8D40C} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {A6BB5397-8D7A-4625-8438-2A78520EF981} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {E8D54506-BDEE-4F79-8473-A976A9D5A8A7} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSupportHealthReportSchedule => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {2B8EA02B-798D-4768-9D59-5D51F233B1AF} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {9811F1BE-BC43-46D9-A93B-A05434F9863C} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File) Task: {5072A059-0C04-48BB-9966-3B0DC97083D5} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {21D96E88-BCA6-4EFA-ADF8-AEF5AAFC3D5A} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {016D1713-86D8-4D58-BB7D-0322F028E7D0} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {C2A2DE85-BEDD-4000-839F-6156C7BFF82D} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.1.0.29\x86\IdleScheduleEventAction.exe [173536 2026-04-21] (Lenovo -> ) Task: {DDF4CA75-F568-4EDA-B1DD-B8FA23614A45} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\ScheduleEventAction.exe [276032 2026-03-17] (Lenovo -> Lenovo) Task: {225BE2C9-A6F1-4789-9342-CEFDF345FD51} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File) Task: {5FD1C173-0F7F-4723-BFCF-D063873FD22E} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File) Task: {56B55FD5-C403-45A0-9FD0-D58243CD85F7} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [11419480 2025-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {935FCA62-FD6F-4C3B-B6B5-64E3CC1DDCC1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {C30C56B5-671A-4C7A-8571-00E32E68A734} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\opushutil.exe [61280 2025-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {B3520827-840A-44C7-BBDC-731AEA7F428F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29025120 2025-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {B8DA5164-582B-45BE-BA0C-009F49C4CF59} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [224520 2025-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {2FA6C4CF-FDEC-4B6B-870C-E386EBC39636} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [224520 2025-10-15] (Microsoft Corporation -> Microsoft Corporation) Task: {03351968-FC0A-4DD3-A7DB-06F987603C95} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [705664 2026-04-28] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {E977DCB1-8156-419B-9A38-4F814085E573} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-392841454-1143268526-995401741-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [705664 2026-04-28] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters). Task: {5825E6B2-9A10-4354-AF56-18E457440D74} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33920 2026-04-28] (Mozilla Corporation -> Mozilla Foundation) Task: {F36D0CD7-C35C-4ABD-95F9-E951B0134334} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-392841454-1143268526-995401741-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) Task: {5D1A1838-D884-4941-9584-7065C2A9EF38} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-392841454-1143268526-995401741-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File) Task: {93D66C6D-9BBD-477C-A855-C29AB2F347B9} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\rundll32.exe [89600 2025-05-13] (Microsoft Windows -> Microsoft Corporation) -> C:\WINDOWS\system32\url.dll,FileProtocolHandler "hxxps://start.roboform.com/#initial-login&from-desktop" Task: {4A5B30DB-3735-40E2-8A50-DDC506ABEFBD} - System32\Tasks\PowerToys\Autorun for ThinkPad => C:\Program Files\PowerToys\PowerToys.exe [1585464 2026-04-29] (Microsoft Corporation -> Microsoft Corporation) Task: {16E4B89C-C6D5-4B0F-9DD2-B974BDACE85C} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ed3f04e1261e4822\RtkAudUService64.exe [3500400 2022-06-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {E2D43182-5679-4227-BF51-2C17F7A113F4} - System32\Tasks\Run RoboForm Process => C:\Program Files\Mozilla Firefox\firefox.exe [705664 2026-04-28] (Mozilla Corporation -> Mozilla Corporation) -> hxxps://start.roboform.com#updated=1757440268 Task: {FA28F8F7-196D-446F-BA38-1E16A440731A} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [4514392 2026-04-23] (Siber Systems -> Siber Systems) -> C:\Program Files (x86)\Siber Systems\AI RoboForm\/autoupdate=9.7.9.9 Task: {999602DA-F61A-49CF-9A75-D88D39227533} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Autofix => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin\symerr.exe [91712 2020-12-03] (Symantec Corporation -> Broadcom) Task: {FE63B46E-8076-4DCA-915F-069AEA1C1605} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin\symerr.exe [91712 2020-12-03] (Symantec Corporation -> Broadcom) Task: {C40BAA54-CBF8-4B80-BB2F-5D02467FC360} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin\symerr.exe [91712 2020-12-03] (Symantec Corporation -> Broadcom) Task: {7DB2BB75-573E-4220-9139-99A6987A77F6} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe [1492128 2021-03-08] (Tweaking LLC -> Tweaking.com) -> C:\Program Files (x86)\Tweaking.com\Registry Backup\/supersilent Task: {D41509A0-A363-4B58-AC59-FCBEB32F3A35} - System32\Tasks\WD Device Agent Task administrator => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [720432 2021-07-01] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) Task: {5EC8DDB6-7B3E-44ED-99E2-2706E752EB74} - System32\Tasks\WD Device Agent Task thinkpad => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [720432 2021-07-01] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) Task: {55A7B715-A20C-4046-9FFB-520EA36B0781} - System32\Tasks\WD Discovery Service Task administrator => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [58880 2021-07-01] () [File not signed] Task: {5AD489DF-B02C-4743-A357-DD08F2E6F982} - System32\Tasks\WD Discovery Service Task thinkpad => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [58880 2021-07-01] () [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3e63fc86-1f9e-4715-a176-7d6fbc30f74a}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3e63fc86-1f9e-4715-a176-7d6fbc30f74a}: [DhcpDomain] mynetworksettings.com Tcpip\..\Interfaces\{3f641cb4-02ec-4b02-b2e4-28de201a4d97}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3f641cb4-02ec-4b02-b2e4-28de201a4d97}\0556E6765796E6D25374: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3f641cb4-02ec-4b02-b2e4-28de201a4d97}\0556E6765796E6D25374: [DhcpDomain] mynetworksettings.com Tcpip\..\Interfaces\{e3ccfad6-1743-4ff0-9f65-d2695e5390f1}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF TaskBarID: 308046B0AF4A39CB -> C:\Program Files\Mozilla Firefox FF DefaultProfile: cv83dznr.Default User -> 308046B0AF4A39CB FF ProfilePath: C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User [2026-05-02] FF DownloadDir: C:\Users\ThinkPad\Desktop FF Homepage: Mozilla\Firefox\Profiles\cv83dznr.Default User -> about:blank FF Notifications: Mozilla\Firefox\Profiles\cv83dznr.Default User -> hxxps://calendar.google.com; hxxps://www.jetblue.com; hxxps://nsaneforums.com; hxxps://keepa.com; hxxps://www.verizon.com; hxxps://mail.google.com; hxxps://www.facebook.com; hxxps://www.retailmenot.com; hxxps://service.anker.com FF Extension: (Keepa - Amazon Price Tracker) - C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User\Extensions\amptra@keepa.com.xpi [2024-04-03] FF Extension: (Translate websites in your browser without using the cloud.) - C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User\Extensions\firefox-translations-addon@mozilla.org.xpi [2025-04-27] FF Extension: (Ghostery AdBlocker for Privacy) - C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User\Extensions\firefox@ghostery.com.xpi [2026-04-23] FF Extension: (The Camelizer) - C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User\Extensions\izer@camelcamelcamel.com.xpi [2021-03-03] FF Extension: (Print Friendly & PDF) - C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User\Extensions\jid0-YQz0l1jthOIz179ehuitYAOdBEs@jetpack.xpi [2022-05-27] FF Extension: (AdBlocker for YouTube™) - C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2024-07-30] FF Extension: (RetailMeNot Deal Finder™️) - C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User\Extensions\retailmenot-genie@rmn.com.xpi [2023-02-01] FF Extension: (RoboForm Password Manager) - C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User\Extensions\rf-firefox@siber.com.xpi [2026-04-06] FF Extension: (uBlock Origin) - C:\Users\ThinkPad\AppData\Roaming\Mozilla\Firefox\Profiles\cv83dznr.Default User\Extensions\uBlock0@raymondhill.net.xpi [2026-03-13] FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2021-02-26] [Legacy] FF HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\ThinkPad\AppData\Roaming\Move Networks => not found FF HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi => not found FF HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found FF HKU\S-1-5-21-392841454-1143268526-995401741-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ThinkPad\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\ThinkPad\AppData\Roaming\IDM\idmmzcc5 [2021-02-26] [Legacy] [not signed] FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2025-12-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2025-12-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2025-12-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2025-12-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2025-12-31] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.23 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2025-12-31] (VideoLAN -> VideoLAN) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (Garmin International, Inc. -> GARMIN Corp.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-09-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @movenetworks.com/Quantum Media Player -> C:\Users\ThinkPad\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [No File] FF Plugin HKU\S-1-5-21-392841454-1143268526-995401741-1001: @movenetworks.com/Quantum Media Player -> C:\Users\ThinkPad\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [No File] Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\ThinkPad\AppData\Local\Microsoft\Edge\User Data\Default [2026-05-01] Edge DownloadDir: C:\Attachments to Agent Edge Extension: (change-language) - C:\Users\ThinkPad\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fancfknaplihpclbhbpclnmmjcjanbaf [2026-04-29] Edge Extension: (RetailMeNot: Codes, Cash Back and Coupons) - C:\Users\ThinkPad\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fhlidomodkicgjafmppbblmgbkdcjpad [2026-04-27] Edge Extension: (Google Docs Offline) - C:\Users\ThinkPad\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-04-29] Edge Extension: (Edge relevant text changes) - C:\Users\ThinkPad\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-09] Edge Extension: (RoboForm Password Manager) - C:\Users\ThinkPad\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljfpcifpgbbchoddpjefaipoiigpdmag [2026-04-29] Edge Extension: (PrintFriendly: Print Clean Pages, Save as PDF & Screenshot, AI Tools) - C:\Users\ThinkPad\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nhiebejbpolmpkikgbijamagibifhjib [2026-04-29] Edge DownloadDir: Default -> C:\Attachments to Agent Chrome: ======= CHR Profile: C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default [2026-05-01] CHR DownloadDir: C:\Attachments to Agent CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2026-04-30] CHR Extension: (No Name) - C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2021-02-26] [UpdateUrl:0] <==== ATTENTION CHR Extension: (Chrome Web Store Payments) - C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-28] CHR Extension: (PrintFriendly: Print Clean Pages, Save as PDF & Screenshot, AI Tools) - C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2026-04-30] CHR Extension: (RoboForm Password Manager) - C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2026-04-18] CHR Profile: C:\Users\ThinkPad\AppData\Local\Google\Chrome\User Data\System Profile [2022-06-01] CHR HKU\S-1-5-21-392841454-1143268526-995401741-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aakore; C:\Program Files (x86)\Common Files\Acronis\Agent\aakore.exe [19150216 2026-02-13] (Acronis International GmbH -> Acronis International GmbH) R2 AcronisActiveProtectionService; C:\Program Files\Common Files\Acronis\ActiveProtection\active_protection_service.exe [15849928 2026-02-13] (Acronis International GmbH -> Acronis International GmbH) R2 AcronisCyberProtectionService; C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe [1429240 2025-03-18] (Acronis International GmbH -> Acronis International GmbH) R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1882112 2026-02-13] (Acronis International GmbH -> Acronis International GmbH) R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6356560 2026-04-09] (Acronis International GmbH -> Acronis International GmbH) R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [2935032 2026-02-19] (BACKBLAZE, INC. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13288288 2025-10-15] (Microsoft Corporation -> Microsoft Corporation) R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_2d3e2e42e0f8523f\DAX3API.exe [2549352 2024-08-16] (Dolby Laboratories, Inc. -> Dolby Laboratories) R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [1028024 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-03-14] (Freemake) [File not signed] S2 heCAF; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\SAEP\Common Agent Framework\CAFServiceMain.exe [3327032 2021-02-12] (Symantec Corporation -> Broadcom) R2 HLfms; C:\Program Files\High-Logic FontService\fontservice.exe [11958432 2022-12-12] (High-Logic B.V. -> High-Logic B.V.) R2 IBMPMSVC; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\ibmpmsvc.exe [1067920 2025-10-28] (Lenovo -> Lenovo) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.) R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe [532024 2022-06-02] (Intel Corporation -> Intel) R2 IntelGraphicsSoftwareService; C:\Program Files\WindowsApps\AppUp.IntelArcSoftware_26.8.2209.0_x64__8j3eq9eme6ctt\VFS\ProgramFilesX64\Intel\Intel Graphics Software\IntelGraphicsSoftware.Service.exe [312832 2026-04-21] (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) R2 IntuitUpdateServiceV4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [19840 2022-08-25] (Intuit ESD Test Certificate -> Intuit Inc.) [File not signed] R2 IntuitUpdateServiceV5; C:\Program Files\Common Files\Intuit\Update Service v5\IntuitUpdateService.exe [17688 2025-10-07] (INTUIT INC. -> Intuit Inc.) S4 LenovoBrightCtrl; C:\WINDOWS\System32\DriverStore\FileRepository\litsdrv.inf_amd64_59184464213308df\x64\BrightnessControl.exe [168336 2025-10-22] (Lenovo -> Lenovo.) R2 LenovoSmartStandby; C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_3d585c065d8f0236\SmartStandby.exe [350648 2025-11-14] (Lenovo -> Lenovo) R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.2601.21.0\LenovoVantageService.exe [34368 2026-03-17] (Lenovo -> Lenovo) R2 LITSSVC; C:\WINDOWS\System32\DriverStore\FileRepository\litsdrv.inf_amd64_59184464213308df\x64\LITSSvc.exe [1169296 2025-10-22] (Lenovo -> Lenovo.) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit Information Technology -> IObit) <==== ATTENTION S2 LPlatSvc; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\LPlatSvc.exe [895888 2025-10-28] (Lenovo -> Lenovo) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [13004248 2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11481048 2026-04-23] (Malwarebytes Inc -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2026-04-23] (Malwarebytes Inc. -> Malwarebytes) S3 MicrosoftCopilotElevationService; C:\Program Files (x86)\Microsoft\Copilot\Application\147.0.3912.93\elevation_service.exe [3602248 2026-04-28] (Microsoft Corporation -> Microsoft Corporation) R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [5933752 2026-02-13] (Acronis International GmbH -> Acronis International GmbH) R3 nordsec-threatprotection-service; C:\Program Files\NordVPN\NordSec ThreatProtection\nordsec-threatprotection-service.exe [2542112 2025-04-02] (nordvpn s.a. -> NordVPN) R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-12-21] (nordvpn s.a. -> nordvpn S.A.) R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [2542112 2025-04-02] (nordvpn s.a. -> NordVPN) R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 RCService; C:\Program Files (x86)\AnyViewer\RCService.exe [1097992 2025-05-26] (AOMEI International Network Limited -> AOMEI International Network Limited) R2 RoboFormUpdaterService; C:\Program Files (x86)\Siber Systems\AI RoboForm\rf-updater.exe [3875416 2026-04-23] (Siber Systems -> Siber Systems) S3 SbieSvc; C:\Program Files (x86)\Sandboxie\SbieSvc.exe [261784 2019-10-15] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [811328 2026-03-10] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SensRst; C:\WINDOWS\System32\WBFResetService108.exe [656880 2021-12-09] (Synaptics Incorporated -> Synaptics Incorporated.) S4 SepLpsService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin\ccSvcHst.exe [161968 2020-12-03] (Symantec Corporation -> Broadcom) R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin\ccSvcHst.exe [161968 2020-12-03] (Symantec Corporation -> Broadcom) R2 SepScanService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\bin64\ccSvcHst.exe [198416 2020-12-03] (Symantec Corporation -> Broadcom) R2 sepWscSvc; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64\sepWscSvc64.exe [1340912 2020-12-03] (Symantec Corporation -> Broadcom) R2 SISIDSService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\SAEP\IDS\bin\SISIDSService.exe [7697416 2021-02-12] (Symantec Corporation -> Broadcom) R2 SISIPSService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\SAEP\IPS\bin\SISIPSService.exe [97800 2021-02-12] (Symantec Corporation -> Broadcom) R2 SISIPSUtil; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\SAEP\IPS\bin\SISIPSUtil.exe [261128 2021-02-12] (Symantec Corporation -> Broadcom) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64\snac64.exe [222664 2020-12-03] (Symantec Corporation -> Broadcom) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2021-11-25] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2021-11-25] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] S2 SynaHlp; C:\WINDOWS\System32\SynaHelperService108.exe [360944 2021-12-09] (Synaptics Incorporated -> Synaptics Incorporated.) R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [258272 2025-01-15] (Intel Corporation -> Intel Corporation) R3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [6370760 2026-02-13] (Acronis International GmbH -> Acronis International GmbH) R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_8e91a39d67d49dc4\driver\TPHKLOAD.exe [316992 2026-03-18] (Lenovo -> Lenovo) R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [72616 2025-10-20] (Lenovo -> Lenovo Group Ltd.) S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} [20352 2023-11-20] (Microsoft Windows -> Microsoft Corporation) S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} [20352 2023-11-20] (Microsoft Windows -> Microsoft Corporation) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [367616 2022-04-22] (Western Digital Technologies, Inc.) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed] S3 ss_conn_launcher_service; %SystemRoot%\System32\Samsung\EasySetup\ss_conn_launcher.exe (No File) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Data\Definitions\BASHDefs\20260430.001\BHDrvx64.sys [1706512 2023-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 ccSettings_{E4893454-EFD3-48D8-B37A-809A005F7F0D}; C:\WINDOWS\System32\Drivers\SEP\0E030D38\03E8.105\x64\ccSetx64.sys [192304 2020-12-03] (Symantec Corporation -> Broadcom) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [536216 2025-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [166992 2025-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [159296 2026-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [968184 2026-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Acronis International GmbH) R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [397368 2026-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Acronis International GmbH) R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [179184 2026-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Acronis International GmbH) R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-22] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-22] (Intel Corporation -> Intel Corporation) R3 IBMPMDRV; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\ibmpmdrv.sys [56720 2025-10-28] (Lenovo -> Lenovo) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Data\Definitions\IPSDefs\20260501.071\IDSvia64.sys [1527816 2023-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [41536 2022-08-17] (Microsoft Windows Hardware Compatibility Publisher -> IObit Information Technology) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (cert@ezbsystems.com -> EZB Systems, Inc.) R1 JitDriver; C:\Windows\system32\drivers\JitDriver.sys [47104 2021-03-15] (Microsoft Windows Hardware Compatibility Publisher -> ) R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [236136 2026-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2026-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\Drivers\farflt.sys [212584 2026-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\System32\Drivers\mbam.sys [81000 2026-05-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [245864 2026-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [190096 2026-05-01] (Malwarebytes Inc -> Malwarebytes) R2 NDivert; C:\Program Files\NordVPN\8.1.2.0\Drivers\NDivert.sys [197592 2026-01-07] (nordvpn s.a. -> NordVPN S.A.) S0 ngelam; C:\WINDOWS\System32\drivers\ngelam.sys [32272 2025-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Acronis International GmbH) R1 ngscan; C:\WINDOWS\System32\DRIVERS\ngscan.sys [294480 2026-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Acronis International GmbH) R3 ovpn-dco; C:\WINDOWS\System32\drivers\ovpn-dco.sys [99984 2026-01-07] (WDKTestCert lev,133391533294737317 -> OpenVPN, Inc) R1 PMDRVS; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_ce00423f6224d769\x64\pmdrvs.sys [42384 2025-10-28] (Lenovo -> Lenovo) S3 SbieDrv; C:\Program Files (x86)\Sandboxie\SbieDrv.sys [191360 2019-10-16] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 SISIDSRegDrv; C:\Windows\system32\Drivers\SISIDSRegDrv.sys [53696 2021-02-12] (Symantec Corporation -> Symantec Corporation) S3 SISIPSDeviceFilter; C:\Windows\system32\Drivers\SISIPSDeviceFilter.sys [52672 2021-02-12] (Symantec Corporation -> Symantec Corporation) R1 SISIPSDriver; C:\WINDOWS\System32\Drivers\SISIPSDriver.sys [365504 2021-02-12] (Symantec Corporation -> Symantec Corporation) S3 SISIPSFileFilter; C:\Windows\system32\Drivers\SISIPSFileFilter.sys [90560 2021-02-12] (Symantec Corporation -> Symantec Corporation) S3 SISIPSNetFilter; C:\Windows\system32\Drivers\SISIPSNetFilter.sys [68032 2021-02-12] (Symantec Corporation -> Symantec Corporation) R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [395272 2026-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Acronis International GmbH) S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider) R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E030D38\03E8.105\x64\SRTSP64.SYS [899936 2020-12-03] (Symantec Corporation -> Broadcom) R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E030D38\03E8.105\x64\SRTSPX64.SYS [51040 2020-12-03] (Symantec Corporation -> Broadcom) S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Bin64\SyDvCtrl64.sys [46720 2020-12-03] (Symantec Corporation -> Broadcom) R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0704000.07D\symefasi64.sys [2059632 2021-02-12] (Symantec Corporation -> Broadcom) S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0E030D38\03E8.105\x64\SymELAM.sys [25024 2020-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101232 2021-02-12] (Symantec Corporation -> Broadcom) S3 SymEvnt; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.3384.1000.105\Data\SymPlatform\SymEvnt.sys [951264 2023-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E030D38\03E8.105\x64\Ironx64.SYS [317296 2020-12-03] (Symantec Corporation -> Broadcom) R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E030D38\03E8.105\x64\symnets.sys [574320 2020-12-03] (Symantec Corporation -> Broadcom) R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [265616 2021-02-12] (Symantec Corporation -> Broadcom) R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [53088 2025-08-04] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [130488 2020-12-03] (Symantec Corporation -> Symantec Corporation) R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [171072 2026-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Acronis International GmbH) U4 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [335760 2026-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Acronis International GmbH) R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [246824 2026-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Acronis International GmbH) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [25704 2020-09-10] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) R1 wdfsconnect2017; C:\Windows\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.) R3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-03-18] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) S3 dg_ssudbus; \SystemRoot\system32\DRIVERS\ssudbus2.sys (No File) S3 MpKsle039baf2; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3217CFE7-81D2-4505-B137-B07166FD5E84}\MpKslDrv.sys (No File) S3 ssudmdm; \SystemRoot\system32\DRIVERS\ssudmdm.sys (No File) S3 ss_conn_usb_driver2; \SystemRoot\System32\Drivers\ss_conn_usb_driver2.sys (No File) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2026-05-01 22:43 - 2026-05-01 22:43 - 000125562 _____ C:\Users\ThinkPad\Desktop\Tennis Bag.pdf 2026-05-01 21:55 - 2026-05-01 21:55 - 000131180 _____ C:\Users\ThinkPad\Desktop\Whole Foods Drop Off by May 30 311408576859.JPEG 2026-05-01 18:13 - 2026-05-01 18:13 - 000042499 _____ C:\Users\ThinkPad\AppData\LocalLow\fd2d3106917312fbe0b4ad2253a9aebd6d6e3a370c0b940c19d6be3afd52e570 2026-05-01 18:13 - 2026-05-01 18:13 - 000000026 _____ C:\Users\ThinkPad\AppData\LocalLow\02a7c40f288d1e61c89375869926504d8aaf8214d8901ee2226b92f5c1cacae7 2026-05-01 18:13 - 2026-05-01 18:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys 2026-05-01 18:13 - 2026-05-01 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview) 2026-05-01 14:45 - 2026-05-01 14:45 - 000190096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2026-05-01 11:40 - 2026-05-01 11:40 - 000001386 _____ C:\Users\ThinkPad\Desktop\Microsoft Help Comments Response.txt 2026-04-30 16:31 - 2026-05-01 14:42 - 000000000 ____D C:\Microsoft CD Drive (E) Help 2026-04-29 08:48 - 2026-04-29 08:49 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2026-04-27 11:32 - 2026-04-27 11:32 - 001056393 _____ C:\Users\ThinkPad\lame3.100.1-win32.zip 2026-04-26 21:14 - 2026-04-26 21:14 - 000000041 ___SH C:\ProgramData\.zreglib 2026-04-26 21:11 - 2026-04-26 21:24 - 000000000 ____D C:\Program Files (x86)\SlySoft 2026-04-26 19:43 - 2026-04-26 19:50 - 000088674 _____ C:\Users\ThinkPad\Desktop\How To Convert Audio CDA Music files to MP3 on Computer.pdf 2026-04-25 16:28 - 2026-04-25 16:28 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2026-04-25 16:21 - 2026-04-25 16:21 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2026-04-25 16:21 - 2026-04-25 16:21 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\FreemakeVideoDownloader 2026-04-25 16:21 - 2026-04-25 16:21 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\FreemakeVideoConverter 2026-04-25 16:21 - 2026-04-25 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2026-04-25 15:36 - 2026-04-25 15:36 - 000196281 _____ C:\Users\ThinkPad\Desktop\Spanish Cinco de Mayo COMBO.pdf 2026-04-25 14:44 - 2026-04-25 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutter Encoder 2026-04-25 14:43 - 2026-04-25 14:43 - 173005080 _____ (Paul Pacifico ) C:\Users\ThinkPad\Downloads\Shutter Encoder 20.0 Windows 64bits.exe 2026-04-23 16:52 - 2026-05-01 18:25 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\Malwarebytes 2026-04-23 16:52 - 2026-04-23 16:52 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2026-04-23 16:52 - 2026-04-23 16:52 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2026-04-23 16:52 - 2026-04-23 16:52 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\Sentry 2026-04-23 16:48 - 2026-04-23 16:51 - 000000000 ____D C:\ProgramData\Malwarebytes 2026-04-23 16:48 - 2026-04-23 16:51 - 000000000 ____D C:\Program Files\Malwarebytes 2026-04-23 16:10 - 2026-04-23 16:10 - 000000055 _____ C:\Users\ThinkPad\Desktop\Tennis Outdoor Permit Link URL.txt 2026-04-15 09:56 - 2026-04-15 10:01 - 000000000 ___HD C:\$WinREAgent 2026-04-09 18:56 - 2026-04-09 18:56 - 000001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image for Western Digital.lnk 2026-04-04 12:14 - 2026-03-18 00:15 - 002399344 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2026-04-04 12:14 - 2026-03-18 00:15 - 002399344 _____ C:\WINDOWS\system32\vulkaninfo.exe 2026-04-04 12:14 - 2026-03-18 00:15 - 002098080 _____ C:\WINDOWS\system32\ze_intel_gpu_raytracing.dll 2026-04-04 12:14 - 2026-03-18 00:15 - 001907832 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2026-04-04 12:14 - 2026-03-18 00:15 - 001907832 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2026-04-04 12:14 - 2026-03-18 00:15 - 001126728 _____ C:\WINDOWS\system32\ze_validation_layer.dll 2026-04-04 12:14 - 2026-03-18 00:15 - 000982264 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll 2026-04-04 12:14 - 2026-03-18 00:15 - 000977040 _____ C:\WINDOWS\system32\ze_loader.dll 2026-04-04 12:14 - 2026-03-18 00:15 - 000819952 _____ (Intel) C:\WINDOWS\system32\libvpl.dll 2026-04-04 12:14 - 2026-03-18 00:15 - 000740992 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll 2026-04-04 12:14 - 2026-03-18 00:15 - 000698944 _____ C:\WINDOWS\system32\ze_tracing_layer.dll 2026-04-04 12:14 - 2026-03-18 00:15 - 000698032 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll 2026-04-04 12:14 - 2026-03-18 00:14 - 027987056 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll 2026-04-04 12:14 - 2026-03-18 00:14 - 020711032 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll 2026-04-04 12:14 - 2026-03-18 00:14 - 001639544 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2026-04-04 12:14 - 2026-03-18 00:14 - 001639544 _____ C:\WINDOWS\system32\vulkan-1.dll 2026-04-04 12:14 - 2026-03-18 00:14 - 001446000 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2026-04-04 12:14 - 2026-03-18 00:14 - 001446000 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2026-04-04 12:13 - 2026-03-18 00:14 - 000690240 _____ C:\WINDOWS\SysWOW64\IntelControlLib32.dll 2026-04-04 12:13 - 2026-03-18 00:14 - 000624912 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll 2026-04-04 12:13 - 2026-03-18 00:14 - 000512624 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2026-04-04 12:13 - 2026-03-18 00:14 - 000483920 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll 2026-04-04 12:13 - 2026-03-18 00:14 - 000393336 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2026-04-04 12:12 - 2026-03-18 00:13 - 000351248 _____ C:\WINDOWS\system32\ControlLib.dll 2026-04-04 12:12 - 2026-03-18 00:13 - 000298136 _____ C:\WINDOWS\SysWOW64\ControlLib32.dll 2026-04-03 16:08 - 2026-04-25 15:53 - 000000000 ____D C:\Spanish Stuff 2026 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2026-05-01 23:07 - 2021-04-25 13:34 - 000000000 ___RD C:\Attachments to Agent 2026-05-01 23:07 - 2021-02-25 19:59 - 000000000 ____D C:\FRST 2026-05-01 23:06 - 2026-01-29 15:23 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\NordVPN 2026-05-01 23:02 - 2022-02-09 12:18 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2026-05-01 23:02 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2026-05-01 22:06 - 2026-01-29 15:23 - 000000000 ____D C:\ProgramData\NordVPN 2026-05-01 21:52 - 2022-09-07 23:12 - 000000000 ____D C:\WINDOWS\SystemTemp 2026-05-01 21:52 - 2021-01-13 04:19 - 000000000 ____D C:\WINDOWS\TempInst 2026-05-01 20:53 - 2021-07-30 19:38 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\XYplorer 2026-05-01 20:48 - 2023-04-09 11:39 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\vlc 2026-05-01 20:48 - 2021-03-07 20:03 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\OpenShell 2026-05-01 20:00 - 2023-02-12 08:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2026-05-01 19:40 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2026-05-01 18:13 - 2021-01-13 04:13 - 000000000 ____D C:\ProgramData\Package Cache 2026-05-01 18:12 - 2022-01-08 13:57 - 000000000 ____D C:\Program Files\PowerToys 2026-05-01 18:12 - 2021-02-12 10:43 - 000000000 ____D C:\ProgramData\Packages 2026-05-01 18:12 - 2021-02-12 10:33 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\Packages 2026-05-01 18:12 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2026-05-01 18:11 - 2021-07-01 14:45 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\WD Discovery 2026-05-01 18:10 - 2021-02-12 10:33 - 000000000 __SHD C:\Users\ThinkPad\IntelGraphicsProfiles 2026-05-01 15:04 - 2023-04-17 10:11 - 000000000 ____D C:\WINDOWS\Minidump 2026-05-01 14:53 - 2023-02-12 09:02 - 000841126 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2026-05-01 14:53 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF 2026-05-01 14:51 - 2023-02-12 08:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Symantec Endpoint Protection 2026-05-01 14:45 - 2023-02-12 08:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2026-05-01 14:45 - 2021-01-13 04:18 - 000000000 ____D C:\Intel 2026-05-01 14:45 - 2020-05-06 14:33 - 000008192 ___SH C:\DumpStack.log.tmp 2026-05-01 14:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState 2026-05-01 14:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\registration 2026-05-01 14:45 - 2019-12-07 05:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI 2026-05-01 13:36 - 2024-07-08 18:52 - 000000000 ____D C:\Tennis Stuff 2026-05-01 13:36 - 2021-03-10 13:25 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Microsoft\Excel 2026-05-01 13:35 - 2021-02-25 23:53 - 000000000 ____D C:\Tennis NY 2026-05-01 12:13 - 2021-06-30 16:02 - 000000000 ____D C:\Users\ThinkPad\.wdc 2026-05-01 11:00 - 2021-02-26 01:07 - 000000000 ____D C:\ProgramData\ProductData 2026-05-01 10:58 - 2025-05-22 13:12 - 000003450 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-7CCE9781ADFB970CD535C05EC8E341CE 2026-05-01 09:06 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2026-05-01 08:41 - 2021-02-26 02:40 - 000000000 ___HD C:\Users\ThinkPad\AppData\Local\Adobe 2026-05-01 08:39 - 2023-02-12 08:58 - 000003534 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2026-05-01 08:39 - 2023-02-12 08:58 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2026-04-29 22:24 - 2021-02-26 01:28 - 000000000 ____D C:\Program Files (x86)\Recuva 2026-04-29 19:26 - 2025-12-05 10:13 - 000000130 _____ C:\Users\ThinkPad\AppData\LocalLow\55286158743f1ea3a7ff67b347481dd22ab5f7cbd2d8c4ebb5a287929ef1b101 2026-04-29 19:25 - 2025-12-05 10:13 - 000037433 _____ C:\Users\ThinkPad\AppData\LocalLow\992c35be6d4d2b353af53be4408568622ec9f039359ba2b57b92e727d359a29c 2026-04-29 19:12 - 2023-02-12 08:28 - 000000000 ____D C:\Users\ThinkPad 2026-04-29 16:03 - 2021-08-18 14:17 - 000000000 ____D C:\Program Files\Mozilla Firefox 2026-04-29 16:03 - 2021-02-28 12:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2026-04-29 10:54 - 2025-08-24 16:25 - 000000000 ____D C:\Driveway Stuff 2025 2026-04-28 10:50 - 2024-03-24 21:42 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Any Video Converter 2026-04-28 10:43 - 2021-02-25 23:41 - 000000000 ____D C:\Sewing - NEW Videos 2026-04-27 16:05 - 2021-02-22 16:05 - 3846959104 _____ C:\Users\ThinkPad\Documents\My WinCatalog File.w3cat 2026-04-27 15:59 - 2022-08-04 13:04 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\WinCatalog 2026-04-27 14:33 - 2021-02-26 02:57 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\RoboForm 2026-04-27 13:17 - 2021-03-03 19:04 - 000002413 ____H C:\Users\ThinkPad\AppData\Local\BFR6lastusedsettings.dpt6 2026-04-27 11:40 - 2021-02-26 01:22 - 000000000 ____D C:\Program Files (x86)\Exact Audio Copy 2026-04-27 09:37 - 2021-03-18 16:10 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\D3DSCache 2026-04-26 21:12 - 2023-02-09 20:52 - 000000000 ____D C:\Program Files\WinRAR 2026-04-26 21:01 - 2014-12-28 12:46 - 000001567 _____ C:\Users\ThinkPad\AppData\Roaming\burnaware.ini 2026-04-26 18:55 - 2021-02-26 02:39 - 000000000 ____D C:\Users\ThinkPad\Documents\WinCatalog Backups 2026-04-25 16:36 - 2021-03-19 20:32 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\mIRC 2026-04-25 16:30 - 2021-02-25 16:23 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Microsoft\HTML Help 2026-04-25 16:28 - 2023-02-20 19:59 - 000001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk 2026-04-25 16:28 - 2023-02-09 20:56 - 000001051 _____ C:\Users\Public\Desktop\WinRAR.lnk 2026-04-25 16:28 - 2023-02-09 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2026-04-25 16:25 - 2021-02-25 23:53 - 000000000 ____D C:\Temp 2026-04-25 16:21 - 2012-11-17 20:43 - 000001400 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk 2026-04-25 15:37 - 2021-03-01 20:18 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Microsoft\UProof 2026-04-25 15:16 - 2021-02-26 01:12 - 000000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate 2026-04-25 15:12 - 2025-06-10 12:39 - 000001924 _____ C:\Users\ThinkPad\Desktop\IrfanView 64 Thumbnails.lnk 2026-04-25 15:12 - 2025-06-10 12:39 - 000001050 _____ C:\Users\ThinkPad\Desktop\IrfanView 64.lnk 2026-04-25 15:12 - 2023-06-01 17:15 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2026-04-25 15:04 - 2021-02-11 19:32 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\CrashDumps 2026-04-25 15:02 - 2017-02-28 16:46 - 000001146 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk 2026-04-25 14:53 - 2025-05-07 19:21 - 000001926 _____ C:\Users\Public\Desktop\Subtitle Edit.lnk 2026-04-25 14:53 - 2022-06-17 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit 2026-04-25 14:53 - 2022-06-17 14:12 - 000000000 ____D C:\Program Files\Subtitle Edit 2026-04-25 14:44 - 2024-07-22 19:33 - 000000000 ____D C:\Users\ThinkPad\Shutter Encoder 2026-04-25 14:44 - 2024-07-22 19:32 - 000000000 ____D C:\Program Files\Shutter Encoder 2026-04-25 14:42 - 2022-08-19 20:20 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\audacity 2026-04-25 14:39 - 2021-02-26 01:43 - 000000000 ___HD C:\Users\ThinkPad\Documents\_gsdata_ 2026-04-25 14:34 - 2021-05-29 14:25 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\GoodSync 2026-04-25 14:31 - 2021-02-25 18:33 - 000000000 ____D C:\CryptoPrevent 2026-04-25 14:29 - 2021-03-07 17:45 - 000000000 ____D C:\Hekasoft Backups 2026-04-25 14:26 - 2021-04-16 13:22 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\calibre 2026-04-24 16:53 - 2021-02-26 02:42 - 000000000 ___HD C:\Users\ThinkPad\AppData\Local\calibre-cache 2026-04-24 16:52 - 2021-04-29 18:51 - 000000000 ____D C:\Users\ThinkPad\Documents\Calibre Libraries 2026-04-24 16:30 - 2021-02-25 19:45 - 000000000 ____D C:\EBooks 2026-04-24 13:33 - 2021-03-12 15:02 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Microsoft\Word 2026-04-23 16:52 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2026-04-23 15:25 - 2021-02-25 23:37 - 000000000 ____D C:\RGL Items to Save 2026-04-23 14:55 - 2021-02-25 18:32 - 000000000 ____D C:\Attachments to Email 2026-04-22 11:47 - 2026-01-29 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec 2026-04-22 11:47 - 2026-01-29 15:23 - 000000000 ____D C:\Program Files\NordVPN 2026-04-21 23:02 - 2022-03-25 12:27 - 000000000 ____D C:\Medical 2026-04-21 18:53 - 2023-11-19 11:37 - 000001114 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2026-04-21 18:53 - 2023-11-19 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2026-04-21 18:53 - 2022-08-08 09:15 - 000000000 ____D C:\Program Files\Calibre2 2026-04-20 19:15 - 2026-01-29 15:23 - 000000000 ____D C:\Program Files\NordUpdater 2026-04-17 16:56 - 2021-02-28 22:04 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Microsoft\Office 2026-04-17 12:11 - 2026-03-22 15:21 - 000000000 ____D C:\Users\ThinkPad\Desktop\EARPLUG Loop Quiet Insert Remove Stuff 2026-04-17 12:10 - 2024-03-24 21:41 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvsoft 2026-04-16 14:43 - 2021-02-25 23:24 - 000000000 ____D C:\Quicken Backup Data Files 2026-04-15 13:48 - 2023-02-12 08:52 - 000660696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2026-04-15 12:13 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2026-04-15 12:13 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources 2026-04-15 12:13 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2026-04-15 12:13 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup 2026-04-15 12:13 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2026-04-15 12:13 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2026-04-15 12:13 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2026-04-15 10:36 - 2021-02-12 11:12 - 000000000 ____D C:\WINDOWS\system32\MRT 2026-04-15 10:27 - 2021-02-12 11:11 - 218249592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2026-04-15 10:22 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2026-04-15 10:16 - 2023-02-12 08:52 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2026-04-12 11:40 - 2021-02-25 20:16 - 000000000 ____D C:\Insurance Policies 2026-04-10 16:34 - 2021-02-26 02:38 - 000000000 ____D C:\Users\ThinkPad\Documents\TurboTax 2026-04-09 19:00 - 2025-04-17 19:19 - 000968184 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\file_protector.sys 2026-04-09 18:57 - 2021-07-21 16:20 - 000397368 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\file_tracker.sys 2026-04-09 18:57 - 2021-07-21 16:20 - 000395272 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys 2026-04-09 18:57 - 2021-07-21 16:20 - 000335760 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\virtual_file.sys 2026-04-09 18:57 - 2021-07-21 16:20 - 000246824 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\volume_tracker.sys 2026-04-09 18:57 - 2021-07-21 16:20 - 000179184 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys 2026-04-09 18:56 - 2021-07-21 16:20 - 000171072 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib_mounter.sys 2026-04-09 18:56 - 2021-07-21 16:20 - 000001281 _____ C:\Users\Public\Desktop\Acronis True Image for Western Digital.lnk 2026-04-09 18:56 - 2021-07-21 16:19 - 000000000 ____D C:\ProgramData\Acronis 2026-04-08 15:18 - 2021-02-25 19:44 - 000000000 ____D C:\Spanish Tests OLD 2026-04-04 19:16 - 2023-11-20 21:45 - 000000000 ____D C:\TV Programs 2026-04-04 19:14 - 2021-03-01 20:43 - 000000000 ____D C:\Users\ThinkPad\AppData\Local\Newsbin 2026-04-04 18:36 - 2025-05-31 13:23 - 000005916 _____ C:\Users\ThinkPad\AppData\LocalLow\2f20d2aebae05e3ad64cc03ef7d39e44bd0db8d5f4d21a7290b31af20f796e2a 2026-04-04 18:36 - 2025-05-31 13:23 - 000000026 _____ C:\Users\ThinkPad\AppData\LocalLow\5ae15f60a694c0950e9e9263d177a80534070b8370ab46037b5e27248af2b235 2026-04-04 15:33 - 2025-06-01 12:53 - 000002264 _____ C:\Users\ThinkPad\AppData\LocalLow\f44583bd7e2c32cc4f40d912ae4247ce050cdd8c4ef2b3e23fd4fb1175c048e6 2026-04-04 12:15 - 2025-05-31 13:23 - 000005915 _____ C:\Users\ThinkPad\AppData\LocalLow\f6b5e8e93ac184a5b5d42c15ffc4b7861baed8460677b88e9cb13e44770238cd 2026-04-04 12:15 - 2025-05-31 13:23 - 000000130 _____ C:\Users\ThinkPad\AppData\LocalLow\70e5c43fd01613681078927f785287c3b5f05a5b441041231bfe955b06cd7fe6 2026-04-03 12:58 - 2021-02-25 20:16 - 000000000 ____D C:\Kindle 2026-04-01 21:26 - 2021-03-01 19:15 - 000000000 ____D C:\Users\ThinkPad\AppData\Roaming\TurboFTP 2026-04-01 21:26 - 2021-03-01 19:14 - 000000000 ____D C:\ProgramData\TEMP 2026-04-01 21:08 - 2021-02-25 18:33 - 000000000 ____D C:\Defensive Driving 2026-04-01 21:07 - 2023-11-05 17:12 - 000000000 ____D C:\Exercise Items 2026-04-01 21:04 - 2024-05-03 17:20 - 000000000 ____D C:\$Samsung Phone Backup ==================== Files in the root of some directories ======== 2024-08-30 15:15 - 2024-08-30 15:15 - 000960504 _____ (Python Software Foundation) C:\ProgramData\py.exe 2003-10-06 04:21 - 2003-10-06 04:21 - 000000000 ____H () C:\ProgramData\sdpsenv.dat 2024-06-19 18:15 - 2012-11-10 23:43 - 004232832 ____R () C:\Program Files\Goodsync Enterprise 9.2.0.0.zip 2024-06-19 17:54 - 1999-11-01 07:27 - 026179302 ____R () C:\Program Files\Lots A Logo01.rar 2024-06-19 17:55 - 2004-07-14 09:07 - 000058671 ____R () C:\Program Files\Mike Lin Startup Control Panel StartupCPL.zip 2024-06-19 17:55 - 2004-07-14 09:09 - 000061410 ____R () C:\Program Files\Mike Lin StartupMonitor.zip 2024-06-19 18:27 - 2009-08-06 22:02 - 000000131 ____R () C:\Program Files\rarreg.key ORIGINAL 2024-06-19 17:56 - 2004-06-05 22:14 - 000102824 ____R () C:\Program Files\Romcat Catalog CorelDraw 11 romcat11.zip 2024-06-19 17:56 - 2004-06-05 22:14 - 000102679 ____R () C:\Program Files\Romcat Catalog CorelDraw 12 romcat12.zip 2024-06-19 17:56 - 2004-12-14 10:12 - 000102824 ____R () C:\Program Files\romcat11.zip 2024-06-19 17:56 - 2004-12-14 10:13 - 000102679 ____R () C:\Program Files\romcat12.zip 2024-06-19 17:56 - 2004-12-14 10:13 - 000166738 ____R () C:\Program Files\romcat42.zip 2024-06-19 17:56 - 2005-04-11 13:11 - 000012759 ____R () C:\Program Files\RoundCorners12 Oberon.zip 2024-06-19 16:59 - 2010-10-25 18:48 - 000000240 ____R () C:\Program Files\TurboFTP SN.txt 2024-06-19 17:00 - 2009-12-17 10:39 - 001322783 ____R (PortableAppZ.blogspot.com) C:\Program Files\WinRAR_Portable_3.91_Multilingual.paf NOVIRUS WORKING.exe 2024-06-19 17:00 - 2010-10-17 17:07 - 001323007 ____R (PortableAppZ.blogspot.com) C:\Program Files\WinRAR_Portable_3.93_Multilingual.paf.exe 2024-06-19 18:23 - 2010-11-01 10:03 - 000004274 ____R () C:\Program Files\Xplorer2 KEY.txt 2024-07-03 16:25 - 2024-04-04 09:45 - 000000515 _____ () C:\Program Files (x86)\README.txt 2015-12-20 16:15 - 2015-12-20 16:15 - 000274212 _____ () C:\Program Files (x86)\unins000.dat 2015-12-20 16:15 - 2015-12-20 16:13 - 001178480 _____ () C:\Program Files (x86)\unins000.exe 2015-12-20 16:15 - 2015-12-20 16:15 - 000022779 _____ () C:\Program Files (x86)\unins000.msg 2013-10-21 21:13 - 2015-10-16 18:48 - 012393496 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2021-01-10 13:03 - 2021-01-10 13:03 - 000000171 _____ () C:\Users\ThinkPad\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0 2017-01-02 16:55 - 2017-12-13 17:59 - 000000132 _____ () C:\Users\ThinkPad\AppData\Roaming\Adobe GIF Format CS5 Prefs 2016-01-22 18:46 - 2016-01-22 19:20 - 000000132 _____ () C:\Users\ThinkPad\AppData\Roaming\Adobe PNG Format CS5 Prefs 2014-12-28 12:46 - 2026-04-26 21:01 - 000001567 _____ () C:\Users\ThinkPad\AppData\Roaming\burnaware.ini 2013-08-02 18:59 - 2017-12-02 14:53 - 000087608 _____ () C:\Users\ThinkPad\AppData\Roaming\inst.exe 2013-08-02 18:59 - 2017-12-02 14:53 - 000007887 _____ () C:\Users\ThinkPad\AppData\Roaming\pcouffin.cat 2013-08-02 18:59 - 2017-12-02 14:53 - 000001144 _____ () C:\Users\ThinkPad\AppData\Roaming\pcouffin.inf 2013-08-02 18:59 - 2017-12-02 14:53 - 000000055 _____ () C:\Users\ThinkPad\AppData\Roaming\pcouffin.log 2013-08-02 18:59 - 2017-12-02 14:53 - 000047360 _____ (VSO Software) C:\Users\ThinkPad\AppData\Roaming\pcouffin.sys 2025-04-10 16:48 - 2025-08-15 19:27 - 000000128 _____ () C:\Users\ThinkPad\AppData\Roaming\PUTTY.RND 2011-11-05 21:57 - 2022-10-06 17:08 - 000001189 _____ () C:\Users\ThinkPad\AppData\Roaming\vso_ts_preview.xml 2011-05-12 01:24 - 2011-05-12 01:24 - 021187902 _____ (ZJMedia Digital Technology Ltd.) C:\Users\ThinkPad\AppData\Roaming\WinAVI_Video_Converter.exe 2012-09-02 20:18 - 2021-02-22 21:01 - 000000010 ____H () C:\Users\ThinkPad\AppData\Local\.HG88C586-G30G-2HE2-DGDE-8H3E1D530D30 2021-03-03 19:04 - 2026-04-27 13:17 - 000002413 ____H () C:\Users\ThinkPad\AppData\Local\BFR6lastusedsettings.dpt6 2019-01-24 20:46 - 2021-12-20 17:20 - 000000031 ____H () C:\Users\ThinkPad\AppData\Local\burnaware.ini 2016-12-18 16:48 - 2020-11-07 17:13 - 000004096 ____H () C:\Users\ThinkPad\AppData\Local\keyfile3.drm 2021-04-04 12:59 - 2024-08-12 16:20 - 000000410 ____H () C:\Users\ThinkPad\AppData\Local\oobelibMkey.log 2024-02-19 17:02 - 2025-11-21 12:51 - 000000128 _____ () C:\Users\ThinkPad\AppData\Local\PUTTY.RND 2013-02-01 16:31 - 2013-02-01 16:31 - 000000017 ____H () C:\Users\ThinkPad\AppData\Local\resmon.resmoncfg 2024-03-24 21:42 - 2024-03-24 21:42 - 000000036 _____ () C:\Users\ThinkPad\AppData\Local\_LOCAL_GUID ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================