Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2025
Ran by FED0002 (administrator) on SN-PW032ZCV (LENOVO 21B6S04400) (18-12-2025 16:26:43)
Running from C:\Users\FED0002\Downloads\FRST64.exe
Loaded Profiles: False <==== ATTENTION (Temporary Profile?)
Platform: Microsoft Windows 11 Enterprise Version 21H2 22000.3260 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\DesktopCentral_Agent\appctrl\bin\VerifyTrustedFiles.exe ->) (ZOHO Corporation Private Limited -> ) C:\Program Files (x86)\DesktopCentral_Agent\appctrl\bin\ACPipelogServer.exe
(C:\Program Files (x86)\DesktopCentral_Agent\appctrl\bin\VerifyTrustedFiles.exe ->) (ZOHO Corporation Private Limited -> ) C:\Program Files (x86)\DesktopCentral_Agent\appctrl\bin\dcprocmon.exe
(C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe ->) (ZOHO Corporation Private Limited -> ) C:\Program Files (x86)\DesktopCentral_Agent\appctrl\bin\VerifyTrustedFiles.exe
(C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe ->) (ZOHO Corporation Private Limited -> ) C:\Program Files (x86)\DesktopCentral_Agent\bin\dcondemand.exe
(C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe ->) (ZOHO Corporation Private Limited -> ) C:\Program Files (x86)\DesktopCentral_Agent\bin\DCProcessMonitor.exe
(C:\Program Files (x86)\DesktopCentral_Agent\DeviceControl\bin\uesAgentService.exe ->) (ZOHO Corporation Private Limited -> Zoho Corporation) C:\Program Files (x86)\DesktopCentral_Agent\DeviceControl\bin\uesFaUser.exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.291.0.2\OverwolfHelper.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.291.0.2\OverwolfHelper64.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.291.0.2\OverwolfBrowser.exe <5>
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe ->) (Microsoft Windows -> ) C:\Program Files\Windows Defender Advanced Threat Protection\SenseTVM.exe
(C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe ->) (Microsoft Windows -> Microsoft) C:\Program Files\Windows Defender Advanced Threat Protection\SenseNdr.exe
(C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe
(C:\Program Files\WindowsApps\MSTeams_25318.201.4113.9830_x64__8wekyb3d8bbwe\ms-teams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\143.0.3650.80\msedgewebview2.exe <7>
(C:\Windows\UUS\amd64\MoUsoCoreWorker.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoNotificationUx.exe
(drivers\lenovo\UDC\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\AppProvisioningPlugin.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~4.INF\DAX3API.exe
(DriverStore\FileRepository\fn.inf_amd64_3fa928026db375e2\driver\tphkload.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\FN795A~1.INF\driver\shtctky.exe
(DriverStore\FileRepository\fn.inf_amd64_3fa928026db375e2\driver\tphkload.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\FN795A~1.INF\driver\tposd.exe
(DriverStore\FileRepository\icst_service.inf_amd64_d30bd471ed01a230\intel_cst_service_standalone.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\icst_service.inf_amd64_d30bd471ed01a230\intel_cst_helper_service.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_helper.exe
(EPDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDCtrl.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <46>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <51>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.222.1112.0002\OneDrive.Sync.Service.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_25318.201.4113.9830_x64__8wekyb3d8bbwe\ms-teams.exe <2>
(explorer.exe ->) (Notion Labs, Inc. -> Notion Labs, Inc) C:\Users\FED0002\AppData\Local\Programs\Notion\Notion.exe <9>
(explorer.exe ->) (Now.gg, INC -> now.gg, Inc.) C:\Users\FED0002\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe <4>
(Microsoft Studios) [File not signed] C:\Windows\SystemTemp\da5588d73c0ccfde601e8daedfde9cd6\MinecraftEducationUpdater.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(RCS LT UAB -> RCS LT) C:\Program Files (x86)\Combo Cleaner\ComboCleaner.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_98e9a381707712c6\FusionAPI.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDService.exe
(services.exe ->) (Intel Corporation -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_7af8a848f233106b\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_fe21a1d446afa67d\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\icst_service.inf_amd64_d30bd471ed01a230\intel_cst_service_standalone.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d21a89ae631b54fb\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (KYOCERA Document Solutions Inc.) [File not signed] C:\Program Files\KDService\bin\KDService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\lenovo\UDC\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_3fa928026db375e2\driver\tphkload.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_43263f267606f990\x64\ibmpmsvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_a1a974b0994de01d\LenovoVisionService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_443332a5152da4f0\SmartStandby.exe
(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_0fefde8b58482d0b\x64\LITSSvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MsMpEng.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (RCS LT UAB -> RCS LT) C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe
(services.exe ->) (RCS LT UAB -> RCS LT) C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2a86f979b6e5b8bf\RtkAudUService64.exe <3>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\Epson Printer Driver Security Support Tool\EpSecuritySupport.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated.) C:\Windows\System32\DriverStore\FileRepository\synawudfbiousbuwp.inf_amd64_b4553f061288fdeb\SynRpcServer.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_5e454a5753f9a72a\WTabletServiceISD.exe <2>
(services.exe ->) (ZOHO Corporation Private Limited -> ) C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe
(services.exe ->) (ZOHO Corporation Private Limited -> Zoho Corporation) C:\Program Files (x86)\DesktopCentral_Agent\DeviceControl\bin\uesAgentService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(sihost.exe ->) (61773884-FD83-4DAD-91D2-1ECD4DCEF5D4 -> WindowsLiveWallpaper) C:\Program Files\WindowsApps\48405AmbientSoftware.LiveDesktopWallpapers_2.3.1.0_x64__agy8jafheqhng\WindowsLiveWallpaper.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2512.1001.34.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => "C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_47c1cbb90ce0f6e7\RtkAudUService64.exe" -background (No File)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [455968 2023-05-25] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Combo Cleaner] => C:\Program Files (x86)\Combo Cleaner\ComboCleaner.exe [2168096 2025-09-23] (RCS LT UAB -> RCS LT)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126437176 2022-04-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752216 2024-09-29] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2511784 2025-07-28] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [133128 2025-07-28] (Adobe Inc. -> Adobe Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4742544 2025-12-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [com.squirrel.Teams.Teams] => C:\Users\FED0002\AppData\Local\Microsoft\Teams\Update.exe [2589760 2023-10-08] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [73892672 2024-09-22] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [electron.app.Notion] => C:\Users\FED0002\AppData\Local\Programs\Notion\Notion.exe [180676048 2024-08-22] (Notion Labs, Inc. -> Notion Labs, Inc)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [22090851lkuesvr] => C:\Users\FED0002\AppData\Local\Programs\LifeAt\LifeAt.exe [165915912 2023-10-30] (Todesktop Limited -> LifeAt)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [CiscoSpark] => C:\Users\FED0002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1271 2024-04-24] () [File not signed]
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1985856 2025-12-11] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [Microsoft.Lists] => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\OneDrive.Sync.Service.exe [951656 2025-12-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [electron.app.Vivi] => C:\Program Files\Vivi Corporation\Vivi\Vivi.exe --was-opened-at-login (No File)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [MicrosoftEdgeAutoLaunch_368C2E6B241A557B85EBD32595325589] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4228688 2025-12-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [41655256 2025-12-06] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [electron.app.BlueStacks Services] => C:\Users\FED0002\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-05-08] (Now.gg, INC -> now.gg, Inc.)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [Teams] => C:\Users\FED0002\AppData\Local\Microsoft\WindowsApps\MSTeams_8wekyb3d8bbwe\ms-teams.exe [0 0] () [symlink -> ]
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Run: [EPSDNMON] => "" (No File)
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\...\Policies\Explorer: [NoLogoff] 1
HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\FED0002\Downloads\FliqloScr\Fliqlo.scr [388096 2025-09-24] (9031) [File not signed]
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIYNE.EXE [485976 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2025-07-15] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON ET-2850 Series 64MonitorBE: C:\Windows\system32\E_YLMBYNE.DLL [187392 2018-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [3182776 2025-02-19] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\KX Language Monitor: C:\Windows\system32\KXPLM64.DLL [123960 2023-07-31] (KYOCERA Document Solutions Inc. -> KYOCERA Document Solutions Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2025-11-06] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\143.0.7499.110\Installer\chrmstp.exe [2025-12-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{07AA0886-CC8D-4e19-A410-1C75AF686E62}] -> C:\Windows\System32\l2nacp.dll [2023-11-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{33c86cd6-705f-4ba1-9adb-67070b837775}] -> C:\Windows\System32\l2nacp.dll [2023-11-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Provider Filters: [{edd749de-2ef1-4a80-98d1-81f20e6df58e}] -> C:\Windows\System32\l2nacp.dll [2023-11-15] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\Users\FED0002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2025-12-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PaperCut.lnk [2025-09-17]
ShortcutTarget: PaperCut.lnk -> \\nhsps01\PCClient\win\pc-client-local-cache.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {FAEAF9C2-ED48-4F9C-8003-6522679289C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1581568 2025-08-24] (Adobe Inc. -> Adobe Inc.)
Task: {8A1965B8-2CEF-4384-815F-4B5B04D4AB13} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [446376 2025-07-28] (Adobe Inc. -> Adobe Inc.)
Task: {031F2994-4753-451E-A7F3-002C889CB08D} - System32\Tasks\AdobeCCAppRegistration-AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\HDHelper.exe [715688 2025-07-28] (Adobe Inc. -> Adobe Inc.)
Task: {0D547ED7-BADD-448A-A767-F74ECF7ED634} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [303024 2025-09-17] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {87790CFF-30E7-4E77-94C0-48DFA2C8D93F} - System32\Tasks\DCAgentUpdater => C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentupgrader.exe [3338736 2022-08-01] (ZOHO Corporation Private Limited -> )
Task: {848E0A3A-0263-4A96-870C-DDE848C57871} - System32\Tasks\EPSON ET-2850 Series Update {464CCBE5-DD08-40E0-B82B-AB58CE4AA9F3} => C:\Windows\System32\spool\drivers\x64\3\E_YTSYNE.EXE [680440 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {CD6FF105-22AC-49D5-BB40-707B12A258A1} - System32\Tasks\EPSON ET-2850 Series Update {CC748E12-746C-4B41-A938-3140BFF58EBD} => C:\Windows\System32\spool\drivers\x64\3\E_YTSYNE.EXE [680440 2025-06-24] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {9B5D7D3C-CBDC-42DE-B217-E6FCA9DFF834} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem144.0.7547.0{B76F41F5-1FA6-431C-977F-F2E1F59A7F7A} => C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe [7056536 2025-11-26] (Google LLC -> Google LLC)
Task: {8618BD1A-CC83-4257-9840-EE92D49FF9C8} - System32\Tasks\Launch Adobe CCXProcess => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194112 2025-07-28] (Adobe Inc. -> Adobe Inc.)
Task: {2F5F7BDF-9E5D-4076-8264-B4621338B723} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {3EC5121A-CAE5-4A2E-AFB9-061B59886988} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [94208 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {F1EC46FF-C5AC-4183-BC2C-13AC52CE0F15} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [94208 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {764E95EF-A2D4-4F39-B321-E465F696E1BD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\135a4529-d023-482a-8b08-8840e9694614 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {41DD9B06-3722-4DDE-89E8-5E5600E3F572} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9aab451b-5f1a-4fc4-b32d-a3322853b84a => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {FBF50A48-71AF-42AB-8F8F-2BC3CC8EB6CA} - System32\Tasks\Lenovo\ITS\Lenovo ITS ADM Task => C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_0fefde8b58482d0b\x64\LITSSvc.exe [1143640 2025-02-26] (Lenovo -> Lenovo.)
Task: {46A6DB73-ACCA-4B4B-9927-8E410B07ACDE} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [129880 2025-06-03] (Lenovo -> Lenovo)
Task: {666F29A6-366A-446E-995D-2E35A7475C20} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [67416 2025-06-03] (Lenovo -> )
Task: {6DA53356-A7D7-4C92-B4B3-C5D67ECADDDF} - System32\Tasks\Lenovo\SmartStandby\Daily analysis => C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_443332a5152da4f0\AutonomicMgr.exe [76640 2024-05-09] (Lenovo -> )
Task: {8AE3BC32-30DC-4074-BBDF-C9227C0FF885} - System32\Tasks\Lenovo\SmartStandby\Uninstall Monitor => C:\Windows\system32\SmartStandbyInst.exe [45912 2024-05-09] (Lenovo -> )
Task: {5B9FE751-4E39-447F-BBFA-890CACF931A8} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\Windows\system32\sc.exe [94208 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {603FB1E5-86FB-400E-A0FC-89006948A18E} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [91024 2025-08-18] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle
Task: {BA49DB88-FBE5-492F-AEB5-3A24A585F5AB} - System32\Tasks\Lenovo\UDC\Lenovo UDC Lazy Deployment => C:\Windows\system32\sc.exe [94208 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 221
Task: {EB6D3249-4BB7-4A57-8CD3-FD5680DF559A} - System32\Tasks\Lenovo\UDC\Lenovo UDC Maintainance Task => C:\Windows\system32\sc.exe [94208 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 220
Task: {2573D192-3084-4A04-9D60-4EF53FC4521B} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [243088 2025-08-18] (Lenovo -> Lenovo Group Ltd.)
Task: {21CE3664-DC81-43D7-8306-89654E969306} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [94208 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {46EE4B08-4F77-40BD-8B36-059D253372B5} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {95234474-1062-4AA4-8E91-6D9056A75307} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {31958533-6D66-4425-85D8-C482D0234050} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {20DFC098-2F4B-453E-9C57-0A881A73BE4F} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin_Pulsation => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {E8133AEA-D63B-44DA-8969-CF3CD866EEF0} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {EB66D9AB-7EA5-4099-AE85-789DFE86828B} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {88A29B45-D385-4FAB-AA2C-A268C9FE8E52} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {A2E1CB9D-901C-4C81-B2BD-CEE1B845F816} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe  LenovoBoostAddin.Prompt (No File)
Task: {FDD558DE-6CD8-4FF5-88B8-0E342BEF04A3} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {99ABE7B8-0760-4217-8998-CBDF1F3E5181} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSupportHealthReportSchedule => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {E67BFDF1-92C2-4CFD-8504-7E2EC66F7BA9} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {3ACFB7E6-D581-4EB6-9E6E-CE13C2271DB6} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe  NotificationCenter (No File)
Task: {00EF5015-165C-4C0D-A8B1-D77FDE57E6C0} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {4ED637E2-4E22-41A1-8062-59CCE10FDB97} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {C29E0C6C-0851-4E16-B5B2-2C844EF19FAF} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {57F78406-DC55-43EA-8068-4320C720B69C} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.1.0.7\x86\IdleScheduleEventAction.exe [172104 2025-10-21] (Lenovo -> )
Task: {B12C36FB-BF7B-450B-956E-0BB4B3E3CEAF} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\ScheduleEventAction.exe [276032 2025-12-03] (Lenovo -> Lenovo)
Task: {5DB2E457-CF39-4D63-8B2F-EBD64BA8C54A} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe  /repair (No File)
Task: {1FB77C87-1152-44EC-8C98-6E79D19644BF} - System32\Tasks\Microsoft\Intune\Intune Management Extension Health Evaluation => C:\Program Files (x86)\Microsoft Intune Management Extension\ClientHealthEval.exe [96160 2025-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {95C69D80-E04F-4496-B3CB-EAC6D5E12E13} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [16960808 2025-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {E28D4C99-BF92-4523-87F1-5871AA87EC44} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29178184 2025-12-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {235BAFC2-CCE4-49CE-A839-1FFC3D84F50E} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [70456 2025-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C0E042C-D325-42FF-88DE-212747836D9D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29178184 2025-12-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {3183589D-7E0D-43D2-B24E-1E0FB0D22209} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [316672 2025-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FE53229-C767-4938-99E5-C16101AD022E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [316672 2025-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {167E95F8-41F2-4251-B00C-4F8546ABF5D3} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [1365280 2025-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {D1E35A72-55D6-4EC1-9CAE-FAA9D1783541} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4644376 2025-12-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {B70597A0-FA98-4E54-A54C-1F2709C0ABEA} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Login Schedule created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {C17BB54D-D78A-4038-8BFF-0B7571B598A3} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\OS Edition Upgrade event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {514380D9-6416-4CDE-8559-58DBE8C1B24E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Passport for Work alert created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {FFD44FD7-8E41-4821-9CA8-61A490EF8EE0} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Provisioning initiated session => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {7314CF3B-68C6-472E-A0D4-9BBDF6E9D796} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\PushLaunch => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {549B821F-FCA5-4141-B384-8FD2A406AF13} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\PushRenewal => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {19728B33-AEC7-4AA2-A8DE-84EFC59DA53F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Refresh schedule created by Declared Configuration to refresh any settings changed on the device => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {181CFCD6-89E3-46CE-B1C4-73DF6BA190E9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Schedule #1 created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {A74F4200-349E-4A94-BD37-D9A3C3040BB6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Schedule #2 created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {6122F1B0-E209-4738-AC50-8FF29719320D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Schedule #3 created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {F54EB860-A8C4-4236-8F21-3577C8262FF6} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Schedule created by enrollment client for renewal of certificate warning => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {3FECCB39-5B28-45CF-944A-1B5EB07CB9A2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Schedule to run OMADMClient by client => C:\Windows\system32\omadmclient.exe [479232 2024-10-08] (Microsoft Windows -> Microsoft Corporation)
Task: {E4933638-583C-4E35-8F7E-6CE62D25105A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Schedule to run OMADMClient by server => C:\Windows\system32\omadmclient.exe [479232 2024-10-08] (Microsoft Windows -> Microsoft Corporation)
Task: {BF060EBC-5D4E-43F6-A654-3B9E0C08B512} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Win10 S Mode event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {F2765522-2F48-407F-83A6-9EA332DACAA2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\2C97F09A-C505-4352-AA03-0832D4B09FFC\Wsc Startup event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {A92F18ED-BFD4-487B-883E-7757B6D971B3} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Login Schedule created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {6320B294-08AB-434E-BD46-94E9A0FAFEED} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\OS Edition Upgrade event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {5BA09E38-845B-4BC6-BF7D-FBB729E4F902} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Passport for Work alert created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {46E47EB9-25E4-4539-A626-504EE63FEE3E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Provisioning initiated session => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {04E524B2-7D28-4912-BA1B-03EC0E582A42} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\PushLaunch => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {BF075475-1F27-47CC-A63C-574922D656E9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\PushRenewal => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {0A0F3961-66B7-407E-8FBC-E519E6A95173} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Schedule #1 created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {C9951661-1E18-438A-907F-D79D8920D864} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Schedule #2 created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {3B5199F4-3424-463E-88DD-69A74D284069} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Schedule #3 created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {0762FC37-14CC-45E3-93DC-E992E0AAAE22} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Schedule created by enrollment client for renewal of certificate warning => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {6A19F4EE-478A-47D8-8A62-504004589899} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Schedule to run OMADMClient by client => C:\Windows\system32\omadmclient.exe [479232 2024-10-08] (Microsoft Windows -> Microsoft Corporation)
Task: {53985F77-ED44-40F8-9548-89A98145B2A1} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Schedule to run OMADMClient by server => C:\Windows\system32\omadmclient.exe [479232 2024-10-08] (Microsoft Windows -> Microsoft Corporation)
Task: {4250A1ED-439B-4DB3-803E-23E2C8E222A3} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Win10 S Mode event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {6E9B2748-F0B3-4B9C-B20F-C364441006A5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E38EDA3C-BAAF-4DD6-A9ED-837F106B22F1\Wsc Startup event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [516096 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {1FF32A3B-B18A-45BF-9305-5D0E831E3BAB} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\VirtulizationBasedIsolation\Virtualization based Isolation master policy change => C:\Windows\system32\hvsievaluator.exe [185728 2023-11-15] (Microsoft Windows -> Microsoft Corporation)
Task: {904FCF10-6B79-4F8E-A2FA-99E979CC63D3} - System32\Tasks\Minecraft Education Automatic Updater => C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [4625408 2025-10-20] (Microsoft Studios) [File not signed]
Task: {D441818B-A827-437F-9DEC-FD95ABE876EA} - System32\Tasks\Minecraft Education Weekly Updater => C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [4625408 2025-10-20] (Microsoft Studios) [File not signed]
Task: {DB934106-9E25-4E8A-BF5D-E98FFCC6C887} - System32\Tasks\Mozilla\Firefox Background Update S-1-12-1-1171571344-1257121411-3889021115-4132529129 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-04-14] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {02B81422-E261-4122-AEA6-3E7C43F97290} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4383592 2025-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BB17763-DC0D-4771-9042-7CAC5DED11CA} - System32\Tasks\OneDrive Reporting Task-S-1-12-1-1171571344-1257121411-3889021115-4132529129 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4383592 2025-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {19E6AD6F-D07C-4F9E-836B-858402A6933F} - System32\Tasks\OneDrive Startup Task-S-1-12-1-1171571344-1257121411-3889021115-4132529129 => C:\Program Files\Microsoft OneDrive\25.222.1112.0002\OneDriveLauncher.exe [745832 2025-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {7304D78A-FE6D-478E-B70A-1B754B5830A6} - System32\Tasks\Opera scheduled Autoupdate 1696076974 => C:\Users\FED0002\AppData\Local\Programs\Opera\launcher.exe  --scheduledautoupdate $(Arg0) (No File)
Task: {06FCBDAA-2882-45F1-B716-9D83462475F6} - System32\Tasks\Opera scheduled Autoupdate 1700217929 => C:\Users\FED0002\AppData\Local\Programs\Opera\launcher.exe  --scheduledautoupdate $(Arg0) (No File)
Task: {45A5981F-7459-4F45-89C8-3498291AED5A} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-12-11] (Overwolf Ltd -> Overwolf LTD) -> C:\Program Files (x86)\Overwolf\/RunningFrom Schedule
Task: {86A7AD1C-A8BD-4AC1-95FB-F39F061AFF09} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2a86f979b6e5b8bf\RtkAudUService64.exe [1659744 2023-06-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {9E86AC7A-BDAD-4A5C-92A9-84F4F28330D9} - System32\Tasks\SensorFramework-LogonTask-{100ee514-48c8-f419-6760-6fb8cb2767cd} => C:\Program Files (x86)\Microsoft Intune Management Extension\SensorLogonTask.exe [33848 2025-07-25] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DCAgentUpdater.job => C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentupgrader.exe
Task: C:\Windows\Tasks\EPSON ET-2850 Series Update {464CCBE5-DD08-40E0-B82B-AB58CE4AA9F3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{464CCBE5-DD08-40E0-B82B-AB58CE4AA9F3} /F:UpdateWORKGROUP\LAPTOP-UC8T680M$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON ET-2850 Series Update {CC748E12-746C-4B41-A938-3140BFF58EBD}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSYNE.EXE:/EXE:{CC748E12-746C-4B41-A938-3140BFF58EBD} /F:UpdateWORKGROUP\LAPTOP-UC8T680M$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\055726C69636F575966696: [DhcpNameServer] 1.1.1.1 9.9.9.9
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\055726C69636F575966696: [DhcpDomain] guest.casey.vic.gov.au
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\54E627F6C6C6: [DhcpNameServer] 192.168.60.62 192.168.60.188 192.168.60.188
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\54E627F6C6C6: [DhcpDomain] curric.nossal-hs.wan
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\D4F6E6163786027457563747027596D26496: [DhcpNameServer] 130.194.1.99 130.194.7.99
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\D4F6E6163786027457563747027596D26496: [DhcpDomain] monash.edu.au
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\D697C616C472C472: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\D697C616C472C47202822392: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\E484352697F646: [DhcpNameServer] 192.168.60.188 192.168.60.96
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\E484352697F646: [DhcpDomain] curric.nossal-hs.wan
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\E4843577962756C6563737: [DhcpNameServer] 192.168.60.188 192.168.60.62
Tcpip\..\Interfaces\{67037891-fa4a-4ddc-9a98-40e6d898d3cf}\E4843577962756C6563737: [DhcpDomain] curric.nossal-hs.wan
Tcpip\..\Interfaces\{d353c54f-8307-4cb5-97e0-1852d26a3d81}: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{d353c54f-8307-4cb5-97e0-1852d26a3d81}\D697C616C472C47202822392: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{d353c54f-8307-4cb5-97e0-1852d26a3d81}\E48435023547574656E64737: [DhcpNameServer] 192.168.60.188 192.168.60.62
Tcpip\..\Interfaces\{d353c54f-8307-4cb5-97e0-1852d26a3d81}\E48435023547574656E64737: [DhcpDomain] curric.nossal-hs.wan
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\FED0002\AppData\Local\Microsoft\Edge\User Data\Default [2025-12-18]
Edge Extension: (Microsoft Rewards) - C:\Users\FED0002\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnplfnhcidhhdapmblniehfaaompjlck [2024-06-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\FED0002\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-12-18]
Edge Extension: (Norton Safe Search Enhanced) - C:\Users\FED0002\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ekpeiejaoempccpnnbinfblalgpkobmg [2025-12-18] [UpdateUrl:0] <==== ATTENTION
Edge Extension: (Google Docs Offline) - C:\Users\FED0002\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-11-10]
Edge Extension: (Edge relevant text changes) - C:\Users\FED0002\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-31]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge crx: C:\Program Files (x86)\Microsoft\Edge\Application\Extensions\dsue.crx [2025-12-18]

FireFox:
========
FF DefaultProfile: 3x68aign.default
FF ProfilePath: C:\Users\FED0002\AppData\Roaming\Mozilla\Firefox\Profiles\3x68aign.default [2025-12-18]
FF ProfilePath: C:\Users\FED0002\AppData\Roaming\Mozilla\Firefox\Profiles\c0ribceh.default-release [2025-12-18]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\FED0002\AppData\Roaming\Mozilla\Firefox\Profiles\c0ribceh.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2025-12-18]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @java.com/DTPlugin,version=11.431.2 -> C:\Program Files\Java\jre1.8.0_431\bin\dtplugin\npDeployJava1.dll [2024-09-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.431.2 -> C:\Program Files\Java\jre1.8.0_431\bin\plugin2\npjp2.dll [2024-09-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-12-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2025-07-28] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-12-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2025-07-28] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-06-13]
CHR Profile: C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 2 [2025-12-18]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-12-11]
CHR Extension: (Google Docs Offline) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-12-17]
CHR Extension: (AdBlock — block ads across the web) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-12-13]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-02-08]
CHR Extension: (Norton Safe Search Enhanced) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\obfnkkgmpbfapdkajbgpgnnlgdgpeago [2025-12-18] [UpdateUrl:0] <==== ATTENTION
CHR Profile: C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 5 [2025-12-18]
CHR Notifications: Profile 5 -> hxxps://app.zoom.us
CHR NewTab: Profile 5 ->  Active:"chrome-extension://popaiegponeiefbiddhmaphpbdjoegff/index.html"
CHR Extension: (Tetrys) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cjobgkekcenldbaenikebmbhffhhffef [2025-05-03]
CHR Extension: (uBlock Origin) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2025-07-12]
CHR Extension: (Google Docs Offline) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-11-22]
CHR Extension: (AdBlock — block ads across the web) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-12-14]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2025-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-07-15]
CHR Extension: (Norton Safe Search Enhanced) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\obfnkkgmpbfapdkajbgpgnnlgdgpeago [2025-12-18] [UpdateUrl:0] <==== ATTENTION
CHR Extension: (Day Counter - New Tab Page) - C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\popaiegponeiefbiddhmaphpbdjoegff [2025-11-03]
CHR Profile: C:\Users\FED0002\AppData\Local\Google\Chrome\User Data\System Profile [2025-10-14]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-12-1-1171571344-1257121411-3889021115-4132529129\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera: 
=======
OPR DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174584 2025-08-24] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944040 2025-07-28] (Adobe Inc. -> Adobe Inc.)
S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2704864 2024-05-28] (PROXIMA BETA PTE. LIMITED -> ANTICHEATEXPERT.COM)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-29] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13365568 2025-12-03] (Microsoft Corporation -> Microsoft Corporation)
R2 ComboCleaner.Guard; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe [145184 2025-09-23] (RCS LT UAB -> RCS LT)
R2 ComboCleaner.WinService; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe [152864 2025-09-23] (RCS LT UAB -> RCS LT)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe [2363432 2023-05-18] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 DolbyFusionAPI; C:\Windows\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_98e9a381707712c6\FusionAPI.exe [815608 2023-03-22] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_fe21a1d446afa67d\ipfsvc.exe [548528 2023-04-14] (Intel Corporation -> Intel Corporation)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-12-10] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 EPDService; C:\Windows\System32\EPDService.exe [211568 2022-11-16] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R2 EpSecuritySupport; C:\Program Files (x86)\Epson\Epson Printer Driver Security Support Tool\EpSecuritySupport.exe [280904 2025-06-19] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2021-06-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.222.1112.0002\FileSyncHelper.exe [3614568 2025-12-11] (Microsoft Corporation -> Microsoft Corporation)
S3 GameInputRedistService; C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe [141680 2025-10-20] (Microsoft Corporation -> Microsoft Corporation)
R2 IBMPMSVC; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_43263f267606f990\x64\ibmpmsvc.exe [1039808 2025-09-25] (Lenovo -> Lenovo)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
S2 Intel(R) Platform License Manager Service; C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-13] (Intel Corporation -> Intel(R) Corporation)
S2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5f98233769cf65a5\AS\IAS\IntelAudioService.exe [539992 2023-06-02] (Intel Corporation -> Intel)
R2 IntelCstService; C:\Windows\System32\DriverStore\FileRepository\icst_service.inf_amd64_d30bd471ed01a230\intel_cst_service_standalone.exe [36019472 2022-10-03] (Intel Corporation -> Intel Corporation)
R2 IntuneManagementExtension; C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe [313760 2025-12-02] (Microsoft Corporation -> Microsoft Corporation)
R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_uf.exe [2785952 2023-04-13] (Intel Corporation -> Intel Corporation)
R2 KDService; C:\Program Files\KDService\bin\KDService.exe [499200 2024-06-04] (KYOCERA Document Solutions Inc.) [File not signed]
S4 LenovoBrightCtrl; C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_0fefde8b58482d0b\x64\BrightnessControl.exe [157008 2025-02-26] (Lenovo -> Lenovo.)
R2 LenovoSmartStandby; C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_443332a5152da4f0\SmartStandby.exe [341336 2024-05-09] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.2511.18.0\LenovoVantageService.exe [34368 2025-12-03] (Lenovo -> Lenovo)
R2 LenovoVisionService; C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_a1a974b0994de01d\LenovoVisionService.exe [565616 2023-10-09] (Lenovo -> Lenovo)
S3 LenovoVisionSetupService; C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_a1a974b0994de01d\LvfSetupService.exe [36720 2023-10-09] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_0fefde8b58482d0b\x64\LITSSvc.exe [1143640 2025-02-26] (Lenovo -> Lenovo.)
S2 LPlatSvc; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_43263f267606f990\x64\LPlatSvc.exe [903104 2025-09-25] (Lenovo -> Lenovo)
R2 ManageEngine UEMS - Agent; C:\Program Files (x86)\DesktopCentral_Agent\bin\dcagentservice.exe [1174512 2022-08-01] (ZOHO Corporation Private Limited -> )
S3 ManageEngine UEMS - Remote Control; C:\Program Files (x86)\DesktopCentral_Agent\bin\dcrdservice.exe [2570248 2022-08-01] (ZOHO Corporation Private Limited -> )
R2 ManageEngine Unified Endpoint Security - Agent; C:\Program Files (x86)\DesktopCentral_Agent\DeviceControl\bin\uesAgentService.exe [3485168 2022-06-08] (ZOHO Corporation Private Limited -> Zoho Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11207664 2025-12-18] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-12-18] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpDefenderCoreService.exe [2063376 2025-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Minecraft Education Updater; C:\Program Files (x86)\Microsoft Studios\Minecraft Education Edition\MinecraftEducationUpdater.exe [4625408 2025-10-20] (Microsoft Studios) [File not signed]
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.222.1112.0002\OneDriveUpdaterService.exe [3906448 2025-12-11] (Microsoft Corporation -> Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2398016 2025-12-11] (Overwolf Ltd -> Overwolf LTD)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [2322352 2023-10-13] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [535984 2023-10-13] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1361360 2023-03-06] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [297736 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-08-08] (Razer USA Ltd. -> Razer Inc.)
R2 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [530448 2024-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynHsaService; C:\Windows\System32\DriverStore\FileRepository\synawudfbiousbuwp.inf_amd64_b4553f061288fdeb\SynRpcServer.exe [188352 2023-12-13] (Synaptics Incorporated -> Synaptics Incorporated.)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_3fa928026db375e2\driver\TPHKLOAD.exe [315568 2025-10-23] (Lenovo -> Lenovo)
R2 UDCService; C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe [72592 2025-08-18] (Lenovo -> Lenovo Group Ltd.)
S3 updater; C:\Program Files (x86)\Vivi Corporation\Vivi\updater.exe [1058744 2025-08-14] (Vivi International Pty Ltd -> Vivi Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\NisSrv.exe [4426832 2025-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MsMpEng.exe [290704 2025-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 vvclient; "C:\Program Files\Vivi Corporation\Vivi\usb\viviusb64.exe" -n -e [X]
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Default\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [1896736 2024-05-30] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
S3 acp_driver; C:\Program Files (x86)\DesktopCentral_Agent\appctrl\bin\NotifDriver_W10x64.sys [32088 2022-06-09] (ZOHO CORPORATION PRIVATE LIMITED -> )
R3 BdDci; C:\Windows\system32\DRIVERS\bddci.sys [800672 2025-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394272 2025-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
R3 DCFAFilter; C:\Windows\System32\DRIVERS\DCFAFilter.sys [41144 2022-06-08] (ZOHO CORPORATION PRIVATE LIMITED -> Windows (R) Win 7 DDK provider)
R3 EPD; C:\Windows\System32\drivers\EPD.sys [162416 2022-11-16] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [159296 2025-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [177056 2025-08-03] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-17] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-17] (Intel Corporation -> Intel Corporation)
R3 IBMPMDRV; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_43263f267606f990\x64\ibmpmdrv.sys [66008 2025-09-25] (Lenovo -> Lenovo)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_5d49b801c1e48609\IntcUSB.sys [941976 2023-06-02] (Intel Corporation -> Intel(R) Corporation)
R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_3e77ea8ce8c01463\ipf_acpi.sys [88784 2023-04-13] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_cpu.sys [82080 2023-04-13] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_lf.sys [446112 2023-04-13] (Intel Corporation -> Intel Corporation)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [333192 2025-11-17] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234088 2025-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\Drivers\farflt11.sys [214608 2025-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\Drivers\mbam.sys [80984 2025-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [245336 2025-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [190096 2025-12-18] (Malwarebytes Inc -> Malwarebytes)
U5 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [331776 2024-10-08] (Microsoft Windows -> Microsoft Corporation)
R1 PMDRVS; C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_43263f267606f990\x64\pmdrvs.sys [52192 2025-09-25] (Lenovo -> Lenovo)
S3 rtucx22x64; C:\Windows\System32\DriverStore\FileRepository\rtucx22x64.inf_amd64_01a5900d61d5555f\rtucx22x64.sys [1846208 2025-06-26] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_a39ece60dbc76c55\rtux64w10.sys [683520 2021-06-05] (Microsoft Windows -> Realtek Corporation)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0082; C:\Windows\System32\drivers\RzDev_0082.sys [56200 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0083; C:\Windows\System32\drivers\RzDev_0083.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 vhusb3hc; C:\Windows\System32\drivers\vhusb3hc.sys [72072 2024-03-02] (VirtualHere Pty. Ltd. -> VirtualHere Pty. Ltd.)
R3 ViviAudioDriver; C:\Windows\System32\DriverStore\FileRepository\viviaudiodriver.inf_amd64_c014b8f0ef2ddac5\viviaudiodriver.sys [63472 2024-12-16] (Vivi International Pty Ltd -> Vivi International Pty. Ltd.)
R3 WacHIDRouterISDF; C:\Windows\System32\drivers\WacHIDRouterISDF.sys [148720 2025-08-29] (Wacom Co., Ltd. -> Wacom Technology, Corp.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21928 2025-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [103656 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [635272 2025-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [102792 2025-12-18] (Microsoft Windows -> Microsoft Corporation)
R3 WiManHu; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_f8dbb140e86553d1\WiManHu\WiManHu.sys [212032 2022-12-20] (Intel Corporation -> Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-12-18 16:31 - 2025-12-18 16:31 - 000016195 _____ C:\Users\FED0002\Downloads\FRST.zip
2025-12-18 16:26 - 2025-12-18 16:30 - 000072689 _____ C:\Users\FED0002\Downloads\FRST.txt
2025-12-18 16:26 - 2025-12-18 16:28 - 000000000 ____D C:\FRST
2025-12-18 16:25 - 2025-12-18 16:25 - 002444288 _____ (Farbar) C:\Users\FED0002\Downloads\FRST64.exe
2025-12-18 15:54 - 2025-12-18 16:07 - 000000000 ____D C:\Users\FED0002\AppData\LocalLow\IGDump
2025-12-18 15:54 - 2025-12-18 15:54 - 000190096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2025-12-18 15:49 - 2025-12-18 16:30 - 000000000 ____D C:\Users\FED0002\AppData\Local\Malwarebytes
2025-12-18 15:49 - 2025-12-18 15:49 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2025-12-18 15:49 - 2025-12-18 15:49 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\Mozilla
2025-12-18 15:49 - 2025-12-18 15:49 - 000000000 ____D C:\Users\FED0002\AppData\Local\Mozilla
2025-12-18 15:48 - 2025-12-18 15:48 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-12-18 15:46 - 2025-12-18 15:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-12-18 15:46 - 2025-12-18 15:46 - 000000000 ____D C:\Program Files\Malwarebytes
2025-12-18 15:45 - 2025-12-18 15:45 - 002844952 _____ (Malwarebytes) C:\Users\FED0002\Downloads\MBSetup.exe
2025-12-18 15:12 - 2025-12-18 15:15 - 000000000 ____D C:\Program Files (x86)\Combo Cleaner
2025-12-18 15:12 - 2025-12-18 15:12 - 000001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk
2025-12-18 15:12 - 2025-12-18 15:12 - 000000000 ____D C:\Users\FED0002\AppData\Local\RCS_LT
2025-12-18 15:11 - 2025-12-18 15:11 - 003607848 _____ (RCS LT) C:\Users\FED0002\Downloads\CCSetup.exe
2025-12-18 12:14 - 2025-12-18 12:14 - 000002260 _____ C:\Users\FED0002\AppData\LocalLow\1aa7bb22cfda9dbd8678c878a785f6406759704057fe42b6128611c6ef09e618
2025-12-18 12:12 - 2025-12-18 12:16 - 000000128 _____ C:\Users\FED0002\AppData\LocalLow\a812956793c8780208fabef29afc41e16ff7a594d9dbbcfe1d2aa74d8c177da3
2025-12-18 12:12 - 2025-12-18 12:14 - 000000128 _____ C:\Users\FED0002\AppData\LocalLow\5b5cc2747565ac1af61d53209e506b9526fa1f474c11c8834cc2e8ee27fcf0d7
2025-12-18 12:12 - 2025-12-18 12:13 - 000039680 _____ C:\Users\FED0002\AppData\LocalLow\c39ba5fa5bd191a0ee93d73b5ddb8a94d39148865eee189d77d44ec51180cc4a
2025-12-18 12:12 - 2025-12-18 12:12 - 000003377 _____ C:\Users\FED0002\AppData\LocalLow\d11fb702960ad2856ff23253f70b5007ba3c8d6cd8c8d21c5f4211774629fcd2
2025-12-18 12:12 - 2025-12-18 12:12 - 000000000 ___HD C:\OneDriveTemp
2025-12-18 12:05 - 2025-09-17 05:39 - 005576136 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw14.sys
2025-12-18 12:05 - 2025-09-17 05:39 - 001628104 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter14.dll
2025-12-16 20:14 - 2025-12-16 20:14 - 001118437 _____ C:\Users\FED0002\Downloads\2025-U2-AoS1-Chpt-12-Redox-STREAMLINED.pdf
2025-12-16 20:09 - 2025-12-16 20:09 - 003033509 _____ C:\Users\FED0002\OneDrive - Nossal High School\Documents\2025 U2 AoS1 - Chpt 12 - Redox - STREAMLINED.pdf
2025-12-16 20:09 - 2025-12-16 20:09 - 001118437 _____ C:\Users\FED0002\Downloads\2025 U2 AoS1 - Chpt 12 - Redox - STREAMLINED.pdf
2025-12-16 19:15 - 2025-12-16 19:15 - 000053290 _____ C:\Users\FED0002\Downloads\Welcome Aboard! Your Contour Kickoff Form.eml
2025-12-14 18:02 - 2025-12-14 18:02 - 002182847 _____ C:\Users\FED0002\OneDrive - Nossal High School\Documents\CH34 [0.2] - Gas Calculations & Stoichiometry - Workshop {10585757092_b#2} (1).pdf
2025-12-14 12:38 - 2025-12-14 12:38 - 000000026 _____ C:\Users\FED0002\AppData\LocalLow\0683ba6707c73729a0897be6a1b8a10d85e353de583c4008602a227fde40be8c
2025-12-13 21:08 - 2025-12-13 21:08 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-12-13 09:55 - 2025-12-13 09:55 - 010715460 _____ C:\Users\FED0002\Downloads\youtube_LMFAO - Party Rock Anthem (Lyrics) ft. Lauren Bennett, GoonRock.mp4
2025-12-12 18:43 - 2025-12-12 18:43 - 000179120 _____ (Zoom Communications, Inc.) C:\Users\FED0002\Downloads\Zoom_cm_fo42pnktZ9vvrZo4_mlY-aFY+O8cnpF2jNtwTWu7QRFnPOVDtwQ3tk@hG6vHdQWKs156uuR_kc855c588d673d7f0_.exe
2025-12-12 16:11 - 2025-12-12 16:11 - 000188135 _____ C:\Users\FED0002\Downloads\FED0002_2025_2 (1).pdf
2025-12-11 23:06 - 2025-12-11 23:06 - 004743395 _____ C:\Users\FED0002\Downloads\PSY - Gangnam style (Lyrics with English meaning).mp4
2025-12-05 16:47 - 2025-12-05 16:47 - 326818251 _____ C:\Users\FED0002\Downloads\IMG_9445 (1).mov
2025-12-02 16:01 - 2025-12-02 16:04 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\gg.essential.mod
2025-12-02 15:33 - 2025-12-02 15:33 - 000006224 _____ C:\Users\FED0002\Downloads\Tbs 2 1.0.0.mrpack
2025-12-02 15:28 - 2025-12-02 15:49 - 000001277 _____ C:\Users\FED0002\OneDrive - Nossal High School\Desktop\Modrinth App.lnk
2025-12-02 15:28 - 2025-12-02 15:49 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\ModrinthApp
2025-12-02 15:28 - 2025-12-02 15:48 - 000001279 _____ C:\Users\FED0002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Modrinth App.lnk
2025-12-02 15:28 - 2025-12-02 15:28 - 000000000 ____D C:\Users\FED0002\AppData\Local\ModrinthApp
2025-12-02 15:28 - 2025-12-02 15:28 - 000000000 ____D C:\Users\FED0002\AppData\Local\Modrinth App
2025-12-02 15:27 - 2025-12-02 15:28 - 009881872 _____ C:\Users\FED0002\Downloads\Modrinth App_0.10.21_x64-setup.exe
2025-12-02 15:25 - 2025-12-02 15:25 - 006078070 _____ C:\Users\FED0002\Downloads\forge-1.20.1-47.4.10-installer.jar
2025-12-02 15:23 - 2025-12-02 15:23 - 000307746 _____ C:\Users\FED0002\Downloads\P1. Basic Chemistry Skills - Yr 12 Commencement Homework Task.pdf
2025-12-01 14:53 - 2025-12-01 14:53 - 326818251 _____ C:\Users\FED0002\Downloads\IMG_9445.mov
2025-11-27 14:37 - 2025-11-27 14:37 - 000434013 _____ C:\Users\FED0002\Downloads\2a. 2017 Exam Q11.pdf
2025-11-27 14:30 - 2025-11-27 14:30 - 000086722 _____ C:\Users\FED0002\Downloads\1. Scientific Method MCQ 2024.pdf
2025-11-27 14:28 - 2025-11-27 14:29 - 012475102 _____ C:\Users\FED0002\Downloads\Do not distribute 3_4 Biology ANKI DECK.apkg
2025-11-27 10:24 - 2025-11-27 10:24 - 001459756 _____ C:\Users\FED0002\Downloads\YOU - Commencement - U3 AoS1 - Chpt 1 - Carbon-based Fuels.pdf
2025-11-26 12:55 - 2025-11-26 12:55 - 000146806 _____ C:\Users\FED0002\Downloads\Myla Fedhi.pdf
2025-11-26 11:26 - 2025-11-26 11:26 - 000433298 _____ C:\Users\FED0002\Downloads\City_of_Casey_-_Steering_Committe_Flyer.pdf
2025-11-24 11:14 - 2025-11-24 11:14 - 000019299 _____ C:\Users\FED0002\Downloads\vce_error_tracking_template.xlsx
2025-11-23 17:11 - 2025-11-23 17:11 - 000238845 _____ C:\Users\FED0002\Downloads\Fullbright-UB-1.21 fub-6.0.zip
2025-11-23 16:43 - 2025-11-23 16:43 - 000000026 _____ C:\Users\FED0002\AppData\LocalLow\b533ec16a0b9a3436735e7cff95090c78b4223371377346ae3d66d2b12da1120
2025-11-20 14:48 - 2025-11-20 14:48 - 000868202 _____ C:\Users\FED0002\Downloads\VCE Chemistry Units 1&2 Question and Answer Booklet 2023.pdf
2025-11-20 14:29 - 2025-11-20 14:29 - 000461813 _____ C:\Users\FED0002\Downloads\Chemistry 2023 Unit 2 Trial Exam.pdf
2025-11-20 11:12 - 2025-11-20 11:12 - 000465938 _____ C:\Users\FED0002\Downloads\Chemistry 2023 Unit 1 Trial Exam.pdf
2025-11-20 11:10 - 2025-11-20 11:10 - 000660823 _____ C:\Users\FED0002\Downloads\2024 Yr 11 Chemistry Prac Exam_SOLUTIONS.pdf
2025-11-20 11:10 - 2025-11-20 11:10 - 000405030 _____ C:\Users\FED0002\Downloads\2024 Yr 11 Chemistry Prac Exam.pdf
2025-11-19 21:18 - 2025-06-04 01:39 - 000049032 _____ (Lenovo Group Limited) C:\Windows\system32\Drivers\TPPWR64V.SYS

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-12-18 16:32 - 2021-06-05 23:10 - 000000000 ____D C:\Windows\SystemTemp
2025-12-18 16:26 - 2021-06-05 23:10 - 000000000 ____D C:\Windows\AppReadiness
2025-12-18 16:26 - 2021-06-05 23:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-12-18 15:57 - 2023-08-03 18:45 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\Notion
2025-12-18 15:52 - 2023-02-07 09:39 - 000000000 ____D C:\Windows\SensorFramework
2025-12-18 15:51 - 2024-07-25 11:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-12-18 15:50 - 2024-07-25 11:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-12-18 15:50 - 2024-07-25 11:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-12-18 15:50 - 2023-02-07 09:44 - 000000000 ____D C:\Users\FED0002\AppData\Local\D3DSCache
2025-12-18 15:48 - 2023-02-07 09:38 - 000000000 ____D C:\ProgramData\Packages
2025-12-18 15:48 - 2023-02-07 09:37 - 000000000 ____D C:\Users\FED0002\AppData\Local\Packages
2025-12-18 15:48 - 2021-06-05 23:10 - 000000000 ___HD C:\Program Files\WindowsApps
2025-12-18 15:47 - 2021-06-05 23:10 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-12-18 15:47 - 2021-06-05 23:09 - 000000000 ____D C:\Windows\INF
2025-12-18 15:46 - 2023-05-30 15:02 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\Anki2
2025-12-18 15:12 - 2023-04-12 23:46 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2025-12-18 14:57 - 2025-09-18 00:36 - 000000128 _____ C:\Users\FED0002\AppData\LocalLow\0795dc95a7f70b9a6ce4c7c0b743df508d00712cff552e33de9cce242ed6e737
2025-12-18 14:54 - 2025-03-22 11:29 - 000084733 _____ C:\Users\FED0002\AppData\LocalLow\e04b6994c2b7fcf060f719bbf7ce52c94fcbcac6c15d1e525f5b24870e25bab9
2025-12-18 14:54 - 2025-03-22 11:29 - 000000128 _____ C:\Users\FED0002\AppData\LocalLow\23c6ad22c452b482a4ef56aa50c2022d54b305209b0a513330f4acd59e62e03a
2025-12-18 14:46 - 2024-11-12 10:03 - 001998125 _____ C:\Users\FED0002\AppData\LocalLow\f6c1480bd58af17193d4f4f694ed26848ea2c51426b464cbdc9d04123bfdb441
2025-12-18 14:45 - 2024-11-12 10:03 - 000001788 _____ C:\Users\FED0002\AppData\LocalLow\391283f0382995fa37afecfdcce9a51a7c5f5ae29dfa4df88980c27b2c1edbfc
2025-12-18 14:32 - 2021-09-30 08:08 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-12-18 14:31 - 2021-06-05 23:01 - 000000000 ____D C:\Windows\CbsTemp
2025-12-18 14:09 - 2024-11-11 15:26 - 000000128 _____ C:\Users\FED0002\AppData\LocalLow\15f9f0c61c274f2bc03997dc23d52aac2148f50f7860efe8d17557ed3d3b184d
2025-12-18 14:04 - 2025-09-24 20:57 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\bluestacks-services
2025-12-18 12:13 - 2025-07-23 10:37 - 000003828 _____ C:\Windows\system32\Tasks\Minecraft Education Weekly Updater
2025-12-18 12:13 - 2025-07-23 10:37 - 000003478 _____ C:\Windows\system32\Tasks\Minecraft Education Automatic Updater
2025-12-18 12:13 - 2024-11-11 14:43 - 000000128 _____ C:\Users\FED0002\AppData\LocalLow\3c0dae9f63dc050210621457c41080f718c2a10e95af2a45936b1003f18aec5b
2025-12-18 12:12 - 2024-12-01 18:59 - 000002350 _____ C:\Users\FED0002\OneDrive - Nossal High School\Desktop\CurseForge.lnk
2025-12-18 12:12 - 2024-12-01 18:53 - 000000000 ____D C:\Users\FED0002\AppData\Local\Overwolf
2025-12-18 12:12 - 2024-11-11 14:43 - 000126714 _____ C:\Users\FED0002\AppData\LocalLow\f28b05da04e7d5ae77e03f39b18fca8984dfebec91dd4824924f3adaf478a88c
2025-12-18 12:12 - 2024-08-12 10:06 - 000000000 __SHD C:\Users\FED0002\OneDriveCloudTemp
2025-12-18 12:12 - 2024-08-12 10:05 - 000000000 ___RD C:\Users\FED0002\OneDrive - Nossal High School
2025-12-18 12:12 - 2023-02-07 11:25 - 000000000 ____D C:\Users\FED0002\AppData\Local\SquirrelTemp
2025-12-18 12:11 - 2023-02-08 01:33 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-12-18 12:11 - 2021-09-30 08:09 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-12-18 12:11 - 2021-09-30 08:08 - 000012288 ___SH C:\DumpStack.log.tmp
2025-12-18 12:11 - 2021-06-05 23:10 - 000000000 ____D C:\Windows\ServiceState
2025-12-18 12:11 - 2021-06-05 23:01 - 001048576 _____ C:\Windows\system32\config\BBI
2025-12-18 12:04 - 2021-09-30 08:09 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-12-18 12:02 - 2023-02-07 10:15 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-12-17 17:57 - 2023-04-29 16:56 - 000000000 ____D C:\Windows\Minidump
2025-12-17 17:08 - 2024-09-23 13:11 - 000003554 _____ C:\Windows\system32\Tasks\Launch Adobe CCXProcess
2025-12-16 23:16 - 2023-02-19 15:15 - 000000000 ____D C:\Users\FED0002\AppData\Local\Roblox
2025-12-16 20:10 - 2023-03-09 11:54 - 000000000 ____D C:\Users\FED0002\OneDrive - Nossal High School\Documents\myla nhs
2025-12-16 09:15 - 2021-09-30 08:09 - 000003534 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-12-16 09:15 - 2021-09-30 08:09 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-12-15 19:58 - 2023-06-17 10:53 - 000000000 ____D C:\Users\FED0002\AppData\Local\CrashDumps
2025-12-15 18:48 - 2024-12-01 18:59 - 000000000 ____D C:\Program Files (x86)\Overwolf
2025-12-13 22:41 - 2023-02-07 09:37 - 000000000 ___RD C:\Users\FED0002
2025-12-13 21:06 - 2022-07-22 12:06 - 000000000 ____D C:\Program Files\Microsoft Office
2025-12-13 18:04 - 2024-03-09 20:19 - 000001250 _____ C:\Users\FED0002\OneDrive - Nossal High School\Desktop\Roblox Studio.lnk
2025-12-13 18:04 - 2023-02-19 15:16 - 000001422 _____ C:\Users\FED0002\OneDrive - Nossal High School\Desktop\Roblox Player.lnk
2025-12-13 18:04 - 2023-02-19 15:15 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2025-12-13 08:54 - 2023-02-09 09:10 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-12-12 20:51 - 2021-09-30 08:09 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-12-12 10:26 - 2024-11-12 09:23 - 000000128 _____ C:\Users\FED0002\AppData\LocalLow\c7a9f3484459481e7aef3629701e50af7683c50a6887c68692f5217de1344e05
2025-12-12 10:23 - 2025-02-06 16:11 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-12-1-1171571344-1257121411-3889021115-4132529129
2025-12-12 10:23 - 2023-02-08 23:04 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-12-12 10:23 - 2023-02-08 23:04 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-12-12 10:23 - 2023-02-07 09:39 - 000003620 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-12-1-1171571344-1257121411-3889021115-4132529129
2025-12-12 10:07 - 2024-11-12 09:23 - 000051036 _____ C:\Users\FED0002\AppData\LocalLow\be8b95a5c17701cfbbff837fdae0d289d8607047d457454ad26b3b67ebc4a544
2025-12-10 19:34 - 2025-07-28 14:33 - 000002091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2025-12-10 19:34 - 2025-07-28 14:33 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-12-10 18:16 - 2023-02-26 15:20 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\Microsoft\Word
2025-12-10 18:11 - 2023-02-07 19:54 - 000000000 ____D C:\Windows\system32\MRT
2025-12-10 17:37 - 2023-02-07 19:54 - 218369424 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-12-09 12:03 - 2023-12-02 09:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Intune Management Extension
2025-12-09 12:03 - 2023-02-07 09:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Intune Management Extension
2025-12-06 09:54 - 2024-11-17 21:06 - 000025438 _____ C:\Users\FED0002\AppData\LocalLow\c5cab23b7d54c6ebe61ac954997f29df329c56e229772e02164510be11ecbe7d
2025-12-02 15:27 - 2024-12-01 18:51 - 000263644 _____ C:\Users\FED0002\AppData\LocalLow\2e8ed8900cde787c6eb15e6b4715c21b030acbff69140c1f637ca6820ea45a9d
2025-12-02 15:27 - 2024-12-01 18:51 - 000000626 _____ C:\Users\FED0002\AppData\LocalLow\2000fd42fa01d6226d088419cf8cf78be8a23f5f0bc5d6112f0a65c62f37070c
2025-12-02 15:27 - 2023-09-30 23:27 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\.minecraft
2025-11-24 11:18 - 2023-04-09 15:13 - 000000000 ____D C:\Users\FED0002\AppData\Roaming\Microsoft\Excel
2025-11-22 09:18 - 2025-09-24 12:32 - 000436592 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_b.dll
2025-11-22 09:18 - 2023-06-13 23:01 - 004581752 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2025-11-22 09:18 - 2023-06-13 23:01 - 000878968 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2025-11-22 09:18 - 2023-06-13 23:01 - 000285040 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2025-11-22 09:18 - 2023-06-13 23:01 - 000244088 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2025-11-22 09:18 - 2023-06-13 23:01 - 000166264 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2025-11-22 09:18 - 2023-06-13 23:01 - 000153976 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2025-11-22 09:18 - 2023-06-13 23:01 - 000076152 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2025-11-22 09:04 - 2023-06-13 23:01 - 000000000 ____D C:\XboxGames
2025-11-21 07:53 - 2022-07-22 12:13 - 000000000 ____D C:\Windows\TempInst
2025-11-20 11:10 - 2025-05-07 10:06 - 000000128 _____ C:\Users\FED0002\AppData\LocalLow\bb2d6318e3a9b14698f0f9e613b7df748d2ee4adae645469ec39707c8c0d57a2
2025-11-20 11:08 - 2025-05-07 10:06 - 000153431 _____ C:\Users\FED0002\AppData\LocalLow\d5492e3cf5cd33f2c36916a77e80db55d36e17677aa78fb080b58aa8ac2abc63
2025-11-18 12:20 - 2022-07-22 12:50 - 000000000 ____D C:\ProgramData\Lenovo

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================