Slow System- Painfully slow when opening pages or programs [Solved] - Page 3

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01

Ran by steven (administrator) on DESKTOP-T3QOQ8M (Acer Carlos) (10-05-2024 18:15:09)

Running from C:\Users\steve\Desktop\FRST64.exe

Loaded Profiles: steven

Platform: Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) Language: English (United Kingdom)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10>

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxEM.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(services.exe ->) (CLEVERFILES INC. -> CleverFiles) C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe

(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe

(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxCUIService.exe

(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHDCPSvc.exe

(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHeciSvc.exe

(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe

(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe

(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe

(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(services.exe ->) (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

(services.exe ->) (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [MicrosoftEdgeAutoLaunch_AB28E5367ED265860776C96F8DFD68CB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45380000 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [CiscoMeetingDaemon] => C:\Users\Gillian\AppData\Local\WebEx\ciscowebexstart.exe [4524368 2021-07-09] (Cisco WebEx LLC -> Cisco Webex LLC)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Gillian\AppData\Local\Microsoft\Teams\Update.exe [2459280 2021-11-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [MicrosoftEdgeAutoLaunch_48384B2561019AB55907B5F47EEE2793] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-02] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKLM\...\Print\Monitors\EPSON XP-205 207 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMILE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)

HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [File not signed]

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\124.0.6367.156\Installer\chrmstp.exe [2024-05-09] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5CC0CF3A-06D7-4E03-A4CF-3340F57198A7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

Task: {44117050-07DC-49A2-B6DB-7128A8252302} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "9dac4439-e6f9-4785-9ff9-123e643f51d6" --version "6.23.11010" --silent

Task: {A0EAF409-0596-4FA2-9F1A-1AF53A1AACD1} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5381288 2024-05-09] (Microsoft Windows -> Microsoft Corporation)

Task: {E5FC2B2C-7012-43E3-826E-A51D6D69FD46} - System32\Tasks\DashlaneUpgradeCheck => C:\WINDOWS\system32\net.exe [81920 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

Task: {7B9D1478-F15C-46FB-AE8D-53EA04481FC7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{0F38F499-FEA7-498F-97F7-540E97C9CF93} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)

Task: {58E9E3D8-DA9B-4C0C-A7C1-6174D5819951} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28436048 2024-05-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {20DC5309-AC7E-4FC3-BFD4-437F2EAEC87C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28436048 2024-05-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {A9162C91-2861-41BC-98A3-167E6C8C40E4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {EA7D7227-EAD3-41AA-9628-4930A17CC893} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {245A89A1-341F-4187-A0A3-017977C365B4} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168928 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {60749C3D-268F-4140-AE8F-D0FBBECB711D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {E7625689-ADC1-456D-9ECF-21ED64B3FA7B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {099FEBAC-23E3-4CC4-857A-BC3FBA3EFBD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {ABCB7FB3-CA71-437F-B392-60E8D7DD7DF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {BF342BB0-ADA7-44F2-925B-A375009F6CEA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2018-08-03] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Tcpip\..\Interfaces\{47a49dfe-5532-4bd4-b40a-03730b7d6cd7}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-10]

Edge DownloadDir: Default -> C:\Users\steve\Downloads

Edge Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-11]

Edge Extension: (Edge relevant text changes) - C:\Users\steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-14]

FireFox:

========

FF HKLM-x32\...\Firefox\Extensions: [[emailprotected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-03-06] [Legacy] [not signed]

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)

FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default [2024-05-10]

CHR StartupUrls: Default -> "hxxp://google.co.uk/"

CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-01]

CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-05-07]

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-05-07]

CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-09]

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-05-07]

CHR Extension: (Adaware AdBlock) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2023-06-21]

CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17]

CHR Extension: (Browsing Protection by F-Secure) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2023-10-14]

CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-21]

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\System Profile [2024-05-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

R2 cfbackd; C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe [309128 2023-03-23] (CLEVERFILES INC. -> CleverFiles)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248120 2024-05-07] (Microsoft Corporation -> Microsoft Corporation)

S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)

S2 GoogleUpdaterInternalService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)

S2 GoogleUpdaterService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-08] (Malwarebytes Inc. -> Malwarebytes)

S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)

R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe [1459968 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)

R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)

S4 StreamingCore; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [6788416 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-05-05] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WsaService; C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2311.40000.5.0_x64__8wekyb3d8bbwe\WsaService\WsaService.exe [312832 2024-02-15] (Microsoft Corporation -> )

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)

S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218592 2024-05-09] (Microsoft Windows -> Microsoft Corporation)

R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [181824 2019-12-27] (GENESYS LOGIC, INC. -> Genesys Logic)

S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1089512 2020-04-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)

R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [234856 2024-05-10] (Malwarebytes Inc. -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-05-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-05-10] (Malwarebytes Inc. -> Malwarebytes)

S3 MpKsl2a839a59; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAD14628-0EA9-45AD-9C4C-215BEAD4589B}\MpKslDrv.sys [271648 2024-05-10] (Microsoft Windows -> Microsoft Corporation)

R3 MpKsl3c5235d2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BAD14628-0EA9-45AD-9C4C-215BEAD4589B}\MpKslDrv.sys [271648 2024-05-10] (Microsoft Windows -> Microsoft Corporation)

R2 NDivert; C:\Program Files\NordVPN\7.23.2.0\Drivers\NDivert.sys [131472 2024-04-08] (nordvpn s.a. -> Nordvpn S.A.)

R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-10-14] (TEFINCOM S.A. -> TEFINCOM S.A.)

S0 ProtectedELAM; C:\WINDOWS\System32\drivers\protected_elam.sys [18912 2023-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> TODO: <Company name>)

R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [73464 2021-03-08] (Corel Corporation -> Corel Corporation)

R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [46392 2021-12-14] (Corel Corporation -> Corel Corporation)

R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [38200 2021-12-14] (Corel Corporation -> Corel Corporation)

R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [45880 2021-12-14] (Corel Corporation -> Corel Corporation)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

R2 StreamingFSD; C:\WINDOWS\System32\DRIVERS\StreamingFSD.sys [791288 2018-01-08] (Numecent, Inc. -> Numecent, Inc.)

R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)

S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2024-05-09] (Microsoft Windows -> )

R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20936 2024-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [25704 2020-09-10] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601376 2024-05-05] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105760 2024-05-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-10 18:07 - 2024-05-10 18:07 - 000234856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys

2024-05-10 18:07 - 2024-05-10 18:07 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2024-05-10 18:03 - 2024-05-10 18:06 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job

2024-05-10 18:03 - 2024-05-10 18:03 - 000003322 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting

2024-05-10 17:52 - 2024-05-10 17:52 - 000000000 _____ C:\Users\steve\Desktop\New Text Document.txt

2024-05-10 16:44 - 2024-05-10 17:57 - 000665390 _____ C:\WINDOWS\ntbtlog.txt

2024-05-10 16:44 - 2024-05-10 17:56 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2024-05-10 14:33 - 2024-05-10 15:12 - 000183676 _____ C:\Users\steve\Desktop\Search.txt

2024-05-10 07:16 - 2024-05-10 07:16 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2024-05-10 07:12 - 2024-05-10 07:12 - 000000020 ___SH C:\Users\steve\ntuser.ini

2024-05-10 00:40 - 2024-05-10 18:09 - 000003508 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck

2024-05-10 00:40 - 2024-05-10 18:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2024-05-10 00:40 - 2024-05-10 17:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Meta

2024-05-10 00:40 - 2024-05-10 00:41 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1003

2024-05-10 00:40 - 2024-05-10 00:41 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1002

2024-05-10 00:40 - 2024-05-10 00:41 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1001

2024-05-10 00:40 - 2024-05-10 00:41 - 000002590 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask

2024-05-10 00:40 - 2024-05-10 00:40 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application

2024-05-10 00:40 - 2024-05-10 00:40 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2024-05-10 00:40 - 2024-05-10 00:40 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2024-05-10 00:40 - 2024-05-10 00:40 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1003

2024-05-10 00:40 - 2024-05-10 00:40 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1002

2024-05-10 00:40 - 2024-05-10 00:40 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1741543102-3776721137-2454621359-1001

2024-05-10 00:40 - 2024-05-10 00:40 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update

2024-05-10 00:40 - 2024-05-10 00:40 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter

2024-05-10 00:40 - 2024-05-10 00:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime

2024-05-10 00:33 - 2024-05-10 00:40 - 000022863 _____ C:\WINDOWS\diagwrn.xml

2024-05-10 00:33 - 2024-05-10 00:40 - 000022863 _____ C:\WINDOWS\diagerr.xml

2024-05-10 00:29 - 2024-05-10 00:29 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network

2024-05-10 00:25 - 2024-05-10 07:32 - 000852164 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2024-05-10 00:18 - 2024-05-10 17:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2024-05-10 00:18 - 2024-05-10 00:18 - 000646496 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2024-05-10 00:17 - 2024-05-10 07:24 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK

2024-05-10 00:15 - 2024-05-10 00:41 - 000000000 ____D C:\Windows.old

2024-05-09 23:41 - 2024-05-10 00:16 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Crypto

2024-05-09 23:41 - 2024-05-09 23:41 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\SystemCertificates

2024-05-09 23:41 - 2024-05-09 23:41 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Network

2024-05-09 23:38 - 2024-05-10 00:16 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Crypto

2024-05-09 23:38 - 2024-05-09 23:38 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\SystemCertificates

2024-05-09 23:38 - 2024-05-09 23:38 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Network

2024-05-09 23:37 - 2024-05-10 00:16 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\Crypto

2024-05-09 23:37 - 2024-05-09 23:37 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\SystemCertificates

2024-05-09 23:37 - 2024-05-09 23:37 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\Network

2024-05-09 23:29 - 2024-05-10 00:15 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate

2024-05-09 23:25 - 2024-05-09 23:25 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\CLR Security Config

2024-05-09 23:24 - 2024-05-10 07:12 - 000000000 ____D C:\Users\steve

2024-05-09 23:24 - 2024-05-10 00:29 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows

2024-05-09 23:24 - 2024-05-10 00:29 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Windows

2024-05-09 23:24 - 2024-05-10 00:16 - 000000000 ____D C:\Users\Hannah

2024-05-09 23:24 - 2024-05-10 00:16 - 000000000 ____D C:\Users\Gillian

2024-05-09 23:24 - 2024-05-10 00:15 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Spelling

2024-05-09 23:24 - 2024-05-10 00:15 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\Spelling

2024-05-09 23:24 - 2024-05-10 00:15 - 000000000 ____D C:\Users\Gillian\AppData\Roaming\Microsoft\Spelling

2024-05-09 23:24 - 2024-05-09 23:37 - 000000000 ____D C:\Users\Hannah\AppData\Roaming\Microsoft\Windows

2024-05-05 10:54 - 2018-10-10 20:54 - 000000000 ____D C:\Program Files (x86)\Google

2024-05-05 10:50 - 2020-10-30 16:03 - 000000000 ____D C:\ProgramData\NordVPN

2024-05-05 10:49 - 2022-03-07 15:36 - 000000000 ____D C:\Program Files\NordUpdater

==================== Files in the root of some directories ========

2022-03-30 13:23 - 2022-03-30 13:23 - 020987948 _____ () C:\Users\steve\AppData\Local\004_Gift_To_Be_Simple.mid-compiled.wav

2022-03-30 13:24 - 2022-03-30 13:24 - 024735788 _____ () C:\Users\steve\AppData\Local\006_Smithwicks_Tavern.mid-compiled.wav

2022-03-30 13:23 - 2022-03-30 13:23 - 009547820 _____ () C:\Users\steve\AppData\Local\105_Ambient_High_Energy.mid-compiled.wav

2022-03-30 13:23 - 2022-03-30 13:23 - 033538092 _____ () C:\Users\steve\AppData\Local\106_Sweetly_Remembering.mid-compiled.wav

2022-03-30 16:52 - 2022-03-30 17:08 - 010846252 _____ () C:\Users\steve\AppData\Local\119_Club_Med.mid-compiled.wav

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01

Ran by steven (10-05-2024 18:20:44)

Running from C:\Users\steve\Desktop

Microsoft Windows 11 Home Version 23H2 22631.3447 (X64) (2024-05-09 23:41:44)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1741543102-3776721137-2454621359-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1741543102-3776721137-2454621359-503 - Limited - Disabled)

Gillian (S-1-5-21-1741543102-3776721137-2454621359-1003 - Limited - Enabled) => C:\Users\Gillian

Guest (S-1-5-21-1741543102-3776721137-2454621359-501 - Limited - Disabled)

Hannah (S-1-5-21-1741543102-3776721137-2454621359-1002 - Limited - Enabled) => C:\Users\Hannah

steven (S-1-5-21-1741543102-3776721137-2454621359-1001 - Administrator - Enabled) => C:\Users\steve

WDAGUtilityAccount (S-1-5-21-1741543102-3776721137-2454621359-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)

Amazon Appstore (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\com.amazon.venezia) (Version: release-60.21.1.0.210058.0_639010 - amazon.com)

Amazon Photos (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Amazon Photos) (Version: 8.8.0 - Amazon.com, Inc.)

Avanquest Message (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.16.0 - Avanquest Software)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

calibre 64bit (HKLM\...\{0269E9B3-B0A8-4849-9D2A-1090C32982DF}) (Version: 7.3.0 - Kovid Goyal)

CCleaner (HKLM\...\CCleaner) (Version: 6.23 - Piriform)

Cisco Webex Meetings (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\ActiveTouchMeetingClient) (Version: 41.7.4 - Cisco Webex LLC)

Cloudpaging Player (HKLM\...\{23F6FB7C-C1E2-491B-91A1-0441D5191BC7}) (Version: 9.0.4.21424 - Numecent, Inc.)

Corel PaintShop Pro X7 (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation)

Corel PaintShop Pro X7 (HKLM-x32\...\{17196252-8555-4E35-9C06-F743143D76D4}) (Version: 17.0.0.199 - Corel Corporation) Hidden

CrystalDiskInfo 8.17.8 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.8 - Crystal Dew World)

CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8216.01 - CyberLink Corp.)

CyberLink Shape Transitions Pack (HKLM-x32\...\{A49D8AB7-695A-4D72-BACB-A406008387BF}) (Version: 1.0 - CyberLink Corp.)

Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)

Disk Drill 5.3.826.0 (HKLM-x32\...\{49b90425-d03c-4b56-b8ba-0ccd425f5863}) (Version: 5.3.826.0 - CleverFiles)

Disk Drill 5.3.826.0 (x64) (HKLM\...\{219D8DEC-A93F-4A90-866B-20B5B37DAE94}) (Version: 5.3.826.0 - CleverFiles) Hidden

Distortion Control Data (HKLM-x32\...\{B08B4896-886C-4644-8664-BBA4CE99D318}) (Version: 1.00.0000 - Nikon)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.7 - Seiko Epson Corporation)

Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)

EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

Epson Software Updater (HKLM-x32\...\{711E8536-AB71-4455-A6C4-357FDBBEBF91}) (Version: 4.6.7 - Seiko Epson Corporation)

EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

Freemake Music Box (HKLM-x32\...\Freemake Music Box_is1) (Version: 1.0.8 - Ellora Assets Corporation)

Freemake Video Converter version 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 124.0.6367.156 - Google LLC)

IBM SPSS Statistics 26 (HKLM\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.0 - IBM Corp)

ICA (HKLM-x32\...\{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden

Intel® Chipset Device Software (HKLM\...\{C844CC39-BC28-46CA-8239-3F37D8FE2A59}) (Version: 10.1.17541.8066 - Intel Corporation) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{B4F59074-915E-4DFE-BFD6-1B415B37AE2F}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{ED204DD8-2982-4B22-B077-0F70024D5FEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Driver (HKLM\...\{4B1DEC5C-ED0A-4DD1-ADB2-FD1117FF94D7}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{64A94A93-B0C4-4B16-8CDC-FDB06E8CC306}) (Version: 16.0.2.1086 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel® Wireless Bluetooth® (HKLM-x32\...\{00000040-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.40.0 - Intel Corporation)

Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{18ec79fd-8f83-4e12-bfa5-80c9872cc56b}) (Version: 20.40.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{F70E0149-0BD0-4933-ADD0-1DC74D8F513B}) (Version: 20.40.0.1365 - Intel Corporation) Hidden

IPM_PSP_COM (HKLM-x32\...\{174F9DF8-AC60-486A-8FF4-A22831D48E0D}) (Version: 17.0.0.199 - Corel Corporation) Hidden

IPM_PSP_COM64 (HKLM\...\{17704FA2-B1D2-4D5C-A23D-BDA0D2BC9CC7}) (Version: 17.0.0.199 - Corel Corporation) Hidden

iPod Support (HKLM\...\{57D75376-1F31-4182-8EC8-31A6785ABF29}) (Version: 120.7.3.55 - Apple Inc.)

iSkysoft Helper Compact 2.5.2 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.2 - iSkysoft)

Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)

Microsoft .NET Host - 6.0.23 (x64) (HKLM\...\{1870DD0E-1583-44FF-8265-A9D1692CD89C}) (Version: 48.92.2594 - Microsoft Corporation) Hidden

Microsoft .NET Host - 7.0.8 (x64) (HKLM\...\{19FCE07F-2A75-44AC-9EA5-8E29FE2F8DBE}) (Version: 56.35.63143 - Microsoft Corporation) Hidden

Microsoft .NET Host FX Resolver - 6.0.23 (x64) (HKLM\...\{995CC82C-E3E8-4BB5-9AB8-2B95C611D59D}) (Version: 48.92.2594 - Microsoft Corporation) Hidden

Microsoft .NET Host FX Resolver - 7.0.8 (x64) (HKLM\...\{174E0D7C-F2C9-49A2-83FB-95A0FE6FA023}) (Version: 56.35.63143 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 6.0.23 (x64) (HKLM\...\{7C0437DA-6703-47F1-A116-CD138B0768AD}) (Version: 48.92.2594 - Microsoft Corporation) Hidden

Microsoft .NET Runtime - 7.0.8 (x64) (HKLM\...\{B45C77BA-0B4E-4FBB-99B9-9774ECBE20AA}) (Version: 56.35.63143 - Microsoft Corporation) Hidden

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.80 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.80 - Microsoft Corporation)

Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.17531.20140 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\OneDriveSetup.exe) (Version: 24.070.0407.0003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\OneDriveSetup.exe) (Version: 24.076.0414.0005 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)

Microsoft Teams (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\Teams) (Version: 1.4.00.29469 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)

Microsoft VC++ redistributables repacked. (HKLM\...\{9F513024-FFAD-4466-8CF0-5348389196B8}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft VC++ redistributables repacked. (HKLM-x32\...\{C521A8D8-511F-43DF-B789-7DD0B3F7363B}) (Version: 12.0.0.0 - Intel Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)

Microsoft Visual C++ 2019 X86 Additional Runtime - 14.26.28720 (HKLM-x32\...\{2F69FB2B-2C48-491C-B249-22C1BDCE1117}) (Version: 14.26.28720 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.26.28720 (HKLM-x32\...\{31C9EB3A-5F0C-49E7-8E6C-D404E48F433D}) (Version: 14.26.28720 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.23 (x64) (HKLM\...\{AA393199-374C-4AD1-9245-6CBB254D8146}) (Version: 48.92.2594 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 6.0.23 (x64) (HKLM-x32\...\{fbe8ac13-7063-40e6-81dd-7ddcc3781ecd}) (Version: 6.0.23.32930 - Microsoft Corporation)

Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM\...\{3133BC55-90BD-4B87-82A2-6670B3CAFB81}) (Version: 56.35.63153 - Microsoft Corporation) Hidden

Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM-x32\...\{d260fcb6-95b8-4c81-8e07-ce75876ffca2}) (Version: 7.0.8.32619 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden

MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)

Nero SharedVideoCodecs (HKLM-x32\...\{2432E589-6256-4513-B0BF-EFA8E325D5F0}) (Version: 1.0.19014 - Nero AG) Hidden

Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.4.1 - Nikon Corporation)

Nikon Transfer 2 (HKLM-x32\...\{3FC564E4-C8EA-4887-AEF3-268962172514}) (Version: 2.17.0 - Nikon Corporation)

NordPass (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\285d85e1-fc76-5a0e-ba2d-20241a7fe9d2) (Version: 2.15.11 - NordPass Team)

NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.4.1 - Nord Security)

NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.23.2.0 - Nord Security)

NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)

NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)

NX Studio (HKLM\...\{2857A646-0456-40E7-ABE7-99787C915705}) (Version: 1.4.1 - Nikon Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17531.20140 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden

Peugeot Update 1.4.0 (HKLM\...\46cf01d6-a405-5b47-a44f-4dd61ad5f7c2) (Version: 1.4.0 - PSA Automobiles SA)

PSPPContent (HKLM-x32\...\{17289BF4-5826-447B-A20A-738044D0B3E5}) (Version: 17.0.0.199 - Corel Corporation) Hidden

PSPPHelp (HKLM-x32\...\{1735F0DE-B173-4116-BABC-653A12FB9238}) (Version: 17.0.0.199 - Corel Corporation) Hidden

PSPPro64 (HKLM\...\{17511557-C430-486A-AB5A-87A8134B2613}) (Version: 17.0.0.199 - Corel Corporation) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)

Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)

Setup (HKLM-x32\...\{17088A4E-3CF3-4F12-926D-2A9E8085B8EC}) (Version: 17.0.0.199 - Corel Corporation) Hidden

SKYBOX (HKLM\...\SKYBOX) (Version: 1.0.0.0 - SKYBOX Team)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)

UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-6) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-7) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-8) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

WD Security (HKLM-x32\...\{327CA54B-8D15-4BE2-A4D2-868194BF7B97}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden

WD Security (HKLM-x32\...\{9629d8ce-7cc4-4142-b7f8-2c003f1c6613}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)

Windows PC Health Check (HKLM\...\{77ACFAF7-E5AB-410D-BA14-BBEBF89422DE}) (Version: 3.1.2109.29003 - Microsoft Corporation)

Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

WinX HD Video Converter Deluxe 5.6.0 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)

Zoom (HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)

Packages:

=========

Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2018-10-21] (Acer Incorporated)

Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3044.0_x64__48frkmn4z8aw4 [2024-05-08] (Acer Incorporated)

Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-04] (AMZN Mobile LLC.) [Startup Task]

Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1300.477.0_x64__8wekyb3d8bbwe [2024-05-10] (Microsoft Corporation)

Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.86.8.0_x64__q4d96b2w5wcc2 [2024-05-09] (Evernote) [Startup Task]

Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-02-19] (Meta)

Facebook -> C:\Program Files\WindowsApps\www.facebook.com-1C2D851A_2023.531.1.1_neutral__n468xs7erp6tc [2024-02-19] (www.facebook.com)

iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-09] (Apple Inc.) [Startup Task]

Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2080.9.229.0_x64__8xx8rvfyw5nnt [2024-05-07] (Meta) [Startup Task]

Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-12-20] (Microsoft Corporation) [MS Ad]

Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-01-02] (Microsoft Corp.)

Microsoft.HEVCVideoExtensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-08-09] (Microsoft Corporation)

Microsoft.LegacyPhotosAdd-on -> C:\Program Files\WindowsApps\Microsoft.LegacyPhotosAdd-on_2022.2206.0.0_x64__8wekyb3d8bbwe [2023-01-09] (Microsoft Corporation)

Microsoft.LegacyPhotosMediaEngineAdd-on -> C:\Program Files\WindowsApps\Microsoft.LegacyPhotosMediaEngineAdd-on_2022.2206.0.0_x64__8wekyb3d8bbwe [2023-01-09] (Microsoft Corporation)

Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-16] (Microsoft Corporation)

Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-05-09] (Microsoft Corporation)

MicrosoftWindows.Client.FileExp -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-05-10] (Microsoft Corporation)

MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24041.34.0_x64__cw5n1h2txyewy [2024-05-08] (Microsoft Windows) [Startup Task]

Movie Maker - Video Editor -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.7.4.0_x64__bzg06mxvgh4fa [2024-05-05] (V3TApps)

PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2021-12-22] (CYBERLINK COM CORP)

Photos Legacy -> C:\Program Files\WindowsApps\Microsoft.PhotosLegacy_2024.11040.10002.0_x64__8wekyb3d8bbwe [2024-05-08] (Microsoft Corporation)

PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2022-01-19] (CYBERLINK COM CORP)

QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3001.0_x64__48frkmn4z8aw4 [2022-11-14] (Acer Incorporated)

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-07-07] (Realtek Semiconductor Corp)

Samsung Gallery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PCGallery_4.13.17.0_x64__3c1yjt4zspk6g [2024-02-14] (Samsung Electronics Co. Ltd.)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0 [2024-05-08] (Spotify AB) [Startup Task]

Text Reader -> C:\Program Files\WindowsApps\13542RyanTremblay.TextReader_3.1.4.0_x64__e0ywhek3s7xze [2022-11-14] (Ryan Tremblay) [MS Ad]

Windows CoPilot MSIX Pack -> C:\Program Files\WindowsApps\MicrosoftWindows.Client.CoPilot_724.1301.930.5_x64__cw5n1h2txyewy [2024-05-08] (Microsoft Windows)

Windows Subsystem for Android™ -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2311.40000.5.0_x64__8wekyb3d8bbwe [2024-05-10] (Microsoft Corp.) [Startup Task]

Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_2.0.4.0_x86__1crh1k73ty8mg [2020-06-10] (Media Life)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)

CustomCLSID: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001_Classes\CLSID\{56512e36-c98f-d8d5-43c6-669ea60c4c0b}\localserver32 -> C:\Program Files\CleverFiles\Disk Drill\DD.exe (CLEVERFILES INC. -> 508 Software, LLC)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-07] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed] [File is in use]

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxDTCM.dll [2018-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-07] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\steve\Desktop\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg

ShortcutWithArgument: C:\Users\steve\Desktop\Steven - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"

ShortcutWithArgument: C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg

ShortcutWithArgument: C:\Users\steve\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Stevie - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) =============

2018-12-03 22:19 - 2018-12-03 22:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll

2020-04-20 14:58 - 2020-04-20 14:58 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll

2020-04-20 14:58 - 2020-04-20 14:58 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll

2019-03-06 22:45 - 2007-09-18 17:44 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBIPDev.dll

2019-03-06 22:45 - 2007-09-10 16:03 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBLPBidiDev.dll

2019-03-06 22:45 - 2006-12-26 15:58 - 000233544 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBMSDev.dll

2019-03-06 22:45 - 2004-11-17 17:56 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBNWDev.dll

2019-03-06 22:45 - 2007-09-10 16:32 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBRSVC.dll

2019-03-06 22:45 - 2006-08-30 02:02 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll

2019-03-06 22:27 - 2012-11-12 16:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

2019-03-06 22:27 - 2012-10-22 18:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-05-05] (Microsoft Corporation -> Microsoft Corporation)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\...\sharepoint.com -> hxxps://strath-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2023-07-13 10:42 - 2024-05-05 11:01 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

172.27.128.1 DESKTOP-T3QOQ8M.mshome.net # 2029 5 5 4 10 1 35 900

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files\dotnet\;C:\Program Files\Calibre2\

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\steve\Pictures\Photos from S20\20200924_213048.jpg

HKU\S-1-5-21-1741543102-3776721137-2454621359-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Gillian\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\newyo.jpg

DNS Servers: 194.168.4.100 - 194.168.8.100

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

Network Binding:

=============

Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)

WiFi: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3

MSCONFIG\Services: Intel® TPM Provisioning Service => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: jhi_service => 2

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: MyEpson Portal Service => 2

MSCONFIG\Services: MyWiFiDHCPDNS => 3

MSCONFIG\Services: NAUpdate => 2

MSCONFIG\Services: NeroBackItUpBackgroundService2018 => 2

MSCONFIG\Services: QASvc => 3

MSCONFIG\Services: RegSrvc => 2

MSCONFIG\Services: RstMwService => 2

MSCONFIG\Services: RtkAudioUniversalService => 2

MSCONFIG\Services: StreamingCore => 2

MSCONFIG\Services: UEIPSvc => 3

MSCONFIG\Services: ZeroConfigService => 2

HKLM\...\StartupApproved\Run: => "RtkAudUService"

HKLM\...\StartupApproved\Run: => "IAStorIcon"

HKLM\...\StartupApproved\Run: => "Endeavors Technologies JukeboxPlayer"

HKLM\...\StartupApproved\Run32: => "Nero BackItUp"

HKLM\...\StartupApproved\Run32: => "EaseUS FixTool"

HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"

HKLM\...\StartupApproved\Run32: => "CAMTray"

HKLM\...\StartupApproved\Run32: => "DriveSpan"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "NordVPN"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "electron.app.NordPass"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPSDNMON"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "Avanquest Message"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "Amazon Photos"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{550D8F38-00DF-48E4-B360-185AB4605A00}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{A9709B81-5AA2-4468-8AF0-E75F8D0F388C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{8F0C2453-02C1-4101-9DFA-CA2F43926598}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{F53620E7-7B05-471B-B6A4-2B5B9AC5244F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{4FCD8D99-53E0-4DC2-903B-C6426330434A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{B3AE7351-F18D-4146-A1E9-B0056FB943E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{DEE624F7-3CC2-4CB2-8D01-AF05E049E050}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{DC6505CC-47F3-4BDF-BAD6-DCC04C04BD47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{7D62DFB5-91C6-4E29-B1F8-324D4B9403B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{CD6EDD1E-E0B5-4290-BAAD-03FE034A5FE6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{C46D55B7-0269-4B16-9D1A-963486D90B89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.237.701.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{196C2B4B-E04E-4379-A71A-8387CB138E01}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.80\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{69D4E43E-97B1-4DE6-94D2-58228D936C3A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{5BE05F8F-DD24-4CDD-B006-E80DC7FC74D9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{37EB7A35-B468-4463-B3AE-48B575EC906C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{52F89E3B-D192-4906-AF3F-E0F9DA5107FC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.118.3205.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{8FCCFFC1-546D-46B0-BAE6-23C24C2653CE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{BDB9A1A5-7AFD-4807-9A6C-1019FC15188F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{5756E0DD-9A63-4C00-B4AF-2AFD74A1C392}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2311.40000.5.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe (Microsoft Corporation -> )

FirewallRules: [{9FA0A97A-416D-4C55-83A5-85D57BD552FA}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{E72B7B2C-916C-4BE1-A2A2-0AC54E69B4CC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{56D33FD8-594B-43B4-9C69-B6B50320D3F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{E5D0D6B2-7594-48A0-93F3-14BFC4369789}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{5CCC6300-7F0F-4950-AE6C-D96A36CC8E61}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{AF2EC385-4628-4C90-A140-5184E0A3C52B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{C027F577-66DD-402C-8F97-ADDE7CF8505B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{58C907D2-6B90-4282-9ABA-362F4AF64A56}] => (Block) C:\program files\skybox\skybox.exe (Beijing Zixiong Information Technology Co., Ltd. -> )

FirewallRules: [{03B62D2C-A904-4DC9-8446-2EC2851AA1D2}] => (Block) C:\program files\skybox\skybox.exe (Beijing Zixiong Information Technology Co., Ltd. -> )

FirewallRules: [UDP Query User{7D96304F-0400-4A6F-AFCF-83BAAE51461F}C:\program files\skybox\skybox.exe] => (Allow) C:\program files\skybox\skybox.exe (Beijing Zixiong Information Technology Co., Ltd. -> )

FirewallRules: [TCP Query User{9F00A981-A34E-4B80-921F-EF6348710D0F}C:\program files\skybox\skybox.exe] => (Allow) C:\program files\skybox\skybox.exe (Beijing Zixiong Information Technology Co., Ltd. -> )

FirewallRules: [UDP Query User{F5079F31-EED9-4BDC-95EF-AD1FBD2D6E39}C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{20BBCE53-FDDF-4432-9439-48EB3077AA00}C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\gillian\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [UDP Query User{46FECE41-9EA8-4721-AEB5-6B713875FF5D}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Allow) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]

FirewallRules: [TCP Query User{E64876CA-64B4-4268-981B-7174EC1A856D}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Allow) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]

FirewallRules: [UDP Query User{636FC029-9E9F-4501-AA25-856A109525D5}C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [TCP Query User{264C95F6-A57E-4E55-AF24-917262811A57}C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\gillian\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [UDP Query User{696A3737-CC6F-46FB-9216-570CEB929772}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]

FirewallRules: [TCP Query User{1D3B44E5-7570-4F13-B04C-111E72D6FC1E}C:\users\steve\appdata\local\programs\nordpass\nordpass.exe] => (Block) C:\users\steve\appdata\local\programs\nordpass\nordpass.exe (NordPass Team) [File not signed]

FirewallRules: [{38919211-491A-4399-942E-8B30C4EA6645}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{A16E47A8-211F-4C36-8DA0-694CCD4A95CB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{95236E62-7ACB-4C8D-8E14-7BAE7CD20548}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{F01C3573-9E22-458A-91CE-5DB8F87466B3}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{972566EC-13CB-4389-975F-449D3598E771}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{762E09DF-D209-4C13-A0E4-3B1D507301E2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{4C5CAB28-7A10-4992-B0C9-70236A8C60A9}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{17D38086-9743-4EDF-A691-D604CA563BF2}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{3E19D774-3AD9-40E7-8A57-3EC857B324B6}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{D8CD1526-D62D-4560-B9BE-5C7DD465AF66}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{1FF9056C-18B8-4C4C-9D20-C003728090EE}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{A784AB41-9E8F-46F0-9E57-AF1311F23631}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{923C6F2D-B29D-4895-BFA1-48EB43990A10}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{B0AB877D-0BC9-4591-95DF-99105791A82B}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{C4B06792-EBC8-4B07-9AED-66B147D119DC}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{8EBD3890-585B-4E72-A392-F0248E6A25D5}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{F7769D7A-AE6B-45E3-B473-81F59F1CF973}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{D43775B1-7D82-4961-B564-BAD29245AD03}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{D4AA9B30-D49F-40AB-B4D0-6972C69BA846}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{71B9035B-6E96-481F-B4D0-8879D188A65E}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (17EBDC47-5B5B-478A-9051-A6F84B04F572 -> )

FirewallRules: [{7C5949E0-929E-4D54-A026-E04F2F4BE8C4}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{E2924F25-34C0-4626-A9C9-19DA4B24F666}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{09EC6237-0455-4632-A697-D4D68AA27CC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)

FirewallRules: [{FCBA071B-62BB-4133-A9A7-D361BFA1A0BB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)

FirewallRules: [{9722F32B-89D4-46D9-8C3B-E2337F9B9FA0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel® Wireless Connectivity Solutions -> )

FirewallRules: [{5EEB7081-F60A-45BE-ADF0-2E30DBC8AD5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20150.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{78BB51ED-5D88-48F8-817C-06FBDE65EAA0}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [UDP Query User{66B4C281-1F99-4970-84B4-25F781A17D8E}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{EC059BCF-5AFE-4F22-84C2-A1682F465CBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{6BD7DCFE-22AF-4891-8DCE-19CD07655E8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{97146C7B-99B4-437A-AC64-7101B5A4C313}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{421624A7-B80E-4380-97CB-48E6E6DB94CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [TCP Query User{E5F53477-DD35-4C1A-AC5D-1EA8805EDE0D}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [UDP Query User{D4AEB729-00CE-4595-8782-6186AFD67E91}C:\program files (x86)\google\chrome\application\chrome.exe.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

10-05-2024 09:50:24 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================