Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

slow sluggish desk top

Started by salvar774 , Yesterday, 08:03 PM
slowe freezes will not print

  • Please log in to reply

#1
salvar774
Posted Yesterday, 08:03 PM

salvar774

    Member

  • Member
  • PipPip
  • 67 posts

TAKES LONG TO STARTUP, freezes using pdf files freezes sending to print  takes a long time if it does print . used msconfig to be able to use browser used selective start

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-05-2025
Ran by Simon Alvarado (administrator) on DESKTOP-1DF5S27 (LENOVO 90MV00ELUS) (11-05-2025 19:39:50)
Running from C:\Users\grego\OneDrive\Desktop\repair\FRST64 (4).exe
Loaded Profiles: Simon Alvarado
Platform: Microsoft Windows 11 Home Version 24H2 26100.3915 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(GenericTelemetryAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files (x86)\TotalAV\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\TotalAV\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files (x86)\TotalAV\SecurityService.exe ->) (Total Security Limited -> TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\EPP\rsHelper.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\AppProvisioningPlugin.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\LenovoOobePlugin.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\MessagingPlugin.exe
(drivers\Lenovo\udc\Service\UDClientService.exe ->) (Lenovo -> ) C:\ProgramData\Lenovo\Udc\Hosts\x64\SystemNotificationPlugin.exe
(DriverStore\FileRepository\u0409362.inf_amd64_1abe273c6c87517a\B404884\atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0409362.inf_amd64_1abe273c6c87517a\B404884\atieclxx.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.22342.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Reason Cybersecurity Inc. -> Reason Cybersecurity Ltd.) C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe <14>
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\afwServ.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> Gen Digital Inc.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\TotalAV\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0409362.inf_amd64_1abe273c6c87517a\B404884\atiesrxx.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_12da6ad5ef67a6ed\RtkAudUService64.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Cybersecurity Ltd.) C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\EPP\rsWSC.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
(services.exe ->) (Reason Labs Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
(services.exe ->) (Total Security Limited -> TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_12da6ad5ef67a6ed\RtkAudUService64.exe [1262168 2021-05-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Lenovo Fundamental USB Keyboard] => C:\Program Files\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe [2971288 2021-08-16] (LITE-ON TECHNOLOGY CORP. -> Lenovo)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [491856 2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5014344 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\Run: [MicrosoftEdgeAutoLaunch_BA48C41CE12E271D5372F634E052D858] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4045880 2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\Run: [Opera Stable] => C:\Users\grego\AppData\Local\Programs\Opera\opera.exe [1583000 2025-04-28] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45875504 2025-03-12] (Gen Digital Inc. -> Gen Digital Inc.)
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [41352088 2025-04-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\Run: [Opera Browser Assistant] => C:\Users\grego\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4536216 2025-04-14] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP CD11 Status Monitor: C:\WINDOWS\system32\hpinkstsCD11LM.dll [391992 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\136.0.7103.93\Installer\chrmstp.exe [2025-05-06] (Google LLC -> Google LLC)
GroupPolicy-Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {499F9002-B5C0-4073-AE80-62BED8A2A76D} - \McAfee\DAD.Execute.Updates -> No File <==== ATTENTION
Task: {6D915D28-9709-4C48-A9F0-FD915E50A267} - \Opera scheduled assistant Autoupdate 1732660351 -> No File <==== ATTENTION
Task: {B9288420-470F-4D3D-A494-6FD860DAA718} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {C89EE28D-1AD6-48C1-B34C-FF8A381620CA} - System32\Tasks\AVG\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [5323608 2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {70EC99AD-50B7-4DEB-BD02-B5E90CF3766E} - System32\Tasks\AVG\AVG Antivirus Patcher => C:\Program Files\Common Files\AVG\Icarus\avg-av\icarus.exe [8726872 2025-04-25] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {480B11CD-65F0-4CAB-8CED-2D2307401BA5} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2593096 2024-11-26] (AVG Technologies USA, LLC -> Gen Digital Inc.)
Task: {A055DC25-4FC5-465C-8AAD-828E78A1291B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3480504 2025-03-12] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {C2E009B2-582C-407E-B7F0-B48FD833678D} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6139696 2025-03-12] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "f24e391d-bae5-414a-8234-7eff771dd454" --version "6.34.0.11482" --silent
Task: {20676F96-F500-4BDD-BEA5-64C8C4FED487} - System32\Tasks\CCleanerSkipUAC - Simon Alvarado => C:\Program Files\CCleaner\CCleaner.exe [39616304 2025-03-12] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {BA00235D-B9BB-4F69-AE17-B0C935AAF7E7} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7156.0{C76A1973-750F-455D-A78F-8EAEAB1F1522} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7156.0\updater.exe [7096416 2025-05-02] (Google LLC -> Google LLC)
Task: {A20B8678-383B-4B68-B48E-6B50BFE9F9A0} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [79312 2025-05-07] (HP Inc. -> HP Inc.)
Task: {30E78D1E-E636-437A-A26C-81C414FBBFEB} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [79312 2025-05-07] (HP Inc. -> HP Inc.)
Task: {CD43B8D6-C7D9-46ED-BFCE-35D30F934931} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {5B259762-86E1-4CBE-885B-45275811E20E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [102400 2025-04-30] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {E02697AD-8261-467C-B07F-4BB8B5DEA48B} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [110592 2025-04-30] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {FD31CD01-768A-49F3-848E-041405847D9E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1b622ef9-13e3-48c7-9a94-9471b8c322bb => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {F86C334F-7536-4880-A6ED-C8B08FEE1735} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4c6c2785-5baa-4057-961e-51a49b0c471c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {3BC1A522-975F-47C0-9AD0-07E5A42E5A58} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\dde2db37-9f08-473b-9b76-574d0c0acd5c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
Task: {B05DEAAD-BFF2-44BF-B51D-F609A6CC1C2B} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\WINDOWS\system32\sc.exe [102400 2025-04-30] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210
Task: {417E16B0-DE42-477B-9A6D-FFDD2BE3DB74} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90984 2025-02-26] (Lenovo -> Lenovo Group Ltd.) -> C:\windows\system32\drivers\Lenovo\udc\Service\/onidle
Task: {A4D8993D-4D42-45E8-8B30-5AFFCEA36AC7} - System32\Tasks\Lenovo\UDC\Lenovo UDC Lazy Deployment => C:\WINDOWS\system32\sc.exe [102400 2025-04-30] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 221
Task: {A92EC196-F797-4008-9D15-2E7D9C927A61} - System32\Tasks\Lenovo\UDC\Lenovo UDC Maintainance Task => C:\WINDOWS\system32\sc.exe [102400 2025-04-30] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 220
Task: {0E061E62-5FFC-4C3D-A2D6-1237AACDD3BC} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [237400 2025-02-26] (Lenovo -> Lenovo Group Ltd.)
Task: {4753C1DF-F66D-4640-BDBC-5A9CF41E5310} - System32\Tasks\Lenovo\UDC\MessagingPlugin\f126a897-fed7-46c7-992c-8fafcb3bae0c => C:\Windows\System32\drivers\Lenovo\udc\Service\UdcInfInstaller.exe [237400 2025-02-26] (Lenovo -> Lenovo Group Ltd.)
Task: {2BB9FF86-BB03-4BB3-BC6A-B6B3A43C22D6} - System32\Tasks\Lenovo\UDC\SystemNotificationPlugin\c01a111b-e0c9-4806-a16a-8583af91c8fd => C:\Windows\System32\drivers\Lenovo\udc\Service\UdcInfInstaller.exe [237400 2025-02-26] (Lenovo -> Lenovo Group Ltd.)
Task: {2FF48717-B18C-4C79-9613-9E1732314BEB} - System32\Tasks\Lenovo\UDC\SystemNotificationPlugin\DigestDownload => C:\Windows\System32\drivers\Lenovo\udc\Service\UdcInfInstaller.exe [237400 2025-02-26] (Lenovo -> Lenovo Group Ltd.)
Task: {76C1A9FB-D0A4-44A8-85A7-7E2D28D47BA3} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [102400 2025-04-30] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {B373BC31-F45C-44DC-B14A-85EDF3B22747} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {26F6E2AC-3CB1-4E85-BE12-58D5D5DEF68A} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {D6CCB7D3-43A7-43B0-8B98-061D6EDA2428} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {2ED42D8A-1B0C-4716-B36A-0952EF50BFFF} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {B799334B-1E04-4641-AC40-9677B5C30126} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {76BD03CC-9A45-4AAA-A228-3220B6BD91F4} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {EACC1D2B-441C-4239-BAE6-BBE7C3227779} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {15C98CD5-89B1-477B-B066-52D55E68A826} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe  NotificationCenter (No File)
Task: {22DC0C8F-AB17-4143-944D-F98AAE2D17AC} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {929444AD-A6BD-4B6C-8BDC-D0FC6E10A60A} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {ED692F92-A99E-4D4D-8F64-FB5B4D181512} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.190\x64\IdleScheduleEventAction.exe [143768 2025-01-19] (Lenovo -> )
Task: {5B973815-D252-4EFF-B3B5-0FD56402574E} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-21] (Lenovo -> Lenovo)
Task: {E9085409-B3ED-4D0A-B0C9-F6F17D48CCD4} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe  /repair (No File)
Task: {8AF24A48-10AB-4A71-A3D4-29FFB7D0A28F} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4FCAFBE-FACD-4D52-8DAA-A4C8D7231E04} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC87D37F-A7A5-494F-B446-8E71BE1736E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102296 2025-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {FB36F663-C672-4A24-9212-30942DAB0824} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68344 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {5A7E63DD-DD51-4FF7-BD95-AA5CE4CA9B28} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102296 2025-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D16DF15-1F85-4362-9B7D-5F34AB52B3F4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {E07C9074-1571-49EB-BBFC-5A0884E42625} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {0361F3F2-0065-40F5-B375-7C4E518DEC6F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [213216 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {0093E2E1-86BE-448A-8382-A403AD078348} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\InitialConfiguration => {709FD5EF-7296-4154-BD3A-E9830FCFA60A} C:\WINDOWS\system32\ShellConfigTask.dll [274432 2025-04-30] (Microsoft Windows -> Microsoft Corporation)
Task: {D3708034-7C6C-48A4-A435-E9EBF803D8DE} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration => {0BE6820D-B667-4CB6-931B-C153A77DA895} C:\WINDOWS\system32\ShellConfigTask.dll [274432 2025-04-30] (Microsoft Windows -> Microsoft Corporation)
Task: {C1D976DD-4462-4DC7-A030-71BBEE2020CD} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-06] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {F219DCB8-C5B3-4F0C-8496-36A87842BBE1} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1859720211-2456076680-3369672926-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-06] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {3232252B-7D02-46B6-8028-449FF7037CD9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-05-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {9827E103-1D59-464F-9D4A-16F6552EB257} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223832 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D040EBD0-6302-4A9A-AFBB-9CE5C91C181E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1859720211-2456076680-3369672926-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223832 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB515900-E6DA-4278-A12F-CB85E96C9814} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1859720211-2456076680-3369672926-1001 => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\OneDriveLauncher.exe [679232 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {374BAF8E-792B-4A06-A3B5-6FB8EE671AB5} - System32\Tasks\Opera scheduled Autoupdate 1732660342 => C:\Users\grego\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5966744 2025-04-23] (Opera Norway AS -> Opera Software)
Task: {1E760873-0B9E-4FDD-82D6-A2DD8779566B} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-1859720211-2456076680-3369672926-1001 => C:\Users\grego\AppData\Roaming\Zoom\bin\Zoom.exe [434488 2025-03-07] (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7cd8810c-1f19-4fca-bed3-786b94acd01e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7cd8810c-1f19-4fca-bed3-786b94acd01e}: [DhcpDomain] lan
Tcpip\..\Interfaces\{c775db03-9211-4ece-9d31-1beda048878f}: [DhcpNameServer] 9.12.10.100
 
Edge: 
=======
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\grego\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2025-05-12]
Edge Notifications: Profile 1 -> hxxps://cdsecurecloud-dt.com; hxxps://meet.google.com; hxxps://www.facebook.com; hxxps://www.msn.com
Edge Extension: (Direction Online Free) - C:\Users\grego\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ankddfbkadblchchnnmnooolldlkflcl [2024-10-18]
Edge Extension: (Google Docs Offline) - C:\Users\grego\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-05-04]
Edge Extension: (Edge relevant text changes) - C:\Users\grego\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]
Edge Extension: (3D Earth) - C:\Users\grego\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\lbglighkcklfeibedndoohnhaffpbcjc [2024-10-18]
Edge HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
 
FireFox:
========
FF DefaultProfile: 67tbrdtk.default
FF ProfilePath: C:\Users\grego\AppData\Roaming\Mozilla\Firefox\Profiles\67tbrdtk.default [2022-07-05]
FF ProfilePath: C:\Users\grego\AppData\Roaming\Mozilla\Firefox\Profiles\an4863p7.default-release [2025-05-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\grego\AppData\Local\Google\Chrome\User Data\Default [2025-05-11]
CHR Extension: (Affirm: Buy Now, Pay Later) - C:\Users\grego\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmfijaapnnkcglahdngmjnhkfnkihkbg [2025-05-11]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\grego\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-05-11]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\grego\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2025-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\grego\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-05-11]
CHR Extension: (Online Security) - C:\Users\grego\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2025-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\grego\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
 
Opera: 
=======
OPR DefaultProfile: Default
StartMenuInternet: (HKU\S-1-5-21-1859720211-2456076680-3369672926-1001) OperaStable - "C:\Users\grego\AppData\Local\Programs\Opera\opera.exe"
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [846160 2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [2558296 2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [898384 2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7570256 2025-05-05] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVGWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2024-11-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1088816 2025-03-12] (Gen Digital Inc. -> Gen Digital Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13824208 2025-04-28] (Microsoft Corporation -> Microsoft Corporation)
R2 EndpointProtectionService; C:\Program Files (x86)\TotalAV\Endpoint Protection SDK\endpointprotection.exe [11849448 2024-10-15] (Avira Operations GmbH -> Avira Operations GmbH) <==== ATTENTION
S3 EndpointProtectionService2; C:\Program Files (x86)\TotalAV\Endpoint Protection SDK\endpointprotection.exe [11849448 2024-10-15] (Avira Operations GmbH -> Avira Operations GmbH) <==== ATTENTION
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncHelper.exe [3587904 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-05-07] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-27] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe [34816 2025-02-21] (Lenovo -> Lenovo)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [943728 2025-05-09] (McAfee, LLC -> McAfee, LLC)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1161032 2022-07-14] (McAfee, LLC -> McAfee, LLC)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.065.0406.0002\OneDriveUpdaterService.exe [3841360 2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15989824 2025-05-07] (ADLICE -> )
R2 rsClientSvc; C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe [679936 2025-05-12] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsDNSClientSvc; C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe [665088 2024-11-26] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsDNSResolver; C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe [11584144 2024-11-26] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsDNSSvc; C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe [209040 2024-11-26] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsEDRSvc; C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe [167936 2025-05-12] (Reason Cybersecurity Inc. -> Reason Cybersecurity Ltd.)
R2 rsEngineSvc; C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe [295424 2025-05-12] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsSyncSvc; C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe [817528 2024-11-07] (Reason Labs Inc. -> Reason Software Company Inc.)
R2 rsVPNClientSvc; C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe [660112 2024-11-26] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsVPNSvc; C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe [239248 2024-11-26] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsWSC; C:\Program Files\ReasonLabs\EPP\rsWSC.exe [208552 2025-05-12] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [240208 2024-11-05] (Total Security Limited -> TotalAV) <==== ATTENTION
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [72560 2025-02-26] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ZTHELPER; C:\WINDOWS\System32\zthelper.dll [146096 2025-04-30] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 A2DDA; D:\Run\a2ddax64.sys [26176 2013-03-29] (Emsisoft GmbH -> Emsisoft GmbH)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [25016 2021-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0409362.inf_amd64_1abe273c6c87517a\B404884\amdkmdag.sys [106382544 2024-11-12] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [135296 2020-05-12] (Alcorlink Corp. -> )
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [21088 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [244320 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [390720 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [297568 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [85088 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [28280 2024-11-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [29792 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [279624 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [569920 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [92224 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [72256 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [881728 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [1272392 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [201792 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [391232 2025-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [176712 2024-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Avira Operations GmbH)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [233560 2024-10-08] (Avira Operations GmbH -> Avira Operations GmbH)
S3 cleanhlp; D:\Run\cleanhlp64.sys [57024 2014-02-15] (Emsisoft GmbH -> Emsisoft GmbH)
R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [116048 2024-10-08] (Avira Operations GmbH -> Avira Operations GmbH)
S0 ProtectedELAM; C:\WINDOWS\System32\drivers\protected_elam.sys [18912 2023-10-31] (Microsoft Windows Early Launch Anti-malware Publisher -> TODO: <Company name>)
R3 RkFlt; C:\Windows\System32\drivers\rkflt.sys [63952 2025-05-12] (ADLICE (Julien Ascoet) -> )
R3 rsCamFilter020600; C:\WINDOWS\system32\drivers\rsCamFilter020600.sys [50168 2025-05-04] (Reason Cybersecurity Inc. -> Reason Software Company)
S3 rsDwf; C:\WINDOWS\system32\DRIVERS\rsDwf.sys [54144 2024-11-26] (Reason CyberSecurity Inc. -> Reason CyberSecurity Inc.)
S0 rsElam; C:\WINDOWS\System32\drivers\rsElam.sys [19944 2025-05-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Reason CyberSecurity Inc.)
R1 rsKernelEngine; C:\WINDOWS\System32\DRIVERS\rsKernelEngine.sys [49456 2025-05-12] (Reason CyberSecurity Inc. -> Windows ® Win 7 DDK provider)
R1 rtp1; C:\WINDOWS\System32\DRIVERS\rtp1.sys [431432 2024-10-12] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp2; C:\WINDOWS\System32\DRIVERS\rtp2.sys [431456 2024-10-12] (Avira Operations GmbH -> Avira Operations GmbH)
S3 rtp_config; C:\WINDOWS\System32\DRIVERS\rtp1.sys [431432 2024-10-12] (Avira Operations GmbH -> Avira Operations GmbH)
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28768 2024-10-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-30] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R1 webshieldfilter; C:\WINDOWS\System32\drivers\webshieldfilter.sys [96264 2023-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) <==== ATTENTION
S3 wini3ctarget; C:\WINDOWS\System32\DriverStore\FileRepository\wini3ctarget.inf_amd64_8d863c975b4367df\wini3ctarget.sys [79288 2025-04-30] (Microsoft Windows -> Microsoft Corporation)
S3 WSDPrintDevice; C:\WINDOWS\System32\DriverStore\FileRepository\wsdprint.inf_amd64_1f9e32519098c0b6\WSDPrint.sys [57344 2025-04-30] (Microsoft Windows -> Microsoft Corporation)
S3 WSDScan; C:\WINDOWS\System32\DriverStore\FileRepository\sti.inf_amd64_971c769b103df369\WSDScan.sys [61440 2025-04-30] (Microsoft Windows -> Microsoft Corporation)
U3 AVG Business Console Client Antivirus Service; no ImagePath
U3 avgBcc; no ImagePath
U3 avgbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-05-11 19:37 - 2025-05-11 19:40 - 000000000 ____D C:\FRST
2025-05-11 19:29 - 2025-05-11 19:28 - 000049456 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\rsKernelEngine.sys
2025-05-11 19:23 - 2025-05-11 19:36 - 000063952 _____ C:\WINDOWS\system32\Drivers\rkflt.sys
2025-05-11 19:07 - 2025-05-11 19:07 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\HTML Help
2025-05-11 19:02 - 2025-05-11 19:02 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\MMC
2025-05-11 15:12 - 2025-05-11 19:39 - 000000000 ____D C:\Users\grego\OneDrive\Desktop\repair
2025-05-11 15:11 - 2025-05-11 15:12 - 002299904 _____ (Farbar) C:\Users\grego\Downloads\FRST64 (3).exe
2025-05-11 15:09 - 2025-05-11 15:12 - 002299904 _____ (Farbar) C:\Users\grego\Downloads\FRST64.exe
2025-05-11 14:56 - 2025-05-11 19:39 - 000003326 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-05-11 14:56 - 2025-05-11 19:39 - 000000670 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-05-07 16:34 - 2025-05-07 16:34 - 000001234 _____ C:\Users\grego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adlice Protect.lnk
2025-05-07 16:32 - 2025-05-07 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2025-05-07 16:32 - 2025-05-07 16:32 - 000000000 ____D C:\Program Files\RogueKiller
2025-05-07 16:24 - 2025-05-07 16:24 - 051549152 _____ (Adlice Software ) C:\Users\grego\Downloads\setup (1).exe
2025-05-07 16:17 - 2025-05-07 17:33 - 000000000 ____D C:\ProgramData\RogueKiller
2025-05-05 18:43 - 2025-05-05 18:43 - 000320336 _____ (Gen Digital Inc.) C:\WINDOWS\system32\avgBoot.exe
2025-05-04 17:56 - 2025-05-04 17:53 - 000050168 _____ (Reason Software Company) C:\WINDOWS\system32\Drivers\rsCamFilter020600.sys
2025-05-01 19:52 - 2025-05-01 19:52 - 000000000 ____D C:\ProgramData\Brother
2025-04-30 11:08 - 2025-04-30 11:08 - 000086644 _____ C:\Users\grego\Downloads\USYA0041602981.pdf
2025-04-30 10:53 - 2025-04-30 10:53 - 000094225 _____ C:\Users\grego\Downloads\USYA0041602577.pdf
2025-04-30 10:49 - 2025-04-30 10:49 - 000091836 _____ C:\Users\grego\Downloads\USYA0041602462.pdf
2025-04-30 10:36 - 2025-05-10 20:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-30 09:54 - 2025-04-30 09:54 - 000030998 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-04-30 09:54 - 2025-04-30 09:54 - 000030998 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-04-30 00:57 - 2025-04-29 22:21 - 000000000 ____D C:\Windows.old
2025-04-30 00:54 - 2025-04-30 00:57 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2025-04-30 00:52 - 2025-04-30 00:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2025-04-30 00:52 - 2025-04-30 00:52 - 000000000 ____D C:\WINDOWS\Lenovo
2025-04-30 00:51 - 2025-04-30 00:54 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2025-04-30 00:51 - 2025-04-30 00:51 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2025-04-30 00:50 - 2025-04-30 21:04 - 000000000 ____D C:\WINDOWS\InboxApps
2025-04-30 00:50 - 2025-04-30 00:50 - 000000000 ____D C:\WINDOWS\system32\AccountHealthAssets
2025-04-30 00:50 - 2025-04-30 00:50 - 000000000 ____D C:\inetpub
2025-04-30 00:46 - 2025-04-30 00:46 - 000005264 _____ C:\WINDOWS\system32\ecoscore_config.json
2025-04-30 00:45 - 2025-04-30 00:45 - 000070484 _____ C:\WINDOWS\SysWOW64\ctac.json
2025-04-30 00:44 - 2025-04-30 00:44 - 000000998 _____ C:\WINDOWS\system32\DeviceFeatureDDF.json
2025-04-30 00:43 - 2025-04-30 00:43 - 000070484 _____ C:\WINDOWS\system32\ctac.json
2025-04-30 00:38 - 2025-04-30 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2025-04-30 00:38 - 2025-04-30 00:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2025-04-30 00:38 - 2025-04-30 00:38 - 000000000 ____D C:\WINDOWS\addins
2025-04-29 22:26 - 2025-04-29 22:26 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2025-04-29 22:21 - 2025-04-29 22:21 - 000000020 ___SH C:\Users\grego\ntuser.ini
2025-04-29 22:20 - 2025-05-11 19:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-04-29 22:20 - 2025-05-11 13:57 - 000004186 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{80F2C34C-D7D1-47D8-A061-AC22FE6413D0}
2025-04-29 22:20 - 2025-05-07 15:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2025-04-29 22:20 - 2025-05-07 15:35 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1859720211-2456076680-3369672926-1001
2025-04-29 22:20 - 2025-05-07 15:35 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-1859720211-2456076680-3369672926-1001
2025-04-29 22:20 - 2025-05-07 15:35 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-04-29 22:20 - 2025-05-06 18:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-04-29 22:20 - 2025-05-06 18:47 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-04-29 22:20 - 2025-05-06 18:47 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-04-29 22:20 - 2025-05-05 18:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2025-04-29 22:20 - 2025-05-03 18:51 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2025-04-29 22:20 - 2025-04-29 22:40 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-04-29 22:20 - 2025-04-29 22:20 - 000003700 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1732660342
2025-04-29 22:20 - 2025-04-29 22:20 - 000003370 _____ C:\WINDOWS\system32\Tasks\ZoomUpdateTaskUser-S-1-5-21-1859720211-2456076680-3369672926-1001
2025-04-29 22:20 - 2025-04-29 22:20 - 000002272 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Simon Alvarado
2025-04-29 22:20 - 2025-04-29 22:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2025-04-29 22:20 - 2025-04-29 22:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2025-04-29 22:20 - 2025-04-29 22:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2025-04-29 22:20 - 2025-04-29 22:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2025-04-29 22:20 - 2022-01-06 15:26 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1926842420-234243968-494114326-500
2025-04-29 22:14 - 2025-04-29 22:14 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\SystemCertificates
2025-04-29 22:14 - 2025-04-29 22:14 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\Network
2025-04-29 22:14 - 2025-04-29 22:14 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\Crypto
2025-04-29 22:14 - 2025-04-29 22:14 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2025-04-29 22:12 - 2025-05-11 19:30 - 000791266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-04-29 22:11 - 2025-05-11 19:36 - 000000876 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-04-29 22:09 - 2025-05-11 19:21 - 000000000 ____D C:\Users\grego
2025-04-29 22:09 - 2025-04-29 22:23 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\Windows
2025-04-29 22:09 - 2025-04-29 22:09 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\Spelling
2025-04-29 22:05 - 2025-05-11 16:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-04-29 22:05 - 2025-04-30 21:07 - 000472544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-04-18 00:56 - 2025-05-06 18:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-04-14 10:44 - 2025-04-14 10:44 - 000316232 _____ (Gen Digital Inc.) C:\WINDOWS\system32\asw8bc21e6ac12446f6.tmp
2025-04-13 07:31 - 2025-05-11 19:31 - 000000000 ___DC C:\WINDOWS\Panther
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2025-05-11 19:43 - 2024-04-01 02:24 - 000000000 ____D C:\WINDOWS\INF
2025-05-11 19:38 - 2024-11-26 17:37 - 000000000 ____D C:\Users\grego\AppData\Roaming\rsappui
2025-05-11 19:38 - 2024-04-03 22:43 - 000000000 ____D C:\Program Files (x86)\TotalAV
2025-05-11 19:38 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-05-11 19:38 - 2024-04-01 02:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-11 19:36 - 2024-11-26 17:16 - 000000000 ____D C:\ProgramData\AVG
2025-05-11 19:35 - 2024-12-04 12:46 - 004042224 _____ C:\WINDOWS\system32\rtp.db
2025-05-11 19:35 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\ServiceState
2025-05-11 19:35 - 2024-04-01 02:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-05-11 19:35 - 2022-01-06 15:20 - 000021520 _____ C:\WINDOWS\system32\wpbbin.exe
2025-05-11 19:35 - 2021-06-23 13:44 - 000012288 ___SH C:\DumpStack.log.tmp
2025-05-11 19:33 - 2024-04-01 02:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-11 19:33 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-05-11 19:29 - 2024-11-26 17:31 - 000000000 ____D C:\Program Files\ReasonLabs
2025-05-11 19:29 - 2022-03-09 13:49 - 000000000 ____D C:\Users\grego\AppData\Local\D3DSCache
2025-05-11 19:22 - 2024-04-01 02:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-05-11 19:22 - 2022-03-28 12:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-05-11 19:22 - 2022-03-10 17:42 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-05-11 14:55 - 2023-08-18 11:51 - 000000000 ____D C:\Users\grego\AppData\Local\CrashDumps
2025-05-11 13:45 - 2022-03-09 13:49 - 000000000 ____D C:\Users\grego\AppData\Local\Packages
2025-05-09 21:00 - 2021-06-23 13:45 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-07 15:35 - 2022-03-09 17:21 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-05-07 14:39 - 2023-08-08 09:22 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2025-05-07 14:39 - 2022-01-06 15:25 - 000000000 ____D C:\Program Files\Microsoft Office
2025-05-06 18:53 - 2022-03-28 12:56 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-05-06 18:45 - 2022-03-28 13:05 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-05-05 18:43 - 2024-11-26 17:17 - 001272392 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgSP.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000881728 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000569920 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000391232 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000390720 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000297568 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000279624 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000244320 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000092224 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000085088 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000072256 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000029792 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2025-05-05 18:43 - 2024-11-26 17:17 - 000021088 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2025-05-04 17:50 - 2022-03-09 13:49 - 000000000 ____D C:\ProgramData\Packages
2025-05-04 17:29 - 2025-02-25 16:23 - 000000000 ____D C:\Users\grego\OneDrive\Desktop\feb to date
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\UUS
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-04-30 21:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-04-30 21:04 - 2024-04-01 02:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-04-30 21:04 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-04-30 21:04 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-30 21:04 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\Provisioning
2025-04-30 21:04 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-30 11:51 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\appcompat
2025-04-30 09:15 - 2024-11-26 17:18 - 000002006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus Free.lnk
2025-04-30 00:57 - 2025-01-15 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2025-04-30 00:57 - 2024-06-06 04:19 - 000000000 ____D C:\WINDOWS\system32\%userprofile%
2025-04-30 00:57 - 2024-04-01 02:29 - 000000000 ____D C:\WINDOWS\Setup
2025-04-30 00:57 - 2024-04-01 02:26 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2025-04-30 00:57 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2025-04-30 00:57 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc
2025-04-30 00:57 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\spool
2025-04-30 00:57 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-04-30 00:57 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-04-30 00:57 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\Registration
2025-04-30 00:57 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-04-30 00:57 - 2024-04-01 02:26 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-04-30 00:57 - 2023-02-08 20:54 - 000000000 ____D C:\WINDOWS\system32\AMD
2025-04-30 00:57 - 2022-05-07 01:10 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2025-04-30 00:57 - 2022-05-07 00:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2025-04-30 00:57 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2025-04-30 00:57 - 2022-01-06 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2025-04-30 00:57 - 2021-06-05 07:10 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2025-04-30 00:57 - 2021-06-05 07:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2025-04-30 00:56 - 2024-04-01 02:26 - 000000000 __RHD C:\Users\Public\Libraries
2025-04-30 00:56 - 2024-04-01 02:21 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2025-04-30 00:54 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\schemas
2025-04-30 00:54 - 2023-07-29 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Retrotec
2025-04-30 00:54 - 2023-02-08 20:54 - 000000000 ____D C:\WINDOWS\Firmware
2025-04-30 00:54 - 2022-05-07 00:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2025-04-30 00:54 - 2022-05-07 00:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2025-04-30 00:50 - 2024-04-01 03:09 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-04-30 00:50 - 2024-04-01 03:09 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-04-30 00:50 - 2024-04-01 03:08 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-30 00:50 - 2024-04-01 03:08 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\WUModels
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-plocm
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-ploc
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\te-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\qps-plocm
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\qps-ploc
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\or-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\km-KH
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\is-IS
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\id-ID
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\et-EE
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\es-MX
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\Com
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\be-BY
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\as-IN
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\am-ET
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\IME
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\BrowserCore
2025-04-30 00:50 - 2024-04-01 02:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-04-30 00:50 - 2024-04-01 02:21 - 000000000 ____D C:\WINDOWS\servicing
2025-04-30 00:49 - 2024-04-01 03:09 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2025-04-30 00:49 - 2024-04-01 03:09 - 000028898 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2025-04-30 00:49 - 2024-04-01 02:26 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2025-04-30 00:49 - 2024-04-01 02:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2025-04-30 00:43 - 2024-04-01 02:22 - 000063064 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcLpioDMA.dll
2025-04-30 00:43 - 2024-04-01 02:22 - 000062952 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcPseDMA.dll
2025-04-30 00:43 - 2024-04-01 02:22 - 000062944 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtPL080.dll
2025-04-29 22:44 - 2024-04-01 02:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-04-29 22:40 - 2022-10-13 08:35 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-04-29 22:23 - 2021-06-23 13:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2025-04-29 22:20 - 2024-04-01 02:26 - 000000000 ___RD C:\Program Files\Windows Defender
2025-04-29 22:15 - 2022-03-09 13:51 - 000000000 ___RD C:\Users\grego\OneDrive
2025-04-29 22:10 - 2025-03-07 12:34 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2025-04-29 22:10 - 2023-07-29 14:37 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Retrotec
2025-04-29 22:09 - 2024-04-01 02:26 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2025-04-29 22:09 - 2022-03-15 18:51 - 000000000 ____D C:\Users\grego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2025-04-29 22:05 - 2024-04-01 02:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2025-04-28 18:48 - 2025-04-10 18:46 - 000001443 _____ C:\Users\grego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2025-04-28 06:45 - 2025-01-15 12:07 - 000000000 ____D C:\Program Files\CCleaner
2025-04-23 15:27 - 2025-01-22 16:07 - 000000000 ____D C:\Users\grego\OneDrive\Desktop\2025
2025-04-14 11:42 - 2025-02-10 11:05 - 000000000 ____D C:\Users\grego\OneDrive\Desktop\work with 25
2025-04-13 13:34 - 2024-11-26 17:48 - 000000000 ____D C:\Users\grego\AppData\Local\AVG
2025-04-11 11:16 - 2022-11-14 16:55 - 000000000 ____D C:\Users\grego\AppData\Local\ElevatedDiagnostics
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2025
Ran by Simon Alvarado (11-05-2025 19:45:51)
Running from C:\Users\grego\OneDrive\Desktop\repair
Microsoft Windows 11 Home Version 24H2 26100.3915 (X64) (2025-04-30 03:21:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1859720211-2456076680-3369672926-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1859720211-2456076680-3369672926-503 - Limited - Disabled)
Guest (S-1-5-21-1859720211-2456076680-3369672926-501 - Limited - Disabled)
Simon Alvarado (S-1-5-21-1859720211-2456076680-3369672926-1001 - Administrator - Enabled) => C:\Users\grego
WDAGUtilityAccount (S-1-5-21-1859720211-2456076680-3369672926-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Total AV (Disabled - Out of date) {0567E33F-93C9-11B5-891D-90A37AEB2766}
AV: Reason Cybersecurity (Enabled - Up to date) {ED4D1201-4876-7014-6F49-4BC9DA784B64}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: TotalAV (Enabled - Up to date) {A92C033B-9DA3-CE4B-CF85-8262E4A80B3B}
AV: McAfee VirusScan (Enabled - Up to date) {FE987762-0FB6-6BB6-1BF1-73F8ED8566FA}
FW: McAfee Firewall (Enabled) {C6A3F647-45D9-6AEE-30AE-DACD13562181}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adlice Protect version 16.1.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 16.1.3.0 - Adlice Software)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FF00-7760-BC15014EA700}) (Version: 25.001.20474 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\Amazon Kindle) (Version: 1.35.0.64251 - Amazon)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
AVG AntiVirus Free (HKLM\...\AVG Antivirus) (Version: 25.4.10068.2730 - Gen Digital Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.34 - Piriform)
DM2 USB Device Driver (HKLM\...\{E385AE53-422F-4A64-B5BC-73EA2520EB6A}) (Version: 3.0.0.0 - Retrotec)
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2410.4113 - Avira Operations GmbH) Hidden
FanTestic (HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\01e2c2ecf3e4d3a8) (Version: 5.14.23.90 - Retrotec)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 136.0.7103.93 - Google LLC)
Google Earth Pro (HKLM\...\{AE3261A9-F9D9-4410-BB38-7FA1D6B54BDE}) (Version: 7.3.6.10201 - Google)
Lenovo Calliope USB Keyboard (HKLM\...\{520AA862-0064-4B41-B777-1FAFC1AD1293}) (Version: 1.13 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.3.21.0 - Lenovo Group Ltd.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 136.0.3240.64 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.64 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.065.0406.0002 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.18730.20122 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.19202 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 138.0.1 (x64 en-US)) (Version: 138.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 98.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18730.20122 - Microsoft Corporation) Hidden
Opera Stable 118.0.5461.60 (HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\Opera 118.0.5461.60) (Version: 118.0.5461.60 - Opera Software)
PDFSuperHero (HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\PDFSuperHero) (Version: 1.31 - PDFSuperHero)
RAV Endpoint Protection (HKLM\...\ReasonLabs-EPP) (Version: 5.41.28 - Reason Cybersecurity Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9175.1 - Realtek Semiconductor Corp.)
Safer Web (HKLM\...\ReasonLabs-DNS) (Version: 4.0.7 - Reason Cybersecurity Inc.)
VPN by RAV (HKLM\...\ReasonLabs-VPN) (Version: 2.20.0 - Reason Cybersecurity Inc.)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1025 - McAfee, LLC)
Windows Driver Package - Retrotec Retrotec DM2 Driver (12/01/2010 ) (HKLM\...\7ABD219018E790924BED56D63AEAEE30C430D568) (Version: 12/01/2010  - Retrotec)
Zoom Workplace (HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\ZoomUMX) (Version: 6.3.11 (60501) - Zoom Communications, Inc.)
 
Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-01] (Microsoft Windows)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-02-02] ()
Amazon Music -> C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0 [2023-10-03] (AMZN Mobile LLC)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2022-03-10] (Advanced Micro Devices Inc.) [Startup Task]
Click to Do (preview) -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-05-01] (Microsoft Windows)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2023.531.1.0_x64__8xx8rvfyw5nnt [2024-08-15] (Meta)
Facebook -> C:\Program Files\WindowsApps\www.facebook.com-1C2D851A_2023.531.1.1_neutral__n468xs7erp6tc [2025-04-30] (www.facebook.com)
Flow Rate -> C:\Program Files\WindowsApps\38250RGP.FlowRate_1.0.0.2_neutral__bd47jy3z7qnca [2024-10-17] (RGP)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_159.1.1144.0_x64__v10z8vjag6ke6 [2025-05-07] (HP Inc.)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2501.20.0_x64__k1h2ywk1493x8 [2025-04-27] (LENOVO INC.)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2504.16004.0_x64__8wekyb3d8bbwe [2025-04-21] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_55.20331.573.0_x64__8wekyb3d8bbwe [2025-04-11] (Microsoft Corporation)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-05-07] ()
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-07-05] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2022-03-18] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.26.251.0_x64__dt26b99r8h8gj [2023-10-24] (Realtek Semiconductor Corp)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2518.3.0_x64__cv1g1gvanyjgm [2025-05-11] (WhatsApp Inc.) [Startup Task]
WhatsApp Beta -> C:\Program Files\WindowsApps\5319275A.51895FA4EA97F_2.2519.0.0_x64__cv1g1gvanyjgm [2025-05-12] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-01] (Microsoft Windows)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1859720211-2456076680-3369672926-1001_Classes\CLSID\{113b8d53-e3e1-b7a2-c90a-176c40f3f722}\localserver32 -> C:\ProgramData\Lenovo\Udc\Hosts\x64\MessagingPlugin.exe (Lenovo -> )
CustomCLSID: HKU\S-1-5-21-1859720211-2456076680-3369672926-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1859720211-2456076680-3369672926-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1859720211-2456076680-3369672926-1001_Classes\CLSID\{51694bf6-7178-71ba-ba8c-cd64aadfc7f1}\localserver32 -> "C:\ProgramData\Lenovo\Udc\Hosts\24.10.0.10\x64\MessagingPlugin.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1859720211-2456076680-3369672926-1001_Classes\CLSID\{ab6be612-f220-4b06-b1f0-3b1093d0e346}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1859720211-2456076680-3369672926-1001_Classes\CLSID\{c482ad65-43bb-d19e-619b-def164b57f32}\localserver32 -> "C:\ProgramData\Lenovo\Udc\Hosts\23.10.0.18\x64\MessagingPlugin.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1859720211-2456076680-3369672926-1001_Classes\CLSID\{e744c2b3-c254-d081-4aac-69a82e670da2}\localserver32 -> "C:\ProgramData\Lenovo\Udc\Hosts\24.2.1.44\x64\MessagingPlugin.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.065.0406.0002\FileSyncShell64.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2025-05-05] (AVG Technologies USA, LLC -> Gen Digital Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\grego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2019-08-15 12:13 - 2023-05-19 15:29 - 001250304 _____ () [File not signed] C:\Program Files (x86)\TotalAV\e_sqlite3.DLL
2024-12-04 12:40 - 2024-08-29 14:06 - 000218624 _____ (.NET Foundation and Contributors) [File not signed] C:\Program Files (x86)\TotalAV\RestSharp.dll
2024-12-04 12:40 - 2024-08-29 14:06 - 000009216 _____ (.NET Foundation and Contributors) [File not signed] C:\Program Files (x86)\TotalAV\RestSharp.Serializers.NewtonsoftJson.dll
2024-12-04 12:40 - 2024-01-14 19:32 - 000148480 _____ (Elinam LLC, Japan) [File not signed] C:\Program Files (x86)\TotalAV\SharpVectors.Converters.Wpf.dll
2024-12-04 12:40 - 2024-01-14 19:32 - 000187392 _____ (Elinam LLC, Japan) [File not signed] C:\Program Files (x86)\TotalAV\SharpVectors.Core.dll
2024-12-04 12:40 - 2024-01-14 19:32 - 000093696 _____ (Elinam LLC, Japan) [File not signed] C:\Program Files (x86)\TotalAV\SharpVectors.Css.dll
2024-12-04 12:41 - 2024-01-14 19:32 - 000034304 _____ (Elinam LLC, Japan) [File not signed] C:\Program Files (x86)\TotalAV\SharpVectors.Dom.dll
2024-12-04 12:41 - 2024-01-14 19:32 - 001073152 _____ (Elinam LLC, Japan) [File not signed] C:\Program Files (x86)\TotalAV\SharpVectors.Model.dll
2024-12-04 12:41 - 2024-01-14 19:32 - 000231424 _____ (Elinam LLC, Japan) [File not signed] C:\Program Files (x86)\TotalAV\SharpVectors.Rendering.Wpf.dll
2024-12-04 12:41 - 2024-01-14 19:32 - 000073216 _____ (Elinam LLC, Japan) [File not signed] C:\Program Files (x86)\TotalAV\SharpVectors.Runtime.Wpf.dll
2024-12-04 12:40 - 2023-07-21 07:29 - 000488960 _____ (Maurício David) [File not signed] C:\Program Files (x86)\TotalAV\LiteDB.dll
2022-01-06 15:25 - 2022-01-06 15:25 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2022-01-06 15:25 - 2022-01-06 15:25 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2023-10-31 10:05 - 2023-05-19 15:36 - 000005120 _____ (SourceGear) [File not signed] C:\Program Files (x86)\TotalAV\SQLitePCLRaw.batteries_v2.dll
2023-10-31 10:20 - 2023-05-19 15:34 - 000050688 _____ (SourceGear) [File not signed] C:\Program Files (x86)\TotalAV\SQLitePCLRaw.core.dll
2024-12-04 12:41 - 2023-05-19 15:34 - 000036352 _____ (SourceGear) [File not signed] C:\Program Files (x86)\TotalAV\SQLitePCLRaw.provider.e_sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) =============
 
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-07] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2021-06-05 07:08 - 2021-06-05 07:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\grego\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5935154291642618850\133908739396076291.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi: Realtek 8822CE Wireless LAN 802.11ac PCI-E NIC -> rtwlane.sys
Bluetooth Network Connection: Bluetooth Device (Personal Area Network) -> bthpan.sys
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Lenovo Fundamental USB Keyboard"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_BA48C41CE12E271D5372F634E052D858"
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\StartupApproved\Run: => "NoxMultiPlayer"
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\StartupApproved\Run: => "Opera Stable"
HKU\S-1-5-21-1859720211-2456076680-3369672926-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C5373213-6FCF-43B0-BD88-A3DB6ED6DB27}] => (Allow) C:\Users\grego\AppData\Local\Programs\Opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{22EBB4BA-C0A6-48C5-B103-9680FB82D84D}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25072.1611.3570.1995_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{226F8E36-CDAF-468B-A4D2-C96F175D2124}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25072.1611.3570.1995_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{311A8484-896C-43ED-A6E7-935EE4730E5C}] => (Allow) C:\Users\grego\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F41E9EEA-B0D6-479B-BCD4-CD443A7B6BB3}] => (Allow) C:\Users\grego\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1B2FE5AA-F9AC-4B4B-A79C-9E70E9A1A039}] => (Allow) C:\Users\grego\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [{3614789E-3E45-4C7D-99A9-2744A94950A1}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{A61BD529-4E8F-4662-9A74-43A866735842}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe => No File
FirewallRules: [{2EA133B5-9055-4BEC-90A0-9AF896A59A6F}] => (Allow) C:\Program Files\ReasonLabs\Common\Client\v1.6.0\rsAppUI.exe (Reason Cybersecurity Inc. -> Reason Cybersecurity Ltd.)
FirewallRules: [{9CF4B722-E993-4335-8793-01A7CAE82901}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{0390A930-87AD-4B86-A8B1-65756F63AB0A}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> Gen Digital Inc.)
FirewallRules: [{A61242E1-971B-4189-A392-28CE28396054}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24256.2502.3123.1_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2ED8EE15-6425-4D5D-A0C8-BC75DCF16F84}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24256.2502.3123.1_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{83016DD8-CFC6-43D9-BB21-9D4C44E209FF}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (16916B57-7991-4968-B02A-2ADE4B5FB0DE -> Amazon.com Services LLC)
FirewallRules: [{1DA4D754-566A-485E-B1EC-89872F2B81BD}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (16916B57-7991-4968-B02A-2ADE4B5FB0DE -> Amazon.com Services LLC)
FirewallRules: [{93C498C7-A87C-4EC4-8E2E-A859AB76F144}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{FC19C41A-D0B1-4332-926B-7446C05A19FA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{93A790D3-BD47-4650-A012-66CFCCE6BF4D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CCDF03A5-3A36-46D2-9ABF-C4B2B0816ADE}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{FC124760-DD72-4658-B643-7CCE7D4A9256}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{2BF70834-4B64-4910-A137-30B0BB8F8BE1}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25072.1611.3570.1995_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{721FB185-1A67-49D0-A443-8B63D0FF2243}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25072.1611.3570.1995_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1704914-3D3C-45E1-8DE3-DB709B86632B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FEB53632-0628-4CF6-A7BB-64FCB6E5B0B0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D7106BC-7853-4470-AEB5-98ED6C7BCAEB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices ============
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/11/2025 07:39:04 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1DF5S27$ via https://AMD-KeyId-8a...plates/Aik/scepfailed:
 
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 12 May 2025 00:39:00 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 74c6248c-17e6-4e15-b54d-a04fd3e5c82d
 
Method: GET(188ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
 
Error: (05/11/2025 07:39:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1DF5S27$ via https://AMD-KeyId-8a...plates/Aik/scepfailed:
 
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 12 May 2025 00:38:59 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 04e2dd8d-12ca-4ace-8226-f9a7eab2ecec
 
Method: GET(219ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
 
Error: (05/11/2025 07:39:01 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via https://AMD-KeyId-8a...plates/Aik/scepfailed:
 
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-8a0578cf56146fea399af903fb5b0ac36eb2786a.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Mon, 12 May 2025 00:38:57 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 29571b46-2dd3-4797-89d2-6432cc28e138
 
Method: GET(829ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
 
Error: (05/11/2025 07:35:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (05/11/2025 07:28:12 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000c
 
Error: (05/11/2025 07:28:12 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa10001, Error: Need user interaction to continue.
 
Error: (05/11/2025 07:28:08 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000c
 
Error: (05/11/2025 07:28:08 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa10001, Error: Need user interaction to continue.
 
 
System errors:
=============
Error: (05/11/2025 07:42:43 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.118.
The computer with the IP address 192.168.1.148 did not allow the name to be claimed by
this computer.
 
Error: (05/11/2025 07:37:33 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.118.
The computer with the IP address 192.168.1.148 did not allow the name to be claimed by
this computer.
 
Error: (05/11/2025 07:34:27 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.118.
The computer with the IP address 192.168.1.148 did not allow the name to be claimed by
this computer.
 
Error: (05/11/2025 07:29:16 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.118.
The computer with the IP address 192.168.1.148 did not allow the name to be claimed by
this computer.
 
Error: (05/11/2025 07:25:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PC Security Management Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/11/2025 07:24:06 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.118.
The computer with the IP address 192.168.1.148 did not allow the name to be claimed by
this computer.
 
Error: (05/11/2025 07:24:03 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service GoogleUpdaterInternalService138.0.7156.0 with arguments "--com-service" in order to run the server:
{FB3C4578-D834-5B91-838B-33C23D553EAB}
 
Error: (05/11/2025 07:24:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Updater Internal Service (GoogleUpdaterInternalService138.0.7156.0) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===============
Date: 2025-05-11 19:47:30
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\TotalAV\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. 
 
 
==================== Memory info =========================== 
 
BIOS: LENOVO O4FKT37A 03/29/2023
Motherboard: LENOVO 3708
Processor: AMD Athlon Silver 3050U with Radeon Graphics 
Percentage of memory in use: 86%
Total physical RAM: 6081.75 MB
Available physical RAM: 809.03 MB
Total Virtual: 15809.75 MB
Available Virtual: 7320.41 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:144.49 GB) (Model: SAMSUNG MZALQ256HAJD-000L1) NTFS
Drive d: () (Removable) (Total:14.9 GB) (Free:9.03 GB) FAT32
 
\\?\Volume{88523cf8-bc84-4c67-b06d-51717a025f60}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.4 GB) NTFS
\\?\Volume{6d9d409b-b8e8-482a-b955-8a5d08b5a93a}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 993EC981)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: slowe, freezes, will not print

12 user(s) are reading this topic

0 members, 9 guests, 0 anonymous users


    Facebook (3)
  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP