HKLM-x32\...\Run: [ZaAntiRansomware] => "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe" (No File)
File: D:\Start.exe
Startup: C:\Users\nvadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled [2020-10-28] () <==== ATTENTION [zero byte File/Folder]
BootExecute: autocheautocheck autochk *
Task: {088B8578-F1E9-4E72-B263-4A2DA36BF64B} - System32\Tasks\{DB1241E9-6ECB-44CC-B724-7A04CD0810F6} => C:\Users\nvmusic\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe [10134 2016-02-07] () [File not signed]
Task: {2B912585-4655-4633-93A6-032023931D84} - System32\Tasks\{36674DC5-28BC-4011-A06F-C94F7D70D3B7} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/...all?page=tsMainhxxp://ui.skype.com/ui/0/7.18.85.112/en/abandoninstall?page=tsMain (No File)
File: C:\Users\nvmusic\AppData\Roaming\Microsoft\Installer\{9DAB307E-531F-4992-AB30-6F1AD39E6CF9}\_8C4C6DE2B4274D54DAD619.exe [
Task: {7CB5F6AF-91F8-4E38-8673-5114A89476A9} - \Avast Software\Overseer -> No File <==== ATTENTION
Task: {9537870B-FB18-4BCC-A520-14365287A819} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (No File)
Task: {986FAA46-05C1-4BD4-96A2-94C22443135E} - System32\Tasks\{3362883A-034F-4055-96D0-908470C90366} => I:\VSTi Software\PIANO\pianitostudio.exe (No File)
Task: {D7EC0C0C-1653-4558-8C4E-5249BA6A106A} - System32\Tasks\{20B784C2-3347-4E79-85C3-40CD3160C547} => "c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/...all?page=tsMainhxxp://ui.skype.com/ui/0/7.22.85.109/en/abandoninstall?page=tsMain (No File)
Task: {EB5AE8B1-FFFF-4C83-B726-12AB536DB690} - System32\Tasks\{EFCB2B36-234C-446B-BD98-6595EF63956F} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com...all?page=tsMainhxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?page=tsMain (No File) 
Task: C:\Windows\Tasks\EPSON Perfection V39 Update.job => C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe7/EXE_S:EPSON Perfection V39,ES010D.DAT /F:UpdatenvadminĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1925592742-456944920-4000667399-1008.job => C:\Users\nvadmin\AppData\Local\GoToMeeting\10996\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1925592742-456944920-4000667399-1008.job => C:\Users\nvadmin\AppData\Local\GoToMeeting\10996\g2mupload.exe
Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\UTILITIES\PDFXCView\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 ALSysIO; \??\C:\Users\nvadmin\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U3 aswbdisk; no ImagePath
S3 FocusriteUSB_AUDIO; system32\drivers\FocusriteUSBAudio.sys [X]
U3 iswSvc; no ImagePath
S3 MpKsl00311f61; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7454DA22-914D-4515-AE37-26E724AC2F98}\MpKslDrv.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:D735933A [141]
Hosts:
FirewallRules: [{656FC535-8762-4683-B70F-92EC067E345D}] => (Allow) C:\Users\nvadmin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{194DF096-9CFE-4843-8676-178439C6C4A2}] => (Allow) C:\Users\nvadmin\AppData\Roaming\Zoom\bin\airhost.exe => No File
CMD: dir /s  c:\programdata\Nuance\NaturallySpeaking14\logs
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: