Hi Dr M
The only 2 programmes that I am aware of were Corel V5 & V7 which I have uninstalled. I did download and install a trial version of Microsoft Office Project which still has 25 odd days left on the trial.
If by P2P programmes, you are referring to uTorrent, the programme is used to download GIS and Cadastral information for the Programme Planit GIS, which I use in my daily work.
Here are the new scans:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by MIKE (administrator) on DESKTOP-MQ5TQ99 (MSI MS-7680) (05-09-2022 22:26:16)
Running from F:\FRST64
Loaded Profiles: MIKE
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe <7>
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\UI\UI_Main.exe
(Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\ZoneAlarmCrashHandler.exe
(Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\ZoneAlarmCrashHandler64.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe <2>
(explorer.exe ->) (DATACAD LLC) [File not signed] H:\DataCAD 19\DCADWIN.EXE
(F:\Program Files\Mozilla Thunderbird\thunderbird.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <19>
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation -> Mozilla Corporation) F:\Program Files\Mozilla Thunderbird\thunderbird.exe <4>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> ) F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe
(services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware) C:\Program Files\Adaware Protect\AdawareProtectService.exe
(services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware) C:\Program Files\Adaware Safe Browser\asb-updater.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\AR\AR_Service.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\MgrSvc\ZANG_MgrSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (MiniTool Software Limited -> ) G:\Program Files\MiniTool ShadowMaker\AgentService.exe
(services.exe ->) (MiniTool Software Limited -> ) G:\Program Files\MiniTool ShadowMaker\SchedulerService.exe
(services.exe ->) (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited) C:\Program Files\PDF Suite 2021\updater-ws.exe
(services.exe ->) (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited) C:\Program Files\PDF Suite 2021\ws.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (ENTER S.R.L. -> Enter Srl) F:\Program Files (x86)\Iperius Backup\Iperius.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22062.536.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-21] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdAwareTray] => F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareTray.exe [4876024 2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ZANG] => C:\Program Files (x86)\CheckPoint\ZANG\UI\UI_Main.exe [689712 2022-07-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38274576 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [MicrosoftEdgeAutoLaunch_B1C096DAAEBE093C92CE107BC9DA366B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [Adaware Protect] => C:\Program Files\Adaware Protect\AdawareProtect.exe [13100584 2022-02-08] (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [221696 2021-03-13] (Bullzip) [File not signed]
HKLM\...\Print\Monitors\EPSON L386 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBRPE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\PDF Suite 2021 Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\suite_pdfpmon_v.4.12.26.3.dll [932984 2022-05-09] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\104.0.18088.104\Installer\chrmstp.exe [2022-08-25] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe [2022-08-11] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk [2022-08-20]
ShortcutTarget: Lotus Organizer EasyClip.lnk -> G:\lotus\organize\easyclip.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk [2022-08-20]
ShortcutTarget: Lotus QuickStart.lnk -> G:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2022-08-16]
ShortcutTarget: WinZip Preloader.lnk -> G:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Startup: C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar661.lnk [2022-09-03]
ShortcutTarget: Sidebar661.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00944AFF-0619-40DE-A03A-FB5FE5581298} - System32\Tasks\WinZip Update Notifier 3 => g:\program files\winzip\WZUpdateNotifier.exe -checkType="scheduled_3PM" -show (No File)
Task: {1A16D947-B6BA-4DF8-B313-BBAE39B493BB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {2644C805-175E-4399-AF27-ECD44C392B2F} - System32\Tasks\Firefox Default Browser Agent 18463BCB5DCCB97C => C:\Users\MIKE\AppData\Roaming\cuagivi [42064 2022-05-11] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
Task: {26533861-1B3F-4834-B2EF-7E583872D915} - System32\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {272B0913-36FC-47C7-A07F-706C5029D202} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
Task: {2A75D720-A63B-48AD-A24C-783CB76489EF} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3003312 2022-08-17] (Piriform Software Ltd -> Piriform Software)
Task: {2B254876-C624-45CA-8296-3E004D1DF8AF} - \CfvAhSLLDQlWYEnoaOG2 -> No File <==== ATTENTION
Task: {2CF13F1F-3532-424B-AD34-8EA39F03B81D} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
Task: {30FEF2E4-1EE2-405D-B6EE-B5919DC54351} - System32\Tasks\CheckPointUpdateTaskMachineCore => C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
Task: {31299575-26D4-4DC1-B112-448E60671B83} - System32\Tasks\CheckPointUpdateTaskMachineUA => C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
Task: {3DCD1A14-F338-49FF-8708-444C6542C139} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {4691906B-8494-4FE1-A02E-82B4F80D5D10} - \vEmwINtbCLGMnczEN2 -> No File <==== ATTENTION
Task: {540E697F-9DF3-4355-9A9E-F7603EC229C0} - \csrss -> No File <==== ATTENTION
Task: {5B4B48E1-C743-46C3-8702-8672BBBBA8D7} - System32\Tasks\Iperius Backup Startup at Logon => F:\Program Files (x86)\Iperius Backup\Iperius.exe [78243840 2022-03-18] (ENTER S.R.L. -> Enter Srl)
Task: {6001F320-7003-49E2-A2AE-B6A0A26616F1} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe (No File)
Task: {668DC191-9196-4ADF-8CD1-5D9D571B668B} - System32\Tasks\MiniTool Shadow Maker => C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe [1064816 2021-12-20] (MiniTool Software Limited -> )
Task: {702F1BB6-4797-4860-9319-1F97A6E303A1} - System32\Tasks\Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E} => C:\Users\MIKE\AppData\Roaming\Windows\System32\sihost.exe (No File) <==== ATTENTION
Task: {75D20A60-3379-42B3-8C42-0EB796AAAEF9} - \wWhkPIwCdffIdJo2 -> No File <==== ATTENTION
Task: {7F6DA135-149A-4547-AEFA-369F423FA919} - System32\Tasks\WinZip Update Notifier 1 => g:\program files\winzip\WZUpdateNotifier.exe -checkType="scheduled_9AM" -show (No File)
Task: {82A51A9B-99A6-4501-AF41-F931D6A2FC7E} - System32\Tasks\CCleanerSkipUAC - MIKE => C:\Program Files\CCleaner\CCleaner.exe [31990800 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9822DE25-D634-4FF6-90BA-FED411C2D62B} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File)
Task: {9F598A09-66EB-43EE-85AC-33703681EDB5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0EF99EB-BD4E-4E47-AFB7-08F87B081D85} - System32\Tasks\GoogleUpdateTaskMachineQC => powershell -EncodedCommand "PAAjAHcAZwAjAD4AIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0AIABGAGkAbABlAHMAXABHAG8AbwBnAGwAZQBcAEMAaAByAG8AbQBlAFwAdQBwAGQAYQB0AGUAcgAuAGUAeABlACcAIAAtAFYAZQByAGIAIABSAHUAbgBBAHMAIAA8ACMAcAB1AGcAIwA+AA==" <==== ATTENTION
Task: {AC0167B8-6904-4771-8B09-4A7982DB133D} - \GoogleUpdateTaskMachineUA{A5B67961-A8AA-4A82-B1BC-42CDB47388D0} -> No File <==== ATTENTION
Task: {AF0CF83C-3AC8-4248-B7F2-CA115928466F} - \Service\Diagnostic -> No File <==== ATTENTION
Task: {B58F938A-5986-45D0-BB03-C4A37B61CEB6} - System32\Tasks\WinZip Update Notifier 2 => g:\program files\winzip\WZUpdateNotifier.exe -checkType="scheduled_12PM" -show (No File)
Task: {C8FBB984-F7BF-47B1-A9E0-5D04F05A3BD7} - System32\Tasks\Adaware PC Cleaner automatic scan and notifications => C:\Program Files (x86)\Adaware PC Cleaner\ADCNotifications.exe (No File)
Task: {CC26E495-83AE-4C0F-885F-1BFF3F4C60C7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-08-12] (Piriform Software Ltd -> Piriform)
Task: {CE0B577D-14A9-454F-AB3A-D8FE6F41C19A} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\System.Wecfile -> No File <==== ATTENTION
Task: {D5446511-D2AD-4206-8BA9-E6FE5798DF50} - System32\Tasks\PpJeBMjvQzKPa2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\ytMDPDBrkgoBXKVB\aUenFDy.wsf"
Task: {E92DF79E-AB7E-4406-ACB3-9A5312764DC8} - System32\Tasks\CorelUpdateHelperTask-933242852353D001C66F17F412989445 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (No File)
Task: {F11000A9-DA7B-436C-8A3D-09B8AC3BB2EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F228CC5B-5729-4D83-B080-F8D892629C08} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3003312 2022-08-17] (Piriform Software Ltd -> Piriform Software)
Task: {F361F553-A68E-4891-A6BB-F8C0130B7A3C} - System32\Tasks\Firefox Default Browser Agent B2BE9145F3E8D57B => C:\Users\MIKE\AppData\Roaming\sfagivi [45984 2022-05-11] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
Task: {FBDA4767-4A85-465C-BFA5-9CE066BA3825} - \OIJxiHdbDxlZJR -> No File <==== ATTENTION
Task: {FFB3E62D-7E37-4976-B891-54C66DAB7902} - \GoogleUpdateTaskMachineCore{1DB08101-2DBD-4B97-8846-0CEF848868FD} -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{D0CE59FD-8836-4087-A705-1B57FAF6917D} /F:UpdateWORKGROUP\DESKTOP-MQ5TQ99$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [{46D0C9A1-6702-4C6A-9A3B-2A6FFE5749D9}] => hxxp://35.236.159.79/win.pac <==== ATTENTION
AutoConfigURL: [S-1-5-21-2977571575-3800452491-4211310233-1002] => hxxp://35.236.159.79/win.pac <==== ATTENTION
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{9638cf81-a859-429a-8b25-e0a837345e8a}: [DhcpNameServer] 192.168.8.1 192.168.8.1
ManualProxies: 0hxxp://35.236.159.79/win.pac <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\MIKE\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-05]
Edge Notifications: Default -> hxxps://forums.sketchup.com; hxxps://www.messenger.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\MIKE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2022-09-02]
Edge Extension: (ZoneAlarm Web Secure ) - C:\Users\MIKE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fbbeejhhfafmnamfpokhpooakngjhacn [2022-08-31]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [odbmjgikedenicicookngdckhkjbebpd]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [@sandblast] - C:\Program Files (x86)\CheckPoint\Endpoint Security\SandBlast\sandblast.xpi => not found
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\CheckPoint\Endpoint Security\SandBlast\sandblast_quantum.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2022-03-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2022-08-07] [Legacy] [not signed]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-08-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/CheckPoint Update;version=3 -> C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\npZoneAlarmUpdate3.dll [2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
FF Plugin-x32: @tools.google.com/CheckPoint Update;version=9 -> C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\npZoneAlarmUpdate3.dll [2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-04-01] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-04-01] (Piriform Software Ltd -> Piriform Software)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default [2022-09-02]
CHR HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
CHR StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m"
CHR DefaultSearchURL: Default -> hxxp://search-cdn.net/fip/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> cdn
CHR DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&q={searchTerms}
CHR Extension: (Google Docs Offline) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-29]
CHR Extension: (Adblocker for Youtube™) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddmabhekhhonkmomaklnflhhgbfnioe [2022-08-17] [UpdateUrl:hxxps://clients59.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Find-it.Pro Search) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\meejmcfbiapijdfaadackoblffmidlig [2022-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-23]
CHR Extension: (Google Translate) - C:\Program Files\aieoplapobidheellikiicjfpamacpfd [2022-08-17]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\MIKE\AppData\Roaming\Opera Software\Opera Stable [2022-09-02]
OPR DefaultSearchKeyword: Opera Stable -> find-it.pro
OPR Extension: (Adblocker for Youtube™) - C:\Users\MIKE\AppData\Roaming\Opera Software\Opera Stable\Extensions\idimnjcjkopkcbalclocjcbcmkkcfpec [2022-08-17]
OPR Extension: (Find-it.Pro Search) - C:\Users\MIKE\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig [2022-08-17]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Adaware Safe Browser Update Service; C:\Program Files\Adaware Safe Browser\asb-updater.exe [1047592 2021-09-30] (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
R2 adawareantivirusservice; F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe [587104 2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
R2 AdawareProtectService; C:\Program Files\Adaware Protect\AdawareProtectService.exe [8627240 2022-02-08] (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 AR_Service; C:\Program Files (x86)\CheckPoint\ZANG\AR\AR_Service.exe [23088 2022-07-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 bits; C:\WINDOWS\System32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 bits; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\104.0.18088.104\elevation_service.exe [2010024 2022-08-17] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [3367016 2022-02-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [32744 2022-04-20] (Check Point Software Technologies Ltd. -> )
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [32744 2022-04-20] (Check Point Software Technologies Ltd. -> )
S3 dosvc; C:\WINDOWS\System32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dosvc; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2020-10-02] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
R2 MTAgentService; G:\Program Files\MiniTool ShadowMaker\AgentService.exe [783728 2021-12-20] (MiniTool Software Limited -> )
R2 MTSchedulerService; G:\Program Files\MiniTool ShadowMaker\SchedulerService.exe [228208 2021-12-20] (MiniTool Software Limited -> )
R3 PDF Suite 2021; C:\Program Files\PDF Suite 2021\ws.exe [2005552 2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
S3 PDF Suite 2021 Creator; C:\Program Files\PDF Suite 2021\creator\common\creator-ws.exe [567856 2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
R2 PDF Suite 2021 Update Service; C:\Program Files\PDF Suite 2021\updater-ws.exe [1649200 2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18624 2021-10-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16360768 2022-08-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [139424 2022-04-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 UsoSvc; C:\WINDOWS\system32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\NisSrv.exe [3125128 2022-08-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MsMpEng.exe [133560 2022-08-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 ZANG_MgrSvc; C:\Program Files (x86)\CheckPoint\ZANG\MgrSvc\ZANG_MgrSvc.exe [25136 2022-06-30] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 zus; C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
S3 zusm; C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
S4 VBoxGuest; VBoxGuest [X]
S4 VBoxMouse; VBoxMouse [X]
S4 VBoxService; VBoxService [X]
S4 VBoxSF; VBoxSF [X]
S4 VBoxVideo; VBoxVideo [X]
S4 VBoxWddm; VBoxWddm [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [3864480 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2021-03-10] (Bitdefender SRL -> Bitdefender)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [76216 2021-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [156608 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 cposfw; C:\WINDOWS\System32\DRIVERS\cposfw.sys [106472 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
S0 epelam; C:\WINDOWS\System32\drivers\epelam.sys [18912 2022-01-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Check Point Software Technologies)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [132048 2021-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [133416 2020-12-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [176008 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R0 Ignis; C:\WINDOWS\System32\drivers\ignis.sys [191592 2019-09-26] (Bitdefender SRL -> Bitdefender)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\ISWKL.sys [56184 2021-01-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193488 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [615840 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-08-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [453904 2022-08-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94456 2022-08-16] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-05 09:48 - 2022-09-05 09:48 - 000047233 _____ C:\Users\MIKE\Downloads\1015AW04.TIF
2022-09-05 09:45 - 2022-09-05 09:45 - 000059388 _____ C:\Users\MIKE\Downloads\1015AV04.TIF
2022-09-04 18:01 - 2022-09-05 22:26 - 000000000 ____D C:\FRST
2022-09-02 18:04 - 2022-09-02 18:04 - 000092672 _____ C:\Users\MIKE\Downloads\ConvCalc.exe
2022-09-02 17:53 - 2022-09-02 17:53 - 000157759 _____ C:\Users\MIKE\Downloads\convert.zip
2022-09-02 17:47 - 2022-09-02 17:47 - 000427760 _____ ( ) C:\Users\MIKE\Downloads\euc12.exe
2022-09-02 17:12 - 2022-09-02 17:13 - 000000000 ____D C:\Program Files\MiniTool ShadowMaker
2022-09-02 17:12 - 2022-09-02 17:13 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2022-09-02 16:58 - 2022-09-02 17:03 - 002306440 _____ (MiniTool Software Limited) C:\Users\MIKE\Downloads\pdr-free-online.exe
2022-09-02 16:58 - 2022-09-02 16:58 - 002178432 _____ (MiniTool Software Limited) C:\Users\MIKE\Downloads\sm-online (1).exe
2022-09-02 16:52 - 2022-09-02 17:03 - 003055144 _____ (MiniTool Software Limited ) C:\Users\MIKE\Downloads\pw1206-free-online (1).exe
2022-09-02 16:44 - 2022-09-02 16:44 - 001264416 _____ C:\Users\MIKE\Downloads\recoverit_setup_full4174.exe
2022-09-02 16:40 - 2022-09-05 14:53 - 000000000 ____D C:\Users\MIKE\AppData\Local\CrashDumps
2022-09-02 16:33 - 2022-09-02 16:33 - 000000000 ____D C:\Users\MIKE\AppData\Local\mbam
2022-09-02 16:31 - 2022-09-02 16:31 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000193488 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-09-02 16:31 - 2022-09-02 16:31 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-09-02 16:31 - 2022-09-02 16:28 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-09-02 16:31 - 2022-09-02 16:27 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-09-02 16:27 - 2022-09-02 16:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-09-02 16:27 - 2022-09-02 16:27 - 000000000 ____D C:\Program Files\Malwarebytes
2022-09-02 13:43 - 2022-09-03 20:57 - 000000000 ___HD C:\HarmonyBackup
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Users\MIKE\OneDrive\Documents\CP0Protection0Folder0Do notRemove
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Users\MIKE\AppData\Roaming\Harmony AgentProtectionFolderDo not!Delete
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Users\MIKE\AppData\Local\!Check-PointSecurity!FolderDon't!Remove
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\ProgramData\Harmony Zero-Day!ProtectionDirectoryDo NotDelete
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Program Files (x86)\!CPProtectionFolderDo NotDiscard
2022-08-31 22:00 - 2022-08-31 22:00 - 000001284 _____ C:\Users\Public\Desktop\ZoneAlarm.lnk
2022-08-31 22:00 - 2022-08-31 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
2022-08-31 21:59 - 2022-01-03 17:17 - 000018912 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\epelam.sys
2022-08-31 21:54 - 2022-08-31 22:01 - 000000000 ____D C:\ProgramData\CheckPoint
2022-08-31 21:47 - 2022-08-31 22:00 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2022-08-31 21:47 - 2022-08-31 21:47 - 000003462 _____ C:\WINDOWS\system32\Tasks\CheckPointUpdateTaskMachineUA
2022-08-31 21:47 - 2022-08-31 21:47 - 000003338 _____ C:\WINDOWS\system32\Tasks\CheckPointUpdateTaskMachineCore
2022-08-31 21:47 - 2022-08-31 21:47 - 000000000 ____D C:\Users\MIKE\AppData\Local\CheckPoint
2022-08-31 21:34 - 2022-08-31 21:34 - 000001894 _____ C:\Users\Public\Desktop\Stellar Data Recovery.lnk
2022-08-31 21:34 - 2022-08-31 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Data Recovery
2022-08-31 21:34 - 2022-08-31 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2022-08-31 21:33 - 2022-08-31 21:34 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2022-08-31 21:31 - 2022-08-31 21:34 - 000000000 ____D C:\Program Files\Stellar Data Recovery
2022-08-31 21:28 - 2022-09-02 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2022-08-31 21:28 - 2022-08-31 21:28 - 000000000 ____D C:\ProgramData\GridinSoft
2022-08-30 18:26 - 2022-08-30 18:26 - 008551608 _____ (Malwarebytes) C:\Users\MIKE\Downloads\adwcleaner.exe
2022-08-30 18:24 - 2022-08-30 18:24 - 002556344 _____ (Malwarebytes) C:\Users\MIKE\Downloads\MBSetup-589F50F7-37335.37335.exe
2022-08-30 17:58 - 2022-08-30 17:58 - 001085512 _____ (CheckPoint Software Technologies Ltd.) C:\Users\MIKE\Downloads\ZaarSetup.exe
2022-08-30 17:56 - 2022-08-30 17:56 - 004968864 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\MIKE\Downloads\StellarDataRecoveryProfessionalWindows.exe
2022-08-30 17:45 - 2022-08-30 17:45 - 001182144 _____ (Emsisoft Ltd.) C:\Users\MIKE\Downloads\decrypt_STOPDjvu (1).exe
2022-08-30 17:45 - 2022-08-30 17:45 - 000905704 _____ (Gridinsoft LLC) C:\Users\MIKE\Downloads\install-antimalware-ag.exe
2022-08-30 15:37 - 2022-08-30 15:37 - 017650536 _____ C:\Users\MIKE\Downloads\adawarewebinstaller (1).exe
2022-08-29 22:32 - 2022-08-29 22:32 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\OWL Studio
2022-08-20 17:01 - 2022-08-20 17:01 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12 Labours of Hercules V - Kids of Hellas Collectors Edition
2022-08-20 16:59 - 2022-08-20 16:59 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12 Labours of Hercules 6 - Race for Olympus CE
2022-08-20 16:58 - 2022-08-20 16:58 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12 Labours of Hercules VII - Fleecing the Fleece CE
2022-08-20 16:42 - 2022-09-02 18:21 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\northerntale3_realore_en
2022-08-20 16:42 - 2022-08-20 16:42 - 000000000 ____D C:\Users\MIKE\AppData\Local\northerntale3_realore_en
2022-08-20 16:34 - 2022-08-20 16:35 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\vikingsaga2_realore_en
2022-08-20 16:34 - 2022-08-20 16:34 - 000000000 ____D C:\Users\MIKE\AppData\Local\vikingsaga2_realore_en
2022-08-20 15:55 - 2022-08-20 15:55 - 000000186 _____ C:\WINDOWS\ODBCINST.INI
2022-08-20 15:55 - 2022-08-20 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus SmartSuite
2022-08-20 15:55 - 1999-08-08 06:17 - 000041232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Odbccp32.cpl
2022-08-20 15:55 - 1999-08-08 06:17 - 000024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Odbc32gt.dll
2022-08-20 15:55 - 1999-08-08 06:17 - 000024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Ds32gt.dll
2022-08-20 15:55 - 1999-01-12 00:00 - 000026224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Odbc16gt.dll
2022-08-20 15:55 - 1999-01-12 00:00 - 000004656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Ds16gt.dll
2022-08-20 15:35 - 2022-08-20 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any PDF to DWG Converter
2022-08-20 13:22 - 2022-08-20 13:22 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\OpenOffice
2022-08-20 12:32 - 2022-08-20 12:32 - 000000895 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2022-08-20 12:32 - 2022-08-20 12:32 - 000000895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2022-08-20 12:25 - 2022-08-20 12:25 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Nero
2022-08-19 15:05 - 2022-08-19 15:05 - 000003120 _____ C:\WINDOWS\system32\PHDCRWJ3.ocx
2022-08-19 15:04 - 2022-08-19 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataCAD 16
2022-08-18 03:59 - 2022-09-02 13:43 - 098566144 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-08-18 03:42 - 2022-08-18 03:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-08-17 15:51 - 2022-08-17 15:51 - 000000000 ____D C:\Users\MIKE\AppData\LocalLow\uTorrent.WebView2
2022-08-17 15:51 - 2022-08-17 15:51 - 000000000 ____D C:\Users\MIKE\AppData\LocalLow\uTorrent
2022-08-17 15:50 - 2022-08-19 12:37 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\uTorrent
2022-08-17 15:50 - 2022-08-17 15:50 - 000000882 _____ C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2022-08-17 15:45 - 2022-08-17 15:45 - 000003120 _____ C:\WINDOWS\system32\PJM5CA8D.ocx
2022-08-17 15:45 - 2022-08-17 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataCAD 19
2022-08-17 15:45 - 2014-04-15 09:03 - 001208320 _____ (Eleco plc) C:\WINDOWS\SysWOW64\O2CPlayer.OCX
2022-08-17 15:45 - 2012-02-08 08:27 - 000142336 _____ (DATACAD LLC) C:\WINDOWS\SysWOW64\AECExtension.dll
2022-08-17 15:39 - 2022-08-17 15:43 - 280715844 _____ (Acresso Software Inc. ) C:\Users\MIKE\Downloads\DataCAD16Setup (1).exe
2022-08-17 15:33 - 2022-08-17 15:36 - 301328056 _____ (##ID_STRING195##) C:\Users\MIKE\Downloads\DataCAD19Setup (1).exe
2022-08-17 15:17 - 2022-08-17 15:18 - 000774202 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2022-08-17 12:56 - 1980-01-01 00:00 - 000005383 ____R C:\Users\MIKE\OneDrive\Documents\.MIKE.lnk
2022-08-17 11:44 - 2022-08-17 12:43 - 000003226 _____ C:\WINDOWS\system32\Tasks\Adaware PC Cleaner automatic scan and notifications
2022-08-17 11:44 - 2022-08-17 11:44 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Adaware PC Cleaner
2022-08-17 11:43 - 2022-08-31 22:02 - 000000000 ____D C:\Program Files (x86)\Adaware PC Cleaner
2022-08-17 11:43 - 2022-08-17 11:43 - 000001197 _____ C:\Users\Public\Desktop\Adaware PC Cleaner.lnk
2022-08-17 11:43 - 2022-08-17 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adaware PC Cleaner
2022-08-17 11:42 - 2022-08-17 12:03 - 000000000 ____D C:\ProgramData\Adaware PC Cleaner
2022-08-17 01:29 - 2022-08-21 17:16 - 000000004 _____ C:\ProgramData\rc.dat
2022-08-17 01:27 - 2022-08-22 12:57 - 000000004 _____ C:\ProgramData\lock.dat
2022-08-17 01:27 - 2022-08-17 01:27 - 000000008 _____ C:\ProgramData\ts.dat
2022-08-17 01:26 - 2022-08-21 19:38 - 000000416 _____ C:\ProgramData\lir.bats
2022-08-17 01:19 - 2022-08-17 01:19 - 000003702 _____ C:\WINDOWS\system32\Tasks\Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}
2022-08-17 01:04 - 2022-08-17 01:04 - 000000000 ___HD C:\ProgramData\Cnaoa
2022-08-17 01:02 - 2022-08-17 12:42 - 000003720 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 18463BCB5DCCB97C
2022-08-17 01:02 - 2022-08-17 12:03 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoinSurf
2022-08-17 01:02 - 2022-08-17 01:02 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\CoinSurf
2022-08-17 01:01 - 2022-08-17 15:02 - 000000000 ____D C:\Users\MIKE\AppData\Local\CoinSurf
2022-08-17 01:01 - 2022-08-17 01:02 - 000000000 ____D C:\Users\MIKE\AppData\Local\SquirrelTemp
2022-08-17 01:01 - 2022-08-17 01:01 - 000003720 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent B2BE9145F3E8D57B
2022-08-17 01:01 - 2022-08-17 01:01 - 000000000 ____D C:\Program Files\aieoplapobidheellikiicjfpamacpfd
2022-08-17 01:00 - 2022-08-17 02:47 - 000000000 ____D C:\Users\MIKE\AppData\Local\db6d7c00-82b1-4a07-8b07-2008ce2674eb
2022-08-17 01:00 - 2022-08-17 01:01 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\WfHriMQZTb
2022-08-17 01:00 - 2022-08-17 01:01 - 000000000 ____D C:\Users\MIKE\AppData\Local\8e0fdd7b-ab61-4db6-ac6d-59e7db5d89d0
2022-08-17 01:00 - 2022-08-17 01:00 - 000003878 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineQC
2022-08-17 01:00 - 2022-08-17 01:00 - 000000560 _____ C:\Users\MIKE\AppData\Local\bowsakkdestx.txt
2022-08-17 01:00 - 2022-08-17 01:00 - 000000000 ____D C:\SystemID
2022-08-17 00:59 - 2022-08-17 00:59 - 000000000 ____D C:\Users\MIKE\AppData\Local\Yandex
2022-08-17 00:58 - 2022-08-17 02:47 - 000000000 ____D C:\Program Files (x86)\PowerControl
2022-08-17 00:40 - 2022-09-02 13:48 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\toc
2022-08-17 00:39 - 2022-08-31 22:30 - 000000000 ____D C:\ProgramData\ytMDPDBrkgoBXKVB
2022-08-17 00:39 - 2022-08-17 00:39 - 000003044 _____ C:\WINDOWS\system32\Tasks\PpJeBMjvQzKPa2
2022-08-17 00:38 - 2022-08-31 18:18 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\zTj5YsYumo
2022-08-17 00:37 - 2022-08-31 18:12 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\odnKu
2022-08-17 00:37 - 2022-08-31 18:05 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\M7akc1
2022-08-17 00:37 - 2022-08-17 00:38 - 000004734 __RSH C:\ProgramData\ntuser.pol
2022-08-17 00:36 - 2022-08-31 18:08 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\TxiDKrf44
2022-08-17 00:35 - 2022-08-22 12:59 - 000000000 ____D C:\ProgramData\DiskOptimizer
2022-08-17 00:35 - 2022-08-17 00:40 - 000000000 ____D C:\Program Files (x86)\blSearcher
2022-08-16 22:55 - 2022-08-16 22:55 - 000000000 _____ C:\ProgramData\UpdateLock-D5E4229F55884A18
2022-08-16 22:53 - 2022-08-16 22:53 - 001495520 _____ (Corel Corporation) C:\Users\MIKE\Downloads\wzpdfpro1.exe
2022-08-16 22:48 - 2022-08-16 22:48 - 000000000 ____D C:\Users\MIKE\AppData\Local\OneDrive
2022-08-16 22:31 - 2022-08-17 15:52 - 000000000 ____D C:\Users\MIKE\AppData\Local\BitTorrentHelper
2022-08-16 22:26 - 2022-08-16 22:53 - 000000000 ____D C:\Users\MIKE\AppData\Local\WinZip
2022-08-16 22:26 - 2022-08-16 22:26 - 000003658 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2022-08-16 22:26 - 2022-08-16 22:26 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2022-08-16 22:26 - 2022-08-16 22:26 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2022-08-16 22:26 - 2022-08-16 22:26 - 000001850 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2022-08-16 22:26 - 2022-08-16 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2022-08-16 22:22 - 2022-08-16 22:22 - 000001885 _____ C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2022-08-16 21:41 - 2022-08-16 21:41 - 000002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2022-08-16 21:41 - 2022-08-16 21:41 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2022-08-16 21:41 - 2022-08-16 21:41 - 000000000 ____D C:\WINDOWS\PCHEALTH
2022-08-16 21:40 - 2022-08-16 21:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-08-16 21:40 - 2022-08-16 21:40 - 000000000 ____D C:\WINDOWS\SHELLNEW
2022-08-16 21:40 - 2022-08-16 21:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2022-08-16 21:38 - 2022-08-16 21:38 - 000000000 __RHD C:\MSOCache
2022-08-16 21:23 - 2022-08-16 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-08-16 21:23 - 2022-08-16 21:23 - 000000000 ____D C:\Program Files\7-Zip
2022-08-16 21:19 - 2022-08-16 21:19 - 000001264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2022-08-16 21:19 - 2022-08-16 21:19 - 000001252 _____ C:\Users\Public\Desktop\Express Zip File Compression.lnk
2022-08-16 21:19 - 2022-08-16 21:19 - 000000000 ____D C:\Users\MIKE\NCH Software Suite
2022-08-13 21:27 - 2022-08-13 21:27 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\AlawarEntertainment
2022-08-13 21:21 - 2022-08-13 21:21 - 000001254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
2022-08-13 21:21 - 2022-08-13 21:21 - 000001242 _____ C:\Users\Public\Desktop\Doxillion Document Converter.lnk
2022-08-13 02:48 - 2022-08-13 02:48 - 001451192 _____ (Igor Pavlov) C:\Users\MIKE\Downloads\7z1902-x64.exe
2022-08-13 02:25 - 2022-08-13 02:25 - 002154224 _____ (NCH Software) C:\Users\MIKE\Downloads\DoxillionDocumentConverter (1).exe
2022-08-13 01:02 - 2022-09-03 20:58 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\QtProject
2022-08-13 01:01 - 2022-09-02 17:13 - 000003076 _____ C:\WINDOWS\system32\Tasks\MiniTool Shadow Maker
2022-08-13 01:01 - 2022-09-02 17:13 - 000000989 _____ C:\Users\Public\Desktop\MiniTool ShadowMaker.lnk
2022-08-13 01:01 - 2022-09-02 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker
2022-08-13 01:01 - 2021-03-09 18:41 - 000037336 _____ C:\WINDOWS\system32\pwdrvio.sys
2022-08-13 01:01 - 2019-11-08 10:14 - 003600896 _____ C:\WINDOWS\system32\pwNative.exe
2022-08-13 01:01 - 2019-11-08 10:14 - 000012504 _____ C:\WINDOWS\system32\pwdspio.sys
2022-08-13 01:00 - 2022-09-02 17:12 - 000001035 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk
2022-08-13 01:00 - 2022-09-02 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2022-08-10 01:04 - 2022-08-10 01:04 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-10 01:04 - 2022-08-10 01:04 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-10 01:03 - 2022-08-10 01:03 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-10 01:02 - 2022-08-10 01:02 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-10 01:02 - 2022-08-10 01:02 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-10 01:02 - 2022-08-10 01:02 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-10 01:02 - 2022-08-10 01:02 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-10 01:02 - 2022-08-10 01:02 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-10 00:39 - 2022-08-17 15:27 - 000000000 ___HD C:\$WinREAgent
2022-08-07 16:02 - 2022-08-07 16:02 - 000002251 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2022-08-07 16:02 - 2022-08-07 16:02 - 000000000 ____D C:\ProgramData\UDL
2022-08-07 16:02 - 2022-08-07 16:02 - 000000000 ____D C:\ProgramData\Sony Corporation
2022-08-07 16:01 - 2022-08-10 01:57 - 000000951 _____ C:\WINDOWS\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D}.job
2022-08-07 16:01 - 2022-08-07 16:01 - 000004144 _____ C:\WINDOWS\system32\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D}
2022-08-07 16:00 - 2018-06-15 04:14 - 000187392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\E_YLMBRPE.DLL
2022-08-07 16:00 - 2018-06-15 03:04 - 000083968 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\E_YD4BRPE.DLL
2022-08-06 22:58 - 2022-08-06 22:58 - 003055144 _____ (MiniTool Software Limited ) C:\Users\MIKE\Downloads\pw1206-free-online.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-09-05 22:04 - 2022-06-15 16:12 - 000000000 ____D C:\Program Files (x86)\Corel
2022-09-05 22:04 - 2022-04-01 11:08 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Corel
2022-09-05 22:00 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-05 21:59 - 2022-04-01 11:19 - 000000000 ____D C:\ProgramData\Corel
2022-09-05 21:41 - 2022-04-01 00:39 - 000000000 ____D C:\Program Files\CCleaner
2022-09-05 21:26 - 2022-03-28 07:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-09-05 20:59 - 2022-03-31 01:05 - 000000000 ____D C:\Users\MIKE\AppData\Local\Sidebar7
2022-09-05 15:42 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-09-05 15:35 - 2022-03-23 14:43 - 000000000 ____D C:\Users\MIKE\AppData\Local\Packages
2022-09-04 08:35 - 2022-03-30 15:26 - 000000000 ____D C:\ProgramData\Mozilla
2022-09-04 08:33 - 2022-03-30 15:26 - 000000000 ____D C:\Users\MIKE\AppData\LocalLow\Mozilla
2022-09-04 06:02 - 2022-03-28 07:11 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-04 06:02 - 2022-03-28 07:11 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-09-04 06:02 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-03 21:03 - 2022-03-28 07:18 - 000774202 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-09-03 21:02 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-09-03 20:54 - 2022-04-01 00:46 - 000000000 ____D C:\ProgramData\Adaware Protect
2022-09-03 20:54 - 2022-03-30 12:02 - 000000000 ____D C:\Program Files\TeamViewer
2022-09-03 20:54 - 2022-03-28 07:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-09-03 20:54 - 2022-03-27 23:37 - 000000000 ____D C:\Users\MIKE
2022-09-03 20:53 - 2021-03-15 13:09 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-03 17:16 - 2022-03-27 23:37 - 000002387 _____ C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-02 16:39 - 2022-06-15 17:35 - 000000000 ____D C:\Users\MIKE\AppData\Local\BrightTRAMP
2022-09-02 16:31 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-09-02 16:08 - 2022-03-28 07:10 - 000598656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-31 21:58 - 2022-05-02 11:36 - 000000000 ____D C:\ProgramData\Package Cache
2022-08-31 21:56 - 2022-06-15 22:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Service
2022-08-31 21:42 - 2022-06-15 17:38 - 000000000 ____D C:\Program Files (x86)\WeatherZero
2022-08-31 18:07 - 2022-04-01 00:39 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-08-26 17:49 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-08-25 17:50 - 2022-04-01 00:42 - 000002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2022-08-25 17:50 - 2022-04-01 00:42 - 000002359 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2022-08-25 17:50 - 2022-04-01 00:41 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2022-08-23 23:33 - 2022-05-07 11:56 - 000000000 ____D C:\Users\MIKE\AppData\Local\VirtualStore
2022-08-23 23:33 - 2022-03-23 14:43 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Adobe
2022-08-23 21:20 - 2022-03-30 23:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2022-08-22 15:44 - 2022-04-01 01:03 - 000003254 _____ C:\WINDOWS\system32\Tasks\Iperius Backup Startup at Logon
2022-08-22 12:48 - 2022-04-01 01:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iperius Backup
2022-08-21 13:23 - 2022-03-30 15:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-08-20 15:55 - 2022-04-10 16:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-08-20 15:55 - 2021-03-11 17:26 - 000000000 ____D C:\NotesSQL
2022-08-20 14:03 - 2022-07-28 23:00 - 000001605 _____ C:\Users\Public\Desktop\e-Sword.lnk
2022-08-20 14:03 - 2022-07-28 23:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2022-08-20 13:53 - 2022-03-23 17:13 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-20 13:41 - 2022-05-25 17:43 - 000000867 _____ C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2022-08-20 13:41 - 2022-05-25 17:43 - 000000763 _____ C:\Users\Public\Desktop\IrfanView.lnk
2022-08-19 15:05 - 2022-03-30 16:14 - 000000067 _____ C:\WINDOWS\iltwain.ini
2022-08-18 12:40 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-17 15:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Cursors
2022-08-17 15:28 - 2021-10-26 17:15 - 000000000 ____D C:\Temp
2022-08-17 15:27 - 2022-03-23 12:15 - 000000000 ___HD C:\$SysReset
2022-08-17 15:27 - 2021-12-21 14:11 - 000000000 ____D C:\1001bit_pro
2022-08-17 15:27 - 2021-03-15 09:58 - 000000000 ___HD C:\OneDriveTemp
2022-08-17 15:27 - 2021-03-08 14:10 - 000000000 ____D C:\office2007
2022-08-17 12:40 - 2022-03-23 14:45 - 000000000 ___RD C:\Users\MIKE\OneDrive
2022-08-17 12:03 - 2022-05-25 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2022-08-17 12:03 - 2022-04-02 13:26 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-08-17 12:03 - 2022-04-02 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-08-17 03:48 - 2022-03-28 09:09 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-08-17 03:48 - 2022-03-28 09:09 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d84262be31ca1e
2022-08-17 01:12 - 2022-03-14 15:09 - 000000000 __SHD C:\found.003
2022-08-17 01:12 - 2022-03-13 16:41 - 000000000 __SHD C:\found.002
2022-08-17 01:12 - 2022-03-08 20:14 - 000000000 __SHD C:\found.001
2022-08-17 01:12 - 2022-03-08 12:29 - 000000000 __SHD C:\found.000
2022-08-17 01:03 - 2022-03-23 17:14 - 000000000 ____D C:\Program Files\Google
2022-08-17 01:01 - 2022-03-30 23:19 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\NCH Software
2022-08-17 00:40 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-08-17 00:38 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-08-16 22:50 - 2022-04-02 13:30 - 000000000 ____D C:\ProgramData\WinZip
2022-08-16 22:27 - 2022-03-23 14:43 - 000000000 ____D C:\Users\MIKE\AppData\Local\ConnectedDevicesPlatform
2022-08-16 22:21 - 2022-04-01 14:36 - 000000000 ____D C:\Users\MIKE\AppData\Local\Adaware
2022-08-16 21:52 - 2018-08-21 00:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-08-16 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-08-16 21:33 - 2018-08-21 00:03 - 000000000 ____D C:\Program Files\Microsoft Office
2022-08-16 21:30 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-08-16 21:30 - 2018-04-12 01:38 - 000000076 _____ C:\WINDOWS\win.ini
2022-08-16 21:19 - 2022-03-30 23:17 - 000000000 ____D C:\ProgramData\NCH Software
2022-08-16 21:19 - 2022-03-30 23:17 - 000000000 ____D C:\Program Files (x86)\NCH Software
2022-08-16 21:08 - 2022-04-01 00:46 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Adaware Protect
2022-08-16 06:30 - 2018-08-21 09:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-08-11 08:32 - 2022-03-23 17:14 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-08-11 08:32 - 2022-03-23 17:14 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-08-10 16:12 - 2022-03-28 07:16 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-08-10 16:12 - 2022-03-23 17:20 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-08-10 16:12 - 2022-03-23 17:20 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-08-10 01:55 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-08-10 01:55 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-10 01:07 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-10 01:02 - 2022-03-28 07:14 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-10 01:02 - 2020-11-19 01:12 - 000415530 __RSH C:\bootmgr
2022-08-10 00:37 - 2022-03-23 16:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-10 00:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-10 00:33 - 2022-03-23 16:58 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-07 16:02 - 2022-04-07 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2022-08-07 16:02 - 2022-04-07 17:03 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2022-08-07 16:02 - 2022-03-31 09:52 - 000000000 ____D C:\ProgramData\EPSON
2022-08-07 16:01 - 2022-03-31 15:47 - 000000000 ____D C:\Program Files (x86)\epson
2022-08-07 14:46 - 2022-04-27 15:22 - 000000000 ____D C:\Users\MIKE\AppData\Local\ElevatedDiagnostics
==================== Files in the root of some directories ========
2022-08-17 01:27 - 2022-08-22 12:57 - 000000004 _____ () C:\ProgramData\lock.dat
2022-08-17 01:29 - 2022-08-21 17:16 - 000000004 _____ () C:\ProgramData\rc.dat
2022-08-17 01:27 - 2022-08-17 01:27 - 000000008 _____ () C:\ProgramData\ts.dat
2022-05-11 03:57 - 2022-05-11 03:57 - 000248375 ___SH () C:\Users\MIKE\AppData\Roaming\biegdst
2022-05-11 03:57 - 2022-05-11 03:57 - 000042064 ___SH (Microsoft Corporation) C:\Users\MIKE\AppData\Roaming\cuagivi
2022-04-08 12:13 - 2022-04-08 12:13 - 000440003 _____ () C:\Users\MIKE\AppData\Roaming\PicoPDF.dmp
2022-05-11 03:57 - 2022-05-11 03:57 - 000160970 ___SH () C:\Users\MIKE\AppData\Roaming\scsvjbe
2022-05-11 03:57 - 2022-05-11 03:57 - 000045984 ___SH (Microsoft Corporation) C:\Users\MIKE\AppData\Roaming\sfagivi
2022-05-11 03:57 - 2022-05-11 03:57 - 000248375 ___SH () C:\Users\MIKE\AppData\Roaming\ujiwacr
2022-08-17 01:00 - 2022-08-17 01:00 - 000000560 _____ () C:\Users\MIKE\AppData\Local\bowsakkdestx.txt
2022-06-13 17:21 - 2022-06-13 17:21 - 000006422 _____ () C:\Users\MIKE\AppData\Local\recently-used.xbel
==================== FLock ==============================
2022-09-03 20:57 C:\HarmonyBackup
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by MIKE (05-09-2022 22:30:36)
Running from F:\FRST64
Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) (2022-03-28 05:16:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2977571575-3800452491-4211310233-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2977571575-3800452491-4211310233-503 - Limited - Disabled)
Guest (S-1-5-21-2977571575-3800452491-4211310233-501 - Limited - Disabled)
MIKE (S-1-5-21-2977571575-3800452491-4211310233-1002 - Administrator - Enabled) => C:\Users\MIKE
WDAGUtilityAccount (S-1-5-21-2977571575-3800452491-4211310233-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: adaware antivirus (Enabled - Up to date) {FFB95045-56CC-82A1-7DEC-4BB6C6BF7C0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\uTorrent) (Version: 3.5.5.46348 - BitTorrent Inc.)
12 Labours of Hercules 6 - Race for Olympus CE (HKLM-x32\...\12 Labours of Hercules 6 - Race for Olympus CE) (Version: 1.0.0.2 - LeeGT-Games)
12 Labours of Hercules V - Kids of Hellas Collectors Edition (HKLM-x32\...\12 Labours of Hercules V - Kids of Hellas Collectors Edition) (Version: 1.0.0 - LeeGT-Games)
12 Labours of Hercules VII - Fleecing the Fleece CE (HKLM-x32\...\12 Labours of Hercules VII - Fleecing the Fleece CE) (Version: 1.0.0.2 - LeeGT-Games)
7-Zip 19.02 alpha (x64) (HKLM\...\7-Zip) (Version: 19.02 alpha - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{6452120E-72FC-49D7-AB36-7042CC9746FB}) (Version: 31.0.0 - 8GadgetPack.net)
adaware antivirus (HKLM-x32\...\{CC7DEE8D-CA32-4162-8B8F-067A2D970B7D}_AdAwareInstaller) (Version: 12.10.191.0 - adaware)
Adaware PC Cleaner v7.2.0 (HKLM-x32\...\Adaware PC Cleaner_is1) (Version: 7.2.0 - Adaware Software)
Adaware Protect (HKLM\...\{BA732CF8-C0FC-4E40-A327-71B9F4C38318}) (Version: 1.2.439.4251 - Adaware) Hidden
Adaware Protect (HKLM-x32\...\Adaware Protect) (Version: 1.2.439.4251 - Adaware Software)
Adaware Safe Browser (HKLM\...\{5669F509-0665-430A-85E9-881F6F7D9F00}) (Version: 1.1.18.0 - Adaware) Hidden
Adaware Safe Browser (HKLM-x32\...\Adaware Safe Browser) (Version: 1.1.18.0 - Adaware Software)
AdAwareInstaller (HKLM\...\{CC7DEE8D-CA32-4162-8B8F-067A2D970B7D}) (Version: 12.10.191.0 - adaware) Hidden
AdAwareProxyEngine (HKLM\...\{707ADB61-AFA1-4647-887C-45D61879779E}) (Version: 1.2.56.0 - adaware) Hidden
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.002.20191 - Adobe)
AntimalwareEngine (HKLM\...\{A3B73EF9-E184-4128-81D9-AB76BAB83C6A}) (Version: 3.1.283.0 - adaware) Hidden
AntispamEngine (HKLM\...\{28E6F5DF-7885-4023-B8DC-526F3B03A9B7}) (Version: 2.7.1.465 - adaware) Hidden
Any PDF to DWG Converter 2013 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version: - AnyDWG Software, Inc.)
AvcEngine (HKLM\...\{A2EBCEC7-5F2E-444C-8AE9-14868B85E711}) (Version: 3.45.318.0 - adaware) Hidden
blSearcher 1.12 (HKLM-x32\...\{316AD48E-91B4-4910-9006-34C0A68371E9}_is1) (Version: 1.3.0.12 - BLSearcher)
Bolt PDF Printer (HKLM-x32\...\BoltPDF) (Version: 2.03 - NCH Software)
Bullzip PDF Printer 12.2.0.2905 (HKLM\...\Bullzip PDF Printer_is1) (Version: 12.2.0.2905 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 6.03 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 104.0.18088.104 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1208.2 - Piriform Software) Hidden
Check Point Early Launch Anti-Malware driver (HKLM-x32\...\{C08A1E50-6748-470E-8F9E-09CADEED73B1}) (Version: 8.68.63.1 - Check Point Software Technologies Ltd.) Hidden
Check Point SBA (HKLM\...\{5C8F5BF9-5AAE-44E4-BDE4-6D3A94C33A47}) (Version: 86.62.5012 - Check Point Software Technologies Ltd.) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (HKLM\...\{66C10F29-31F0-4A9B-B2CF-465F488AE086}) (Version: 15.0.487 - Corel Corporation) Hidden
CrystalDiskInfo 8.16.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.16.1 - Crystal Dew World)
DataCAD 16 (HKLM-x32\...\{0E9D81AE-03F0-42B2-A9BE-75D347CFF537}) (Version: 16.04.01 - DATACAD LLC)
DataCAD 19 (HKLM-x32\...\{65C9BB7F-1A20-4133-9167-9999518E1773}) (Version: 19.03.01.04 - DATACAD LLC)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 6.23 - NCH Software)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L386 Series Printer Uninstall (HKLM\...\EPSON L386 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{AA6AE72A-371E-4454-9066-3D02BB4BC4E9}) (Version: 3.3.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{14898485-6509-496B-8C30-D5DB8C1C8639}) (Version: 4.6.3 - Seiko Epson Corporation)
e-Sword (HKLM-x32\...\{30589E5B-46DD-446F-B3DA-5D9F5AE5CC3E}) (Version: 13.00.0000 - Rick Meyers)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 9.33 - NCH Software)
FirewallEngine (HKLM\...\{61DA9936-116C-4EBF-9DAC-34E1748B936A}) (Version: 3.0.1.32 - adaware) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
GIMP 2.10.30 (HKLM\...\GIMP-2_is1) (Version: 2.10.30 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.81 - Google LLC)
Google Earth Pro (HKLM\...\{DE181B35-ACEF-4DB0-86D9-731D5767ABB1}) (Version: 7.3.4.8642 - Google)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Iperius Backup version 7.6.0.0 (HKLM-x32\...\Iperius Backup_is1) (Version: 7.6.0.0 - Enter Srl)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
K-Lite Codec Pack 13.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Logitech SetPoint 6.70 (HKLM\...\sp6) (Version: 6.70.55 - Logitech)
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.27 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.25 - Microsoft Corporation)
Microsoft Office 64-bit Components 2016 (HKLM\...\{90160000-002A-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2016 (HKLM-x32\...\{90160000-00E1-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2016 (HKLM-x32\...\{90160000-002C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM-x32\...\{90160000-001F-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2016 (HKLM\...\{90160000-002A-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016 (HKLM\...\{90160000-0116-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2016 (HKLM-x32\...\{90160000-006E-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2016 (HKLM-x32\...\{90160000-0115-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\OneDriveSetup.exe) (Version: 22.166.0807.0002 - Microsoft Corporation)
Microsoft Project MUI (English) 2016 (HKLM-x32\...\{90160000-00B4-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Project Professional 2016 (HKLM-x32\...\{90160000-003B-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Project Professional 2016 (HKLM-x32\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037 (HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30037 (HKLM\...\{529D20E8-132A-4F1A-A25F-9211B8C943AC}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30037 (HKLM\...\{C874FB5A-1C85-460A-A4A9-CBCC3FAE7880}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 Finalizer (HKLM-x32\...\{5950473A-825B-3019-AF86-55F2F9A95FCB}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Module linguistique Français (HKLM\...\{BA14C6F7-A633-3E88-831B-FCC197A5A17D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket (HKLM\...\{36B98E65-CA52-348C-9ED7-77B926A16C2D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA (HKLM\...\{73A36613-1F8F-3D94-B28A-4CC0E3CAECB5}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN (HKLM\...\{DDDF762A-2D1D-36A3-9B70-70BD62B4EDCF}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩 (HKLM\...\{2F884A17-E051-3DB7-B093-6274C98740F6}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack (HKLM\...\{73A64813-E631-3807-8E78-BA679EDA09A8}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support (HKLM\...\{5707EC26-AA9F-32C6-B7C1-347A3482CEC0}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件 (HKLM\...\{FB501A6E-CA6D-36DA-8860-17F0E6D89155}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包 (HKLM\...\{CD56C9B9-FB98-372B-8BC7-FDA312CD2511}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket (HKLM-x32\...\{CAAC553D-EE02-32D2-9F7E-FBC5C22E4C08}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA (HKLM-x32\...\{B8FD8F53-7E58-3DE5-A8FC-CB2B5CCF38CE}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français (HKLM-x32\...\{3371699A-C1EF-3AC3-B094-D338191FA6E9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN (HKLM-x32\...\{A3EB1DE3-9D3F-34C2-BDE6-5A8A4B98CC37}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩 (HKLM-x32\...\{955E1388-E1F1-320A-A018-24616ED60F95}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack (HKLM-x32\...\{859C7535-6862-3867-B97E-816795E8AB65}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support (HKLM-x32\...\{CF06B8C4-F6FC-3A4B-ADD0-04A1CAC3DD86}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件 (HKLM-x32\...\{0FE6DE07-8CBA-3F73-86B4-51B91E506D24}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包 (HKLM-x32\...\{7259BDDA-D888-309D-ADE1-84AA0CB24FE9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support (HKLM\...\{9D6CE289-E12C-38BB-9999-E2377EC118B7}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support (HKLM-x32\...\{7C931D41-F302-3494-868C-320A4F4DD9F9}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
MiniTool Partition Wizard 12.6 DEMO (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited)
MiniTool ShadowMaker PW Edition (HKLM-x32\...\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1) (Version: 3.6 - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.7.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.7.0 (x64 en-US)) (Version: 91.7.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.8.1 (x64 en-US)) (Version: 91.8.1 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Mozilla Thunderbird 91.13.0 (x64 en-US)) (Version: 91.13.0 - Mozilla)
OnlineThreatsEngine (HKLM\...\{D2D51E1D-F784-4076-AE9D-924D9EFD04A5}) (Version: 3.0.3.37 - adaware) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Suite 2021 (HKLM\...\{E3FB8DAB-D5DF-4E92-9110-EC0601392352}) (Version: 19.0.22.5120 - Interactive Brands Malta Limited) Hidden
PDF Suite 2021 (HKLM-x32\...\PDF Suite 2021) (Version: 19.0.22.1837 - Interactive Brands Malta Limited)
PDF Suite 2021 OCR TESS Module (HKLM\...\{E6C764F8-F894-459D-9EA3-FD05F613B6AD}) (Version: 19.0.22.5120 - Interactive Brands Malta Limited) Hidden
PicoPDF PDF Editor (HKLM-x32\...\PicoPDF) (Version: 3.15 - NCH Software)
SketchUp 2018 (HKLM\...\{C702DD60-EBF4-4961-8B7D-F209B361F985}) (Version: 18.0.16975 - Trimble, Inc.)
Stellar Data Recovery (HKLM\...\Stellar Data Recovery_is1) (Version: 10.2.0.0 - Stellar Information Technology Pvt Ltd.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.33.7 - TeamViewer)
toc (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\toc) (Version: 1.55 - NewGame Dest Corp)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
WeatherZero (HKLM-x32\...\WeatherZero) (Version: - Weather Zero)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinZip 26.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}) (Version: 26.0.15033 - Corel Corporation)
ZoneAlarm (HKLM-x32\...\{4073CD02-7996-48D7-AFDF-297676C27CA6}) (Version: 3.005.0089 - Check Point Software)
ZoneAlarm Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Check Point Software Ltd.) Hidden
Zoom (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Packages:
=========
Bubble Shooter Delight -> C:\Program Files\WindowsApps\GSoftTeam.BubbleShooterDelight_1.1.22.0_x64__65ca9qnt7cjzg [2022-04-02] (G Soft Team)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-31] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2977571575-3800452491-4211310233-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\MIKE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2022-08-16] () [File not signed]
ContextMenuHandlers1: [PDFSuite2021_ManagerExt] -> {D62D69E8-B2F4-4014-AACE-F8BB8974FFAB} => C:\Program Files\PDF Suite 2021\context-menu.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareShellExtension.dll [2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareShellExtension.dll [2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2022-08-16] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-08-16 21:19 - 2022-08-16 21:19 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2022-03-31 01:05 - 2019-01-26 21:23 - 000014848 _____ () [File not signed] C:\Users\MIKE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\AccentColor.64.dll
2022-03-31 15:51 - 2021-03-13 22:28 - 000221696 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2022-03-31 01:04 - 2019-10-17 08:38 - 000645120 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2022-03-31 01:05 - 2019-10-05 21:03 - 000483840 _____ (Helmut Buhler) [File not signed] C:\Users\MIKE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll
2022-08-19 12:03 - 2019-09-05 21:00 - 000076800 _____ (Igor Pavlov) [File not signed] G:\7-Zip\7-zip.dll
2022-03-31 01:04 - 2012-05-19 06:16 - 000083456 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sbdrop.dll
2021-03-21 07:49 - 2021-03-21 07:49 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\SQLite\SQLite.Interop.dll
2022-07-06 00:52 - 2022-07-06 00:52 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\ZANG\Common\x86\SQLite.Interop.dll
2022-07-06 00:52 - 2022-07-06 00:52 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\ZANG\UI\x86\SQLite.Interop.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-07-09 13:38 - 2019-07-09 13:38 - 000449536 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\PDF Suite 2021\libcurl.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\bearer\qgenericbearer.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 000047616 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\bearer\qnativewifibearer.dll
2022-09-02 17:13 - 2017-09-14 14:40 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qgif.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000036864 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qicns.dll
2022-09-02 17:13 - 2017-09-14 14:40 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qico.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qjpeg.dll
2022-09-02 17:13 - 2017-09-14 14:53 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qsvg.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qtga.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000353792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qtiff.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qwbmp.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000375296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qwebp.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 001237504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\platforms\qwindows.dll
2022-09-02 17:12 - 2017-09-14 14:53 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\Qt5Svg.dll
2022-08-13 01:01 - 2017-09-14 14:40 - 000884736 _____ (The Qt Company Ltd) [File not signed] G:\Program Files\MiniTool ShadowMaker\sqldrivers\qsqlite.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2020-11-21] (Logitech Inc -> Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: PDF Suite 2021 Helper -> {F0D4411A-8E0B-4254-99DF-7FC49E60F385} -> C:\Program Files\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-helper.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2020-11-21] (Logitech Inc -> Logitech, Inc.)
BHO-x32: PDF Suite 2021 Helper -> {F0D4411A-8E0B-4254-99DF-7FC49E60F385} -> C:\Program Files (x86)\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-helper.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
Toolbar: HKLM - PDF Suite 2021 Toolbar - {49B5689B-741D-46B7-8B3A-1F46EBA34C98} - C:\Program Files\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-plugin.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - PDF Suite 2021 Toolbar - {49B5689B-741D-46B7-8B3A-1F46EBA34C98} - C:\Program Files (x86)\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-plugin.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Lotus Organizer EasyClip.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run: => "NCH Sync Service"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\StartupFolder: => "ncsyncer.lnk"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B1C096DAAEBE093C92CE107BC9DA366B"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "btweb"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "toc"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "csrss"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "Pulngjtt"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{81F12201-D02F-4C1B-8673-C810574821B7}] => (Allow) C:\Program Files\Adaware Protect\openvpn.exe (Adaware Software (Lavasoft Software Canada Inc.) -> The OpenVPN Project)
FirewallRules: [{CB2ABA26-C63A-4CAF-8309-B9D62A1CBAA0}] => (Allow) C:\Program Files\Adaware Safe Browser\AdawareSafeBrowser.exe (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
FirewallRules: [{8A2FFCA2-628F-4812-9A84-44A348D23A3B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{9603EF2E-761F-4A52-86D7-0A4C70356045}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{DFBA5CF1-DAED-465A-B5AB-40C6DA5090B2}] => (Allow) C:\Users\MIKE\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{720C6A19-658C-41A2-96CC-FFE552D2C620}] => (Block) %ProgramFiles% (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe => No File
FirewallRules: [{F5F4965E-06A6-469B-BD33-21E18563932C}] => (Block) %ProgramFiles% (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDRW.exe => No File
FirewallRules: [{C439F25B-DC5B-41B8-9B55-2D7763DC5EEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4051C7E0-5BA3-4036-B180-54CD218EA219}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A9BE204-4870-4B94-B480-065FB371B5A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{31EB131A-49D6-46AE-8326-FA39C40B52B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0211380D-06D5-4470-B109-6AAF26E01119}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A63285A6-4D2D-46C5-B53F-64C4B47037B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5BB9C936-B858-404C-8ECE-F11D7985988F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3AF6F0E3-5DED-44CE-8F94-12434EB0E208}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9F5000BE-2A90-4041-88FE-D51B7F94C6B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{000FB1CC-9F3F-45F2-AE70-6B041F87A7BA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{600F663E-80D7-41A7-A72A-D744EEBBF36F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A3AEC20-19BA-409F-8BC9-FEEBD34779C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{064E012A-9926-4D29-986D-A2B509A7A8C4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{190E3705-50F3-49E5-8D1F-C7F0412C624B}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣㍸㡌硥e => No File
FirewallRules: [{8A13810E-E235-4FF4-834F-4384EAC05E97}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣档潲敭牤癩牥攮數 => No File
FirewallRules: [{C9618DBF-DDCC-41AE-A211-2F6E4DF786F6}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣桃潲敭䅜灰楬慣楴湯䍜牨浯硥e => No File
FirewallRules: [{7B65261D-AB34-4B1D-A89B-29CCEEE81BFD}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣彤乱攮數 => No File
FirewallRules: [{4670A6D9-C74C-470D-B65C-169C991C3B96}] => (Allow) C:\Users\MIKE\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{36D400CF-7E17-4826-95ED-65E6A136B140}] => (Allow) C:\Users\MIKE\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{30B9E433-9831-47D5-B9F7-AA5070F83926}] => (Allow) F:\Program Files (x86)\Iperius Backup\Iperius.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{C2D8F83B-3A05-4D29-9831-08C88A229C96}] => (Allow) F:\Program Files (x86)\Iperius Backup\Iperius.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{F0414353-0E10-43BF-AAA1-2E3C2A954DE8}] => (Allow) F:\Program Files (x86)\Iperius Backup\IperiusService.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{7651FDBA-F75F-4B22-B4F9-A78634032356}] => (Allow) F:\Program Files (x86)\Iperius Backup\IperiusService.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{B149F00E-7528-4E78-A8D2-312B20DD5AEF}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{D280120D-872D-4441-9E39-F2F3C5220FDC}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{2F85DBFD-3586-4B12-A381-E9CF09404377}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{88B76AB2-B9BA-45AF-8C1B-BC691150BF49}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{67F9199C-7006-4576-9064-4EA03C6ABD86}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CECA27F8-586B-4CFB-8FDD-C54CE1E69AA0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F135B854-4F7E-4F23-9D06-842673B4F229}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6B32B644-57A0-47B3-82F4-646C0F5CF37E}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{D63F23C7-6F0C-43BE-86FE-16A72A2C7DCA}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{4AABCAC0-F77B-4CD5-9ECE-48CFDF9DA9ED}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.25\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
20-08-2022 15:54:38 Installed Lotus SmartSuite - English
30-08-2022 00:14:33 Scheduled Checkpoint
31-08-2022 21:55:56 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
05-09-2022 22:05:17 Removed Corel Graphics - Windows Shell Extension.
05-09-2022 22:06:43 Removed Corel Graphics - Windows Shell Extension 64 Bit.
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/05/2022 10:58:02 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (09/05/2022 10:54:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.1865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3a54
Start Time: 01d8c169a68fc2c7
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: ffdd2257-3bf9-405b-8909-cb8721e042ec
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (09/05/2022 10:11:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.1865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 3638
Start Time: 01d8c1635ed6b438
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: 1609bb11-d61b-43e3-917c-59d65a160835
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Activation
Error: (09/05/2022 10:08:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (09/05/2022 09:55:34 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (09/05/2022 09:12:42 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (13912,D,50) WebCacheLocal: An attempt to open the file "C:\Users\MIKE\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (09/05/2022 09:03:18 PM) (Source: ESENT) (EventID: 439) (User: )
Description: DllHost (10980,D,0) WebCacheLocal: Unable to write a shadowed header for file C:\Users\MIKE\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.
Error: (09/05/2022 09:03:18 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (10980,D,0) WebCacheLocal: An attempt to open the file "C:\Users\MIKE\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
System errors:
=============
Error: (09/05/2022 11:00:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The UsoSvc service terminated with the following error:
The system cannot find the file specified.
Error: (09/05/2022 10:58:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Error: (09/05/2022 10:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Client License Service (ClipSVC) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/05/2022 10:58:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Client License Service (ClipSVC) service to connect.
Error: (09/05/2022 10:58:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (09/05/2022 10:58:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UsoSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (09/05/2022 10:58:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the UsoSvc service to connect.
Error: (09/05/2022 10:58:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-MQ5TQ99)
Description: DCOM got error "1053" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Windows Defender:
================
Date: 2022-08-28 23:27:01
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...94&enterprise=0Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_G:\Corel X 5\COrel Draw X5\CorelDRAW.Graphics.Suite.X5.SP3.v15.2.0.695\Keygen\keygen.exe; file:_G:\Corel X5 Install\CorelDRAW.Graphics.Suite.X5.SP3.v15.2.0.695\Keygen\keygen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe
Security intelligence Version: AV: 1.373.798.0, AS: 1.373.798.0, NIS: 1.373.798.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
Date: 2022-08-28 23:26:31
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...94&enterprise=0Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_G:\Corel X5 Install\CorelDRAW.Graphics.Suite.X5.SP3.v15.2.0.695\Keygen\keygen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe
Security intelligence Version: AV: 1.373.798.0, AS: 1.373.798.0, NIS: 1.373.798.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
Date: 2022-08-28 06:49:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-08-27 07:53:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-08-25 17:49:15
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...63&enterprise=0Name: PUA:Win32/Keygen
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_K:\193032 - Data-500gb\Filing\Downloads\SketchUp 2013 Pro\patch\Patch.exe; file:_K:\193032 - Data-500gb\Filing\Downloads\SketchUp 2013 Pro\patch\Patch.exe->(Aspack v2.2)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.373.798.0, AS: 1.373.798.0, NIS: 1.373.798.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
Event[0]:
Date: 2022-08-27 18:08:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2022-08-27 18:08:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2022-08-27 18:08:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2022-08-27 18:07:41
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2022-08-27 18:07:41
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out
CodeIntegrity:
===============
Date: 2022-09-05 22:58:02
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareSecurityCenter.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2022-09-05 22:58:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. V11.13B2 03/06/2012
Motherboard: MSI H67MA-E35 (MS-7680)
Processor: Intel® Core i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 83%
Total physical RAM: 8102.86 MB
Available physical RAM: 1359.48 MB
Total Virtual: 11814.86 MB
Available Virtual: 4049.19 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:222.55 GB) (Free:119.7 GB) (Model: SanDisk SSD PLUS 240GB ATA Device) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:9.77 GB) (Free:9.64 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive f: (PROGRAMMES2) (Fixed) (Total:250.89 GB) (Free:208.42 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive g: (PROGRAMMES) (Fixed) (Total:170.13 GB) (Free:22.18 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive h: (CAD) (Fixed) (Total:170.06 GB) (Free:81.01 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive i: (DATA) (Fixed) (Total:165.18 GB) (Free:140.62 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive j: (FILLING) (Fixed) (Total:165.04 GB) (Free:131.72 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive k: (WINDOWS) (RAMDisk) (Total:222.55 GB) (Free:120.27 GB) (Model: SanDisk SSD PLUS 240GB ATA Device) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{8eb65112-0000-0000-0000-40a337000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{8eb65112-0000-0000-0000-a0c337000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{3156db60-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 8EB65112)
Partition 1: (Active) - (Size=222.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=517 MB) - (Type=27)
Partition 3: (Not Active) - (Size=524 MB) - (Type=27)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3156DB60)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=670.4 GB) - (Type=0F Extended)
==================== End of Addition.txt =======================
Thanks
Mike