Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus/Malware/Ransomware Attack

Started by MikeBack , Sep 04 2022 12:45 PM

  • This topic is locked This topic is locked

#1
MikeBack
Posted 04 September 2022 - 12:45 PM

MikeBack

    Member

  • Member
  • PipPip
  • 70 posts

Good day

My computer appears to have been hit by either a Virus, Malware or Ransomware

A lot of my files now have a .QQLC extension to them and I keep on getting pop up windows from C:\Users\MIKE\AppData\Roaming\cuagivi and  C:\Users\MIKE\AppData\Roaming\sfagivi appearing on the screen.  

The system is also coming up with "programme not responding" messages all the time.

 

I am pasteing  the FRST,txt and Addition.txt below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by MIKE (administrator) on DESKTOP-MQ5TQ99 (MSI MS-7680) (04-09-2022 18:11:05)
Running from F:\FRST64
Loaded Profiles: MIKE
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\UI\UI_Main.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\ZoneAlarmCrashHandler.exe
(Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\ZoneAlarmCrashHandler64.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation -> Mozilla Corporation) F:\Program Files\Mozilla Thunderbird\thunderbird.exe <4>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> ) F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe
(services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware) C:\Program Files\Adaware Protect\AdawareProtectService.exe
(services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware) C:\Program Files\Adaware Safe Browser\asb-updater.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\AR\AR_Service.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\MgrSvc\ZANG_MgrSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (MiniTool Software Limited -> ) G:\Program Files\MiniTool ShadowMaker\AgentService.exe
(services.exe ->) (MiniTool Software Limited -> ) G:\Program Files\MiniTool ShadowMaker\SchedulerService.exe
(services.exe ->) (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited) C:\Program Files\PDF Suite 2021\updater-ws.exe
(services.exe ->) (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited) C:\Program Files\PDF Suite 2021\ws.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <22>
(svchost.exe ->) (ENTER S.R.L. -> Enter Srl) F:\Program Files (x86)\Iperius Backup\Iperius.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22062.536.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-21] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdAwareTray] => F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareTray.exe [4876024 2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ZANG] => C:\Program Files (x86)\CheckPoint\ZANG\UI\UI_Main.exe [689712 2022-07-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38274576 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [MicrosoftEdgeAutoLaunch_B1C096DAAEBE093C92CE107BC9DA366B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [Adaware Protect] => C:\Program Files\Adaware Protect\AdawareProtect.exe [13100584 2022-02-08] (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [221696 2021-03-13] (Bullzip) [File not signed]
HKLM\...\Print\Monitors\EPSON L386 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBRPE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\PDF Suite 2021 Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\suite_pdfpmon_v.4.12.26.3.dll [932984 2022-05-09] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\104.0.18088.104\Installer\chrmstp.exe [2022-08-25] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe [2022-08-11] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk [2022-08-20]
ShortcutTarget: Lotus Organizer EasyClip.lnk -> G:\lotus\organize\easyclip.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk [2022-08-20]
ShortcutTarget: Lotus QuickStart.lnk -> G:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2022-08-16]
ShortcutTarget: WinZip Preloader.lnk -> G:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Startup: C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar661.lnk [2022-09-03]
ShortcutTarget: Sidebar661.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00944AFF-0619-40DE-A03A-FB5FE5581298} - System32\Tasks\WinZip Update Notifier 3 => g:\program files\winzip\WZUpdateNotifier.exe -checkType="scheduled_3PM" -show (No File)
Task: {1A16D947-B6BA-4DF8-B313-BBAE39B493BB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {2644C805-175E-4399-AF27-ECD44C392B2F} - System32\Tasks\Firefox Default Browser Agent 18463BCB5DCCB97C => C:\Users\MIKE\AppData\Roaming\cuagivi [42064 2022-05-11] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
Task: {26533861-1B3F-4834-B2EF-7E583872D915} - System32\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {272B0913-36FC-47C7-A07F-706C5029D202} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
Task: {2A75D720-A63B-48AD-A24C-783CB76489EF} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3003312 2022-08-17] (Piriform Software Ltd -> Piriform Software)
Task: {2B254876-C624-45CA-8296-3E004D1DF8AF} - \CfvAhSLLDQlWYEnoaOG2 -> No File <==== ATTENTION
Task: {2CF13F1F-3532-424B-AD34-8EA39F03B81D} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
Task: {30FEF2E4-1EE2-405D-B6EE-B5919DC54351} - System32\Tasks\CheckPointUpdateTaskMachineCore => C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
Task: {31299575-26D4-4DC1-B112-448E60671B83} - System32\Tasks\CheckPointUpdateTaskMachineUA => C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
Task: {3DCD1A14-F338-49FF-8708-444C6542C139} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {4691906B-8494-4FE1-A02E-82B4F80D5D10} - \vEmwINtbCLGMnczEN2 -> No File <==== ATTENTION
Task: {540E697F-9DF3-4355-9A9E-F7603EC229C0} - \csrss -> No File <==== ATTENTION
Task: {5B4B48E1-C743-46C3-8702-8672BBBBA8D7} - System32\Tasks\Iperius Backup Startup at Logon => F:\Program Files (x86)\Iperius Backup\Iperius.exe [78243840 2022-03-18] (ENTER S.R.L. -> Enter Srl)
Task: {6001F320-7003-49E2-A2AE-B6A0A26616F1} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe (No File)
Task: {668DC191-9196-4ADF-8CD1-5D9D571B668B} - System32\Tasks\MiniTool Shadow Maker => C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe [1064816 2021-12-20] (MiniTool Software Limited -> )
Task: {702F1BB6-4797-4860-9319-1F97A6E303A1} - System32\Tasks\Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E} => C:\Users\MIKE\AppData\Roaming\Windows\System32\sihost.exe (No File) <==== ATTENTION
Task: {75D20A60-3379-42B3-8C42-0EB796AAAEF9} - \wWhkPIwCdffIdJo2 -> No File <==== ATTENTION
Task: {7F6DA135-149A-4547-AEFA-369F423FA919} - System32\Tasks\WinZip Update Notifier 1 => g:\program files\winzip\WZUpdateNotifier.exe -checkType="scheduled_9AM" -show (No File)
Task: {82A51A9B-99A6-4501-AF41-F931D6A2FC7E} - System32\Tasks\CCleanerSkipUAC - MIKE => C:\Program Files\CCleaner\CCleaner.exe [31990800 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9822DE25-D634-4FF6-90BA-FED411C2D62B} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File)
Task: {9F598A09-66EB-43EE-85AC-33703681EDB5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0EF99EB-BD4E-4E47-AFB7-08F87B081D85} - System32\Tasks\GoogleUpdateTaskMachineQC => powershell -EncodedCommand "PAAjAHcAZwAjAD4AIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0AIABGAGkAbABlAHMAXABHAG8AbwBnAGwAZQBcAEMAaAByAG8AbQBlAFwAdQBwAGQAYQB0AGUAcgAuAGUAeABlACcAIAAtAFYAZQByAGIAIABSAHUAbgBBAHMAIAA8ACMAcAB1AGcAIwA+AA==" <==== ATTENTION
Task: {AC0167B8-6904-4771-8B09-4A7982DB133D} - \GoogleUpdateTaskMachineUA{A5B67961-A8AA-4A82-B1BC-42CDB47388D0} -> No File <==== ATTENTION
Task: {AF0CF83C-3AC8-4248-B7F2-CA115928466F} - \Service\Diagnostic -> No File <==== ATTENTION
Task: {B58F938A-5986-45D0-BB03-C4A37B61CEB6} - System32\Tasks\WinZip Update Notifier 2 => g:\program files\winzip\WZUpdateNotifier.exe -checkType="scheduled_12PM" -show (No File)
Task: {C8FBB984-F7BF-47B1-A9E0-5D04F05A3BD7} - System32\Tasks\Adaware PC Cleaner automatic scan and notifications => C:\Program Files (x86)\Adaware PC Cleaner\ADCNotifications.exe (No File)
Task: {CC26E495-83AE-4C0F-885F-1BFF3F4C60C7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-08-12] (Piriform Software Ltd -> Piriform)
Task: {CE0B577D-14A9-454F-AB3A-D8FE6F41C19A} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\System.Wecfile -> No File <==== ATTENTION
Task: {D5446511-D2AD-4206-8BA9-E6FE5798DF50} - System32\Tasks\PpJeBMjvQzKPa2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\ytMDPDBrkgoBXKVB\aUenFDy.wsf"
Task: {E92DF79E-AB7E-4406-ACB3-9A5312764DC8} - System32\Tasks\CorelUpdateHelperTask-933242852353D001C66F17F412989445 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (No File)
Task: {F11000A9-DA7B-436C-8A3D-09B8AC3BB2EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F228CC5B-5729-4D83-B080-F8D892629C08} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3003312 2022-08-17] (Piriform Software Ltd -> Piriform Software)
Task: {F361F553-A68E-4891-A6BB-F8C0130B7A3C} - System32\Tasks\Firefox Default Browser Agent B2BE9145F3E8D57B => C:\Users\MIKE\AppData\Roaming\sfagivi [45984 2022-05-11] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
Task: {FBDA4767-4A85-465C-BFA5-9CE066BA3825} - \OIJxiHdbDxlZJR -> No File <==== ATTENTION
Task: {FFB3E62D-7E37-4976-B891-54C66DAB7902} - \GoogleUpdateTaskMachineCore{1DB08101-2DBD-4B97-8846-0CEF848868FD} -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{D0CE59FD-8836-4087-A705-1B57FAF6917D} /F:UpdateWORKGROUP\DESKTOP-MQ5TQ99$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [{46D0C9A1-6702-4C6A-9A3B-2A6FFE5749D9}] => hxxp://35.236.159.79/win.pac <==== ATTENTION
AutoConfigURL: [S-1-5-21-2977571575-3800452491-4211310233-1002] => hxxp://35.236.159.79/win.pac <==== ATTENTION
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{9638cf81-a859-429a-8b25-e0a837345e8a}: [DhcpNameServer] 192.168.8.1 192.168.8.1
ManualProxies: 0hxxp://35.236.159.79/win.pac <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\MIKE\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-04]
Edge Notifications: Default -> hxxps://forums.sketchup.com; hxxps://www.messenger.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\MIKE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2022-09-02]
Edge Extension: (ZoneAlarm Web Secure ) - C:\Users\MIKE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fbbeejhhfafmnamfpokhpooakngjhacn [2022-08-31]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [odbmjgikedenicicookngdckhkjbebpd]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [@sandblast] - C:\Program Files (x86)\CheckPoint\Endpoint Security\SandBlast\sandblast.xpi => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\CheckPoint\Endpoint Security\SandBlast\sandblast_quantum.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2022-03-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2022-08-07] [Legacy] [not signed]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-08-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/CheckPoint Update;version=3 -> C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\npZoneAlarmUpdate3.dll [2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
FF Plugin-x32: @tools.google.com/CheckPoint Update;version=9 -> C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\npZoneAlarmUpdate3.dll [2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-04-01] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-04-01] (Piriform Software Ltd -> Piriform Software)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default [2022-09-02]
CHR HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
CHR StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m"
CHR DefaultSearchURL: Default -> hxxp://search-cdn.net/fip/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> cdn
CHR DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&q={searchTerms}
CHR Extension: (Google Docs Offline) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-29]
CHR Extension: (Adblocker for Youtube™) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddmabhekhhonkmomaklnflhhgbfnioe [2022-08-17] [UpdateUrl:hxxps://clients59.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Find-it.Pro Search) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\meejmcfbiapijdfaadackoblffmidlig [2022-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-23]
CHR Extension: (Google Translate) - C:\Program Files\aieoplapobidheellikiicjfpamacpfd [2022-08-17]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR Profile: C:\Users\MIKE\AppData\Roaming\Opera Software\Opera Stable [2022-09-02]
OPR DefaultSearchKeyword: Opera Stable -> find-it.pro
OPR Extension: (Adblocker for Youtube™) - C:\Users\MIKE\AppData\Roaming\Opera Software\Opera Stable\Extensions\idimnjcjkopkcbalclocjcbcmkkcfpec [2022-08-17]
OPR Extension: (Find-it.Pro Search) - C:\Users\MIKE\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig [2022-08-17]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Adaware Safe Browser Update Service; C:\Program Files\Adaware Safe Browser\asb-updater.exe [1047592 2021-09-30] (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
R2 adawareantivirusservice; F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe [587104 2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
R2 AdawareProtectService; C:\Program Files\Adaware Protect\AdawareProtectService.exe [8627240 2022-02-08] (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 AR_Service; C:\Program Files (x86)\CheckPoint\ZANG\AR\AR_Service.exe [23088 2022-07-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 bits; C:\WINDOWS\System32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 bits; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\104.0.18088.104\elevation_service.exe [2010024 2022-08-17] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [3367016 2022-02-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [32744 2022-04-20] (Check Point Software Technologies Ltd. -> )
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [32744 2022-04-20] (Check Point Software Technologies Ltd. -> )
S3 dosvc; C:\WINDOWS\System32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dosvc; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2020-10-02] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
R2 MTAgentService; G:\Program Files\MiniTool ShadowMaker\AgentService.exe [783728 2021-12-20] (MiniTool Software Limited -> )
R2 MTSchedulerService; G:\Program Files\MiniTool ShadowMaker\SchedulerService.exe [228208 2021-12-20] (MiniTool Software Limited -> )
R3 PDF Suite 2021; C:\Program Files\PDF Suite 2021\ws.exe [2005552 2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
S3 PDF Suite 2021 Creator; C:\Program Files\PDF Suite 2021\creator\common\creator-ws.exe [567856 2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
R2 PDF Suite 2021 Update Service; C:\Program Files\PDF Suite 2021\updater-ws.exe [1649200 2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18624 2021-10-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16360768 2022-08-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [139424 2022-04-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 UsoSvc; C:\WINDOWS\system32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\NisSrv.exe [3125128 2022-08-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MsMpEng.exe [133560 2022-08-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 ZANG_MgrSvc; C:\Program Files (x86)\CheckPoint\ZANG\MgrSvc\ZANG_MgrSvc.exe [25136 2022-06-30] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 zus; C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
S3 zusm; C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
S4 VBoxGuest; VBoxGuest [X]
S4 VBoxMouse; VBoxMouse [X]
S4 VBoxService; VBoxService [X]
S4 VBoxSF; VBoxSF [X]
S4 VBoxVideo; VBoxVideo [X]
S4 VBoxWddm; VBoxWddm [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [3864480 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2021-03-10] (Bitdefender SRL -> Bitdefender)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [76216 2021-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [156608 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 cposfw; C:\WINDOWS\System32\DRIVERS\cposfw.sys [106472 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
S0 epelam; C:\WINDOWS\System32\drivers\epelam.sys [18912 2022-01-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Check Point Software Technologies)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [132048 2021-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [133416 2020-12-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [176008 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R0 Ignis; C:\WINDOWS\System32\drivers\ignis.sys [191592 2019-09-26] (Bitdefender SRL -> Bitdefender)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\ISWKL.sys [56184 2021-01-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193488 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [615840 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-08-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [453904 2022-08-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94456 2022-08-16] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-09-04 18:01 - 2022-09-04 18:12 - 000000000 ____D C:\FRST
2022-09-02 18:04 - 2022-09-02 18:04 - 000092672 _____ C:\Users\MIKE\Downloads\ConvCalc.exe
2022-09-02 17:53 - 2022-09-02 17:53 - 000157759 _____ C:\Users\MIKE\Downloads\convert.zip
2022-09-02 17:47 - 2022-09-02 17:47 - 000427760 _____ ( ) C:\Users\MIKE\Downloads\euc12.exe
2022-09-02 17:12 - 2022-09-02 17:13 - 000000000 ____D C:\Program Files\MiniTool ShadowMaker
2022-09-02 17:12 - 2022-09-02 17:13 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2022-09-02 16:58 - 2022-09-02 17:03 - 002306440 _____ (MiniTool Software Limited) C:\Users\MIKE\Downloads\pdr-free-online.exe
2022-09-02 16:58 - 2022-09-02 16:58 - 002178432 _____ (MiniTool Software Limited) C:\Users\MIKE\Downloads\sm-online (1).exe
2022-09-02 16:52 - 2022-09-02 17:03 - 003055144 _____ (MiniTool Software Limited ) C:\Users\MIKE\Downloads\pw1206-free-online (1).exe
2022-09-02 16:44 - 2022-09-02 16:44 - 001264416 _____ C:\Users\MIKE\Downloads\recoverit_setup_full4174.exe
2022-09-02 16:40 - 2022-09-04 08:33 - 000000000 ____D C:\Users\MIKE\AppData\Local\CrashDumps
2022-09-02 16:33 - 2022-09-02 16:33 - 000000000 ____D C:\Users\MIKE\AppData\Local\mbam
2022-09-02 16:31 - 2022-09-02 16:31 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000193488 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-09-02 16:31 - 2022-09-02 16:31 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-09-02 16:31 - 2022-09-02 16:28 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-09-02 16:31 - 2022-09-02 16:27 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-09-02 16:27 - 2022-09-02 16:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-09-02 16:27 - 2022-09-02 16:27 - 000000000 ____D C:\Program Files\Malwarebytes
2022-09-02 13:43 - 2022-09-03 20:57 - 000000000 ___HD C:\HarmonyBackup
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Users\MIKE\OneDrive\Documents\CP0Protection0Folder0Do notRemove
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Users\MIKE\AppData\Roaming\Harmony AgentProtectionFolderDo not!Delete
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Users\MIKE\AppData\Local\!Check-PointSecurity!FolderDon't!Remove
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\ProgramData\Harmony Zero-Day!ProtectionDirectoryDo NotDelete
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Program Files (x86)\!CPProtectionFolderDo NotDiscard
2022-08-31 22:00 - 2022-08-31 22:00 - 000001284 _____ C:\Users\Public\Desktop\ZoneAlarm.lnk
2022-08-31 22:00 - 2022-08-31 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
2022-08-31 21:59 - 2022-01-03 17:17 - 000018912 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\epelam.sys
2022-08-31 21:54 - 2022-08-31 22:01 - 000000000 ____D C:\ProgramData\CheckPoint
2022-08-31 21:47 - 2022-08-31 22:00 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2022-08-31 21:47 - 2022-08-31 21:47 - 000003462 _____ C:\WINDOWS\system32\Tasks\CheckPointUpdateTaskMachineUA
2022-08-31 21:47 - 2022-08-31 21:47 - 000003338 _____ C:\WINDOWS\system32\Tasks\CheckPointUpdateTaskMachineCore
2022-08-31 21:47 - 2022-08-31 21:47 - 000000000 ____D C:\Users\MIKE\AppData\Local\CheckPoint
2022-08-31 21:34 - 2022-08-31 21:34 - 000001894 _____ C:\Users\Public\Desktop\Stellar Data Recovery.lnk
2022-08-31 21:34 - 2022-08-31 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Data Recovery
2022-08-31 21:34 - 2022-08-31 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2022-08-31 21:33 - 2022-08-31 21:34 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2022-08-31 21:31 - 2022-08-31 21:34 - 000000000 ____D C:\Program Files\Stellar Data Recovery
2022-08-31 21:28 - 2022-09-02 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2022-08-31 21:28 - 2022-08-31 21:28 - 000000000 ____D C:\ProgramData\GridinSoft
2022-08-30 18:26 - 2022-08-30 18:26 - 008551608 _____ (Malwarebytes) C:\Users\MIKE\Downloads\adwcleaner.exe
2022-08-30 18:24 - 2022-08-30 18:24 - 002556344 _____ (Malwarebytes) C:\Users\MIKE\Downloads\MBSetup-589F50F7-37335.37335.exe
2022-08-30 17:58 - 2022-08-30 17:58 - 001085512 _____ (CheckPoint Software Technologies Ltd.) C:\Users\MIKE\Downloads\ZaarSetup.exe
2022-08-30 17:56 - 2022-08-30 17:56 - 004968864 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\MIKE\Downloads\StellarDataRecoveryProfessionalWindows.exe
2022-08-30 17:45 - 2022-08-30 17:45 - 001182144 _____ (Emsisoft Ltd.) C:\Users\MIKE\Downloads\decrypt_STOPDjvu (1).exe
2022-08-30 17:45 - 2022-08-30 17:45 - 000905704 _____ (Gridinsoft LLC) C:\Users\MIKE\Downloads\install-antimalware-ag.exe
2022-08-30 15:37 - 2022-08-30 15:37 - 017650536 _____ C:\Users\MIKE\Downloads\adawarewebinstaller (1).exe
2022-08-29 22:32 - 2022-08-29 22:32 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\OWL Studio
2022-08-20 17:01 - 2022-08-20 17:01 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12 Labours of Hercules V - Kids of Hellas Collectors Edition
2022-08-20 16:59 - 2022-08-20 16:59 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12 Labours of Hercules 6 - Race for Olympus CE
2022-08-20 16:58 - 2022-08-20 16:58 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12 Labours of Hercules VII - Fleecing the Fleece CE
2022-08-20 16:42 - 2022-09-02 18:21 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\northerntale3_realore_en
2022-08-20 16:42 - 2022-08-20 16:42 - 000000000 ____D C:\Users\MIKE\AppData\Local\northerntale3_realore_en
2022-08-20 16:34 - 2022-08-20 16:35 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\vikingsaga2_realore_en
2022-08-20 16:34 - 2022-08-20 16:34 - 000000000 ____D C:\Users\MIKE\AppData\Local\vikingsaga2_realore_en
2022-08-20 15:55 - 2022-08-20 15:55 - 000000186 _____ C:\WINDOWS\ODBCINST.INI
2022-08-20 15:55 - 2022-08-20 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus SmartSuite
2022-08-20 15:55 - 1999-08-08 06:17 - 000041232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Odbccp32.cpl
2022-08-20 15:55 - 1999-08-08 06:17 - 000024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Odbc32gt.dll
2022-08-20 15:55 - 1999-08-08 06:17 - 000024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Ds32gt.dll
2022-08-20 15:55 - 1999-01-12 00:00 - 000026224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Odbc16gt.dll
2022-08-20 15:55 - 1999-01-12 00:00 - 000004656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Ds16gt.dll
2022-08-20 15:35 - 2022-08-20 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any PDF to DWG Converter
2022-08-20 13:22 - 2022-08-20 13:22 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\OpenOffice
2022-08-20 12:32 - 2022-08-20 12:32 - 000000895 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2022-08-20 12:32 - 2022-08-20 12:32 - 000000895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2022-08-20 12:25 - 2022-08-20 12:25 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Nero
2022-08-19 15:05 - 2022-08-19 15:05 - 000003120 _____ C:\WINDOWS\system32\PHDCRWJ3.ocx
2022-08-19 15:04 - 2022-08-19 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataCAD 16
2022-08-18 03:59 - 2022-09-02 13:43 - 098566144 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-08-18 03:42 - 2022-08-18 03:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-08-17 15:51 - 2022-08-17 15:51 - 000000000 ____D C:\Users\MIKE\AppData\LocalLow\uTorrent.WebView2
2022-08-17 15:51 - 2022-08-17 15:51 - 000000000 ____D C:\Users\MIKE\AppData\LocalLow\uTorrent
2022-08-17 15:50 - 2022-08-19 12:37 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\uTorrent
2022-08-17 15:50 - 2022-08-17 15:50 - 000000882 _____ C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2022-08-17 15:45 - 2022-08-17 15:45 - 000003120 _____ C:\WINDOWS\system32\PJM5CA8D.ocx
2022-08-17 15:45 - 2022-08-17 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataCAD 19
2022-08-17 15:45 - 2014-04-15 09:03 - 001208320 _____ (Eleco plc) C:\WINDOWS\SysWOW64\O2CPlayer.OCX
2022-08-17 15:45 - 2012-02-08 08:27 - 000142336 _____ (DATACAD LLC) C:\WINDOWS\SysWOW64\AECExtension.dll
2022-08-17 15:39 - 2022-08-17 15:43 - 280715844 _____ (Acresso Software Inc. ) C:\Users\MIKE\Downloads\DataCAD16Setup (1).exe
2022-08-17 15:33 - 2022-08-17 15:36 - 301328056 _____ (##ID_STRING195##) C:\Users\MIKE\Downloads\DataCAD19Setup (1).exe
2022-08-17 15:17 - 2022-08-17 15:18 - 000774202 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2022-08-17 12:56 - 1980-01-01 00:00 - 000005383 ____R C:\Users\MIKE\OneDrive\Documents\.MIKE.lnk
2022-08-17 11:44 - 2022-08-17 12:43 - 000003226 _____ C:\WINDOWS\system32\Tasks\Adaware PC Cleaner automatic scan and notifications
2022-08-17 11:44 - 2022-08-17 11:44 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Adaware PC Cleaner
2022-08-17 11:43 - 2022-08-31 22:02 - 000000000 ____D C:\Program Files (x86)\Adaware PC Cleaner
2022-08-17 11:43 - 2022-08-17 11:43 - 000001197 _____ C:\Users\Public\Desktop\Adaware PC Cleaner.lnk
2022-08-17 11:43 - 2022-08-17 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adaware PC Cleaner
2022-08-17 11:42 - 2022-08-17 12:03 - 000000000 ____D C:\ProgramData\Adaware PC Cleaner
2022-08-17 01:29 - 2022-08-21 17:16 - 000000004 _____ C:\ProgramData\rc.dat
2022-08-17 01:27 - 2022-08-22 12:57 - 000000004 _____ C:\ProgramData\lock.dat
2022-08-17 01:27 - 2022-08-17 01:27 - 000000008 _____ C:\ProgramData\ts.dat
2022-08-17 01:26 - 2022-08-21 19:38 - 000000416 _____ C:\ProgramData\lir.bats
2022-08-17 01:19 - 2022-08-17 01:19 - 000003702 _____ C:\WINDOWS\system32\Tasks\Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}
2022-08-17 01:04 - 2022-08-17 01:04 - 000000000 ___HD C:\ProgramData\Cnaoa
2022-08-17 01:02 - 2022-08-17 12:42 - 000003720 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 18463BCB5DCCB97C
2022-08-17 01:02 - 2022-08-17 12:03 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoinSurf
2022-08-17 01:02 - 2022-08-17 01:02 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\CoinSurf
2022-08-17 01:01 - 2022-08-17 15:02 - 000000000 ____D C:\Users\MIKE\AppData\Local\CoinSurf
2022-08-17 01:01 - 2022-08-17 01:02 - 000000000 ____D C:\Users\MIKE\AppData\Local\SquirrelTemp
2022-08-17 01:01 - 2022-08-17 01:01 - 000003720 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent B2BE9145F3E8D57B
2022-08-17 01:01 - 2022-08-17 01:01 - 000000000 ____D C:\Program Files\aieoplapobidheellikiicjfpamacpfd
2022-08-17 01:00 - 2022-08-17 02:47 - 000000000 ____D C:\Users\MIKE\AppData\Local\db6d7c00-82b1-4a07-8b07-2008ce2674eb
2022-08-17 01:00 - 2022-08-17 01:01 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\WfHriMQZTb
2022-08-17 01:00 - 2022-08-17 01:01 - 000000000 ____D C:\Users\MIKE\AppData\Local\8e0fdd7b-ab61-4db6-ac6d-59e7db5d89d0
2022-08-17 01:00 - 2022-08-17 01:00 - 000003878 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineQC
2022-08-17 01:00 - 2022-08-17 01:00 - 000000560 _____ C:\Users\MIKE\AppData\Local\bowsakkdestx.txt
2022-08-17 01:00 - 2022-08-17 01:00 - 000000000 ____D C:\SystemID
2022-08-17 00:59 - 2022-08-17 00:59 - 000000000 ____D C:\Users\MIKE\AppData\Local\Yandex
2022-08-17 00:58 - 2022-08-17 02:47 - 000000000 ____D C:\Program Files (x86)\PowerControl
2022-08-17 00:40 - 2022-09-02 13:48 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\toc
2022-08-17 00:39 - 2022-08-31 22:30 - 000000000 ____D C:\ProgramData\ytMDPDBrkgoBXKVB
2022-08-17 00:39 - 2022-08-17 00:39 - 000003044 _____ C:\WINDOWS\system32\Tasks\PpJeBMjvQzKPa2
2022-08-17 00:38 - 2022-08-31 18:18 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\zTj5YsYumo
2022-08-17 00:37 - 2022-08-31 18:12 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\odnKu
2022-08-17 00:37 - 2022-08-31 18:05 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\M7akc1
2022-08-17 00:37 - 2022-08-17 00:38 - 000004734 __RSH C:\ProgramData\ntuser.pol
2022-08-17 00:36 - 2022-08-31 18:08 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\TxiDKrf44
2022-08-17 00:35 - 2022-08-22 12:59 - 000000000 ____D C:\ProgramData\DiskOptimizer
2022-08-17 00:35 - 2022-08-17 00:40 - 000000000 ____D C:\Program Files (x86)\blSearcher
2022-08-16 22:55 - 2022-08-16 22:55 - 000000000 _____ C:\ProgramData\UpdateLock-D5E4229F55884A18
2022-08-16 22:53 - 2022-08-16 22:53 - 001495520 _____ (Corel Corporation) C:\Users\MIKE\Downloads\wzpdfpro1.exe
2022-08-16 22:48 - 2022-08-16 22:48 - 000000000 ____D C:\Users\MIKE\AppData\Local\OneDrive
2022-08-16 22:31 - 2022-08-17 15:52 - 000000000 ____D C:\Users\MIKE\AppData\Local\BitTorrentHelper
2022-08-16 22:26 - 2022-08-16 22:53 - 000000000 ____D C:\Users\MIKE\AppData\Local\WinZip
2022-08-16 22:26 - 2022-08-16 22:26 - 000003658 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2022-08-16 22:26 - 2022-08-16 22:26 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2022-08-16 22:26 - 2022-08-16 22:26 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2022-08-16 22:26 - 2022-08-16 22:26 - 000001850 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2022-08-16 22:26 - 2022-08-16 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2022-08-16 22:22 - 2022-08-16 22:22 - 000001885 _____ C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2022-08-16 21:41 - 2022-08-16 21:41 - 000002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2022-08-16 21:41 - 2022-08-16 21:41 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2022-08-16 21:41 - 2022-08-16 21:41 - 000000000 ____D C:\WINDOWS\PCHEALTH
2022-08-16 21:40 - 2022-08-16 21:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-08-16 21:40 - 2022-08-16 21:40 - 000000000 ____D C:\WINDOWS\SHELLNEW
2022-08-16 21:40 - 2022-08-16 21:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2022-08-16 21:38 - 2022-08-16 21:38 - 000000000 __RHD C:\MSOCache
2022-08-16 21:23 - 2022-08-16 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-08-16 21:23 - 2022-08-16 21:23 - 000000000 ____D C:\Program Files\7-Zip
2022-08-16 21:19 - 2022-08-16 21:19 - 000001264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2022-08-16 21:19 - 2022-08-16 21:19 - 000001252 _____ C:\Users\Public\Desktop\Express Zip File Compression.lnk
2022-08-16 21:19 - 2022-08-16 21:19 - 000000000 ____D C:\Users\MIKE\NCH Software Suite
2022-08-13 21:27 - 2022-08-13 21:27 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\AlawarEntertainment
2022-08-13 21:21 - 2022-08-13 21:21 - 000001254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
2022-08-13 21:21 - 2022-08-13 21:21 - 000001242 _____ C:\Users\Public\Desktop\Doxillion Document Converter.lnk
2022-08-13 02:48 - 2022-08-13 02:48 - 001451192 _____ (Igor Pavlov) C:\Users\MIKE\Downloads\7z1902-x64.exe
2022-08-13 02:25 - 2022-08-13 02:25 - 002154224 _____ (NCH Software) C:\Users\MIKE\Downloads\DoxillionDocumentConverter (1).exe
2022-08-13 01:02 - 2022-09-03 20:58 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\QtProject
2022-08-13 01:01 - 2022-09-02 17:13 - 000003076 _____ C:\WINDOWS\system32\Tasks\MiniTool Shadow Maker
2022-08-13 01:01 - 2022-09-02 17:13 - 000000989 _____ C:\Users\Public\Desktop\MiniTool ShadowMaker.lnk
2022-08-13 01:01 - 2022-09-02 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker
2022-08-13 01:01 - 2021-03-09 18:41 - 000037336 _____ C:\WINDOWS\system32\pwdrvio.sys
2022-08-13 01:01 - 2019-11-08 10:14 - 003600896 _____ C:\WINDOWS\system32\pwNative.exe
2022-08-13 01:01 - 2019-11-08 10:14 - 000012504 _____ C:\WINDOWS\system32\pwdspio.sys
2022-08-13 01:00 - 2022-09-02 17:12 - 000001035 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk
2022-08-13 01:00 - 2022-09-02 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2022-08-10 01:04 - 2022-08-10 01:04 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-10 01:04 - 2022-08-10 01:04 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-10 01:03 - 2022-08-10 01:03 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-10 01:02 - 2022-08-10 01:02 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-10 01:02 - 2022-08-10 01:02 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-10 01:02 - 2022-08-10 01:02 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-10 01:02 - 2022-08-10 01:02 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-10 01:02 - 2022-08-10 01:02 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-10 00:39 - 2022-08-17 15:27 - 000000000 ___HD C:\$WinREAgent
2022-08-07 16:02 - 2022-08-07 16:02 - 000002251 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2022-08-07 16:02 - 2022-08-07 16:02 - 000000000 ____D C:\ProgramData\UDL
2022-08-07 16:02 - 2022-08-07 16:02 - 000000000 ____D C:\ProgramData\Sony Corporation
2022-08-07 16:01 - 2022-08-10 01:57 - 000000951 _____ C:\WINDOWS\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D}.job
2022-08-07 16:01 - 2022-08-07 16:01 - 000004144 _____ C:\WINDOWS\system32\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D}
2022-08-07 16:00 - 2018-06-15 04:14 - 000187392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\E_YLMBRPE.DLL
2022-08-07 16:00 - 2018-06-15 03:04 - 000083968 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\E_YD4BRPE.DLL
2022-08-06 22:58 - 2022-08-06 22:58 - 003055144 _____ (MiniTool Software Limited ) C:\Users\MIKE\Downloads\pw1206-free-online.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-09-04 18:12 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-04 18:08 - 2022-04-01 00:39 - 000000000 ____D C:\Program Files\CCleaner
2022-09-04 17:59 - 2022-03-31 01:05 - 000000000 ____D C:\Users\MIKE\AppData\Local\Sidebar7
2022-09-04 17:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-09-04 17:05 - 2022-03-28 07:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-09-04 08:35 - 2022-03-30 15:26 - 000000000 ____D C:\ProgramData\Mozilla
2022-09-04 08:33 - 2022-03-30 15:26 - 000000000 ____D C:\Users\MIKE\AppData\LocalLow\Mozilla
2022-09-04 06:02 - 2022-03-28 07:11 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-04 06:02 - 2022-03-28 07:11 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-09-04 06:02 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-03 21:03 - 2022-03-28 07:18 - 000774202 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-09-03 21:02 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-09-03 20:54 - 2022-04-01 00:46 - 000000000 ____D C:\ProgramData\Adaware Protect
2022-09-03 20:54 - 2022-03-30 12:02 - 000000000 ____D C:\Program Files\TeamViewer
2022-09-03 20:54 - 2022-03-28 07:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-09-03 20:54 - 2022-03-27 23:37 - 000000000 ____D C:\Users\MIKE
2022-09-03 20:53 - 2021-03-15 13:09 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-03 17:16 - 2022-03-27 23:37 - 000002387 _____ C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-02 22:20 - 2022-03-23 14:43 - 000000000 ____D C:\Users\MIKE\AppData\Local\Packages
2022-09-02 16:39 - 2022-06-15 17:35 - 000000000 ____D C:\Users\MIKE\AppData\Local\BrightTRAMP
2022-09-02 16:31 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-09-02 16:08 - 2022-03-28 07:10 - 000598656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-31 21:58 - 2022-05-02 11:36 - 000000000 ____D C:\ProgramData\Package Cache
2022-08-31 21:56 - 2022-06-15 22:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Service
2022-08-31 21:42 - 2022-06-15 17:38 - 000000000 ____D C:\Program Files (x86)\WeatherZero
2022-08-31 18:07 - 2022-04-01 00:39 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-08-26 17:49 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-08-25 17:50 - 2022-04-01 00:42 - 000002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2022-08-25 17:50 - 2022-04-01 00:42 - 000002359 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2022-08-25 17:50 - 2022-04-01 00:41 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2022-08-23 23:33 - 2022-05-07 11:56 - 000000000 ____D C:\Users\MIKE\AppData\Local\VirtualStore
2022-08-23 23:33 - 2022-03-23 14:43 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Adobe
2022-08-23 21:20 - 2022-03-30 23:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2022-08-22 15:44 - 2022-04-01 01:03 - 000003254 _____ C:\WINDOWS\system32\Tasks\Iperius Backup Startup at Logon
2022-08-22 12:48 - 2022-04-01 01:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iperius Backup
2022-08-21 13:23 - 2022-03-30 15:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-08-20 15:55 - 2022-04-10 16:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-08-20 15:55 - 2021-03-11 17:26 - 000000000 ____D C:\NotesSQL
2022-08-20 14:03 - 2022-07-28 23:00 - 000001605 _____ C:\Users\Public\Desktop\e-Sword.lnk
2022-08-20 14:03 - 2022-07-28 23:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2022-08-20 13:53 - 2022-03-23 17:13 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-20 13:41 - 2022-05-25 17:43 - 000000867 _____ C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2022-08-20 13:41 - 2022-05-25 17:43 - 000000763 _____ C:\Users\Public\Desktop\IrfanView.lnk
2022-08-19 15:05 - 2022-03-30 16:14 - 000000067 _____ C:\WINDOWS\iltwain.ini
2022-08-18 12:40 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-17 15:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Cursors
2022-08-17 15:28 - 2021-10-26 17:15 - 000000000 ____D C:\Temp
2022-08-17 15:27 - 2022-03-23 12:15 - 000000000 ___HD C:\$SysReset
2022-08-17 15:27 - 2021-12-21 14:11 - 000000000 ____D C:\1001bit_pro
2022-08-17 15:27 - 2021-03-15 09:58 - 000000000 ___HD C:\OneDriveTemp
2022-08-17 15:27 - 2021-03-08 14:10 - 000000000 ____D C:\office2007
2022-08-17 12:40 - 2022-03-23 14:45 - 000000000 ___RD C:\Users\MIKE\OneDrive
2022-08-17 12:03 - 2022-05-25 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2022-08-17 12:03 - 2022-04-02 13:26 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-08-17 12:03 - 2022-04-02 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-08-17 03:48 - 2022-03-28 09:09 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-08-17 03:48 - 2022-03-28 09:09 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d84262be31ca1e
2022-08-17 01:12 - 2022-03-14 15:09 - 000000000 __SHD C:\found.003
2022-08-17 01:12 - 2022-03-13 16:41 - 000000000 __SHD C:\found.002
2022-08-17 01:12 - 2022-03-08 20:14 - 000000000 __SHD C:\found.001
2022-08-17 01:12 - 2022-03-08 12:29 - 000000000 __SHD C:\found.000
2022-08-17 01:03 - 2022-03-23 17:14 - 000000000 ____D C:\Program Files\Google
2022-08-17 01:01 - 2022-03-30 23:19 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\NCH Software
2022-08-17 00:40 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-08-17 00:38 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-08-16 22:50 - 2022-04-02 13:30 - 000000000 ____D C:\ProgramData\WinZip
2022-08-16 22:27 - 2022-03-23 14:43 - 000000000 ____D C:\Users\MIKE\AppData\Local\ConnectedDevicesPlatform
2022-08-16 22:21 - 2022-04-01 14:36 - 000000000 ____D C:\Users\MIKE\AppData\Local\Adaware
2022-08-16 21:52 - 2018-08-21 00:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-08-16 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-08-16 21:33 - 2018-08-21 00:03 - 000000000 ____D C:\Program Files\Microsoft Office
2022-08-16 21:30 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-08-16 21:30 - 2018-04-12 01:38 - 000000076 _____ C:\WINDOWS\win.ini
2022-08-16 21:19 - 2022-03-30 23:17 - 000000000 ____D C:\ProgramData\NCH Software
2022-08-16 21:19 - 2022-03-30 23:17 - 000000000 ____D C:\Program Files (x86)\NCH Software
2022-08-16 21:08 - 2022-04-01 00:46 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Adaware Protect
2022-08-16 06:30 - 2018-08-21 09:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-08-11 08:32 - 2022-03-23 17:14 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-08-11 08:32 - 2022-03-23 17:14 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-08-10 16:12 - 2022-03-28 07:16 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-08-10 16:12 - 2022-03-23 17:20 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-08-10 16:12 - 2022-03-23 17:20 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-08-10 01:55 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-08-10 01:55 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-10 01:07 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-10 01:02 - 2022-03-28 07:14 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-10 01:02 - 2020-11-19 01:12 - 000415530 __RSH C:\bootmgr
2022-08-10 00:37 - 2022-03-23 16:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-10 00:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-10 00:33 - 2022-03-23 16:58 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-07 16:02 - 2022-04-07 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2022-08-07 16:02 - 2022-04-07 17:03 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2022-08-07 16:02 - 2022-03-31 09:52 - 000000000 ____D C:\ProgramData\EPSON
2022-08-07 16:01 - 2022-03-31 15:47 - 000000000 ____D C:\Program Files (x86)\epson
2022-08-07 14:46 - 2022-04-27 15:22 - 000000000 ____D C:\Users\MIKE\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories ========
 
2022-08-17 01:27 - 2022-08-22 12:57 - 000000004 _____ () C:\ProgramData\lock.dat
2022-08-17 01:29 - 2022-08-21 17:16 - 000000004 _____ () C:\ProgramData\rc.dat
2022-08-17 01:27 - 2022-08-17 01:27 - 000000008 _____ () C:\ProgramData\ts.dat
2022-05-11 03:57 - 2022-05-11 03:57 - 000248375 ___SH () C:\Users\MIKE\AppData\Roaming\biegdst
2022-05-11 03:57 - 2022-05-11 03:57 - 000042064 ___SH (Microsoft Corporation) C:\Users\MIKE\AppData\Roaming\cuagivi
2022-04-08 12:13 - 2022-04-08 12:13 - 000440003 _____ () C:\Users\MIKE\AppData\Roaming\PicoPDF.dmp
2022-05-11 03:57 - 2022-05-11 03:57 - 000160970 ___SH () C:\Users\MIKE\AppData\Roaming\scsvjbe
2022-05-11 03:57 - 2022-05-11 03:57 - 000045984 ___SH (Microsoft Corporation) C:\Users\MIKE\AppData\Roaming\sfagivi
2022-05-11 03:57 - 2022-05-11 03:57 - 000248375 ___SH () C:\Users\MIKE\AppData\Roaming\ujiwacr
2022-08-17 01:00 - 2022-08-17 01:00 - 000000560 _____ () C:\Users\MIKE\AppData\Local\bowsakkdestx.txt
2022-06-13 17:21 - 2022-06-13 17:21 - 000006422 _____ () C:\Users\MIKE\AppData\Local\recently-used.xbel
 
==================== FLock ==============================
 
2022-09-03 20:57 C:\HarmonyBackup
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by MIKE (04-09-2022 18:17:41)
Running from F:\FRST64
Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) (2022-03-28 05:16:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2977571575-3800452491-4211310233-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2977571575-3800452491-4211310233-503 - Limited - Disabled)
Guest (S-1-5-21-2977571575-3800452491-4211310233-501 - Limited - Disabled)
MIKE (S-1-5-21-2977571575-3800452491-4211310233-1002 - Administrator - Enabled) => C:\Users\MIKE
WDAGUtilityAccount (S-1-5-21-2977571575-3800452491-4211310233-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: adaware antivirus (Enabled - Up to date) {FFB95045-56CC-82A1-7DEC-4BB6C6BF7C0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\uTorrent) (Version: 3.5.5.46348 - BitTorrent Inc.)
12 Labours of Hercules 6 - Race for Olympus CE (HKLM-x32\...\12 Labours of Hercules 6 - Race for Olympus CE) (Version: 1.0.0.2 - LeeGT-Games)
12 Labours of Hercules V - Kids of Hellas Collectors Edition (HKLM-x32\...\12 Labours of Hercules V - Kids of Hellas Collectors Edition) (Version: 1.0.0 - LeeGT-Games)
12 Labours of Hercules VII - Fleecing the Fleece CE (HKLM-x32\...\12 Labours of Hercules VII - Fleecing the Fleece CE) (Version: 1.0.0.2 - LeeGT-Games)
7-Zip 19.02 alpha (x64) (HKLM\...\7-Zip) (Version: 19.02 alpha - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{6452120E-72FC-49D7-AB36-7042CC9746FB}) (Version: 31.0.0 - 8GadgetPack.net)
adaware antivirus (HKLM-x32\...\{CC7DEE8D-CA32-4162-8B8F-067A2D970B7D}_AdAwareInstaller) (Version: 12.10.191.0 - adaware)
Adaware PC Cleaner v7.2.0 (HKLM-x32\...\Adaware PC Cleaner_is1) (Version: 7.2.0 - Adaware Software)
Adaware Protect (HKLM\...\{BA732CF8-C0FC-4E40-A327-71B9F4C38318}) (Version: 1.2.439.4251 - Adaware) Hidden
Adaware Protect (HKLM-x32\...\Adaware Protect) (Version: 1.2.439.4251 - Adaware Software)
Adaware Safe Browser (HKLM\...\{5669F509-0665-430A-85E9-881F6F7D9F00}) (Version: 1.1.18.0 - Adaware) Hidden
Adaware Safe Browser (HKLM-x32\...\Adaware Safe Browser) (Version: 1.1.18.0 - Adaware Software)
AdAwareInstaller (HKLM\...\{CC7DEE8D-CA32-4162-8B8F-067A2D970B7D}) (Version: 12.10.191.0 - adaware) Hidden
AdAwareProxyEngine (HKLM\...\{707ADB61-AFA1-4647-887C-45D61879779E}) (Version: 1.2.56.0 - adaware) Hidden
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.002.20191 - Adobe)
AntimalwareEngine (HKLM\...\{A3B73EF9-E184-4128-81D9-AB76BAB83C6A}) (Version: 3.1.283.0 - adaware) Hidden
AntispamEngine (HKLM\...\{28E6F5DF-7885-4023-B8DC-526F3B03A9B7}) (Version: 2.7.1.465 - adaware) Hidden
Any PDF to DWG Converter 2013 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version:  - AnyDWG Software, Inc.)
AvcEngine (HKLM\...\{A2EBCEC7-5F2E-444C-8AE9-14868B85E711}) (Version: 3.45.318.0 - adaware) Hidden
blSearcher 1.12 (HKLM-x32\...\{316AD48E-91B4-4910-9006-34C0A68371E9}_is1) (Version: 1.3.0.12 - BLSearcher)
Bolt PDF Printer (HKLM-x32\...\BoltPDF) (Version: 2.03 - NCH Software)
Bullzip PDF Printer 12.2.0.2905 (HKLM\...\Bullzip PDF Printer_is1) (Version: 12.2.0.2905 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 6.03 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 104.0.18088.104 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1208.2 - Piriform Software) Hidden
Check Point Early Launch Anti-Malware driver (HKLM-x32\...\{C08A1E50-6748-470E-8F9E-09CADEED73B1}) (Version: 8.68.63.1 - Check Point Software Technologies Ltd.) Hidden
Check Point SBA (HKLM\...\{5C8F5BF9-5AAE-44E4-BDE4-6D3A94C33A47}) (Version: 86.62.5012 - Check Point Software Technologies Ltd.) Hidden
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{8616305F-122C-4341-9C37-47A9CD322AB2}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{8616305F-122C-4341-9C37-47A9CD322AB2}) (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{4DD94E1E-998D-414B-953C-9BAC44E4CCDD}) (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (HKLM\...\{66C10F29-31F0-4A9B-B2CF-465F488AE086}) (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (HKLM-x32\...\{657EAD32-8E7A-43C0-A794-3BB31B00DC34}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (HKLM-x32\...\{D29A4F85-0FB7-4E54-B591-044652C4295F}) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (HKLM-x32\...\{246FE426-2661-4DD6-9603-DF2E6832387C}) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.1.0.572 - Corel Corporation)
CrystalDiskInfo 8.16.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.16.1 - Crystal Dew World)
DataCAD 16 (HKLM-x32\...\{0E9D81AE-03F0-42B2-A9BE-75D347CFF537}) (Version: 16.04.01 - DATACAD LLC)
DataCAD 19 (HKLM-x32\...\{65C9BB7F-1A20-4133-9167-9999518E1773}) (Version: 19.03.01.04 - DATACAD LLC)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 6.23 - NCH Software)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L386 Series Printer Uninstall (HKLM\...\EPSON L386 Series) (Version:  - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{AA6AE72A-371E-4454-9066-3D02BB4BC4E9}) (Version: 3.3.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{14898485-6509-496B-8C30-D5DB8C1C8639}) (Version: 4.6.3 - Seiko Epson Corporation)
e-Sword (HKLM-x32\...\{30589E5B-46DD-446F-B3DA-5D9F5AE5CC3E}) (Version: 13.00.0000 - Rick Meyers)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 9.33 - NCH Software)
FirewallEngine (HKLM\...\{61DA9936-116C-4EBF-9DAC-34E1748B936A}) (Version: 3.0.1.32 - adaware) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
GIMP 2.10.30 (HKLM\...\GIMP-2_is1) (Version: 2.10.30 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.81 - Google LLC)
Google Earth Pro (HKLM\...\{DE181B35-ACEF-4DB0-86D9-731D5767ABB1}) (Version: 7.3.4.8642 - Google)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Iperius Backup version 7.6.0.0 (HKLM-x32\...\Iperius Backup_is1) (Version: 7.6.0.0 - Enter Srl)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
K-Lite Codec Pack 13.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Logitech SetPoint 6.70 (HKLM\...\sp6) (Version: 6.70.55 - Logitech)
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version:  - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.27 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.25 - Microsoft Corporation)
Microsoft Office 64-bit Components 2016 (HKLM\...\{90160000-002A-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2016 (HKLM-x32\...\{90160000-00E1-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2016 (HKLM-x32\...\{90160000-002C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM-x32\...\{90160000-001F-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2016 (HKLM\...\{90160000-002A-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016 (HKLM\...\{90160000-0116-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2016 (HKLM-x32\...\{90160000-006E-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2016 (HKLM-x32\...\{90160000-0115-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\OneDriveSetup.exe) (Version: 22.166.0807.0002 - Microsoft Corporation)
Microsoft Project MUI (English) 2016 (HKLM-x32\...\{90160000-00B4-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Project Professional 2016 (HKLM-x32\...\{90160000-003B-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Project Professional 2016 (HKLM-x32\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x86) (HKLM-x32\...\{90120000-0070-0000-0000-4000000FF1CE}) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) English (HKLM-x32\...\{BAB89D31-4C55-472B-8909-6CBE2CC276B1}) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037 (HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30037 (HKLM\...\{529D20E8-132A-4F1A-A25F-9211B8C943AC}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30037 (HKLM\...\{C874FB5A-1C85-460A-A4A9-CBCC3FAE7880}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 Finalizer (HKLM-x32\...\{5950473A-825B-3019-AF86-55F2F9A95FCB}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support  - Module linguistique Français (HKLM\...\{BA14C6F7-A633-3E88-831B-FCC197A5A17D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket (HKLM\...\{36B98E65-CA52-348C-9ED7-77B926A16C2D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA (HKLM\...\{73A36613-1F8F-3D94-B28A-4CC0E3CAECB5}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN (HKLM\...\{DDDF762A-2D1D-36A3-9B70-70BD62B4EDCF}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩 (HKLM\...\{2F884A17-E051-3DB7-B093-6274C98740F6}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack (HKLM\...\{73A64813-E631-3807-8E78-BA679EDA09A8}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support (HKLM\...\{5707EC26-AA9F-32C6-B7C1-347A3482CEC0}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件 (HKLM\...\{FB501A6E-CA6D-36DA-8860-17F0E6D89155}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包 (HKLM\...\{CD56C9B9-FB98-372B-8BC7-FDA312CD2511}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket (HKLM-x32\...\{CAAC553D-EE02-32D2-9F7E-FBC5C22E4C08}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA (HKLM-x32\...\{B8FD8F53-7E58-3DE5-A8FC-CB2B5CCF38CE}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français (HKLM-x32\...\{3371699A-C1EF-3AC3-B094-D338191FA6E9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN (HKLM-x32\...\{A3EB1DE3-9D3F-34C2-BDE6-5A8A4B98CC37}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩 (HKLM-x32\...\{955E1388-E1F1-320A-A018-24616ED60F95}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack (HKLM-x32\...\{859C7535-6862-3867-B97E-816795E8AB65}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support (HKLM-x32\...\{CF06B8C4-F6FC-3A4B-ADD0-04A1CAC3DD86}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件 (HKLM-x32\...\{0FE6DE07-8CBA-3F73-86B4-51B91E506D24}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包 (HKLM-x32\...\{7259BDDA-D888-309D-ADE1-84AA0CB24FE9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support (HKLM\...\{9D6CE289-E12C-38BB-9999-E2377EC118B7}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support (HKLM-x32\...\{7C931D41-F302-3494-868C-320A4F4DD9F9}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
MiniTool Partition Wizard 12.6 DEMO (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited)
MiniTool ShadowMaker PW Edition (HKLM-x32\...\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1) (Version: 3.6 - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.7.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.7.0 (x64 en-US)) (Version: 91.7.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.8.1 (x64 en-US)) (Version: 91.8.1 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Mozilla Thunderbird 91.13.0 (x64 en-US)) (Version: 91.13.0 - Mozilla)
OnlineThreatsEngine (HKLM\...\{D2D51E1D-F784-4076-AE9D-924D9EFD04A5}) (Version: 3.0.3.37 - adaware) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Suite 2021 (HKLM\...\{E3FB8DAB-D5DF-4E92-9110-EC0601392352}) (Version: 19.0.22.5120 - Interactive Brands Malta Limited) Hidden
PDF Suite 2021 (HKLM-x32\...\PDF Suite 2021) (Version: 19.0.22.1837 - Interactive Brands Malta Limited)
PDF Suite 2021 OCR TESS Module (HKLM\...\{E6C764F8-F894-459D-9EA3-FD05F613B6AD}) (Version: 19.0.22.5120 - Interactive Brands Malta Limited) Hidden
PicoPDF PDF Editor (HKLM-x32\...\PicoPDF) (Version: 3.15 - NCH Software)
SketchUp 2018 (HKLM\...\{C702DD60-EBF4-4961-8B7D-F209B361F985}) (Version: 18.0.16975 - Trimble, Inc.)
Stellar Data Recovery (HKLM\...\Stellar Data Recovery_is1) (Version: 10.2.0.0 - Stellar Information Technology Pvt Ltd.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.33.7 - TeamViewer)
toc (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\toc) (Version: 1.55 - NewGame Dest Corp)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
WeatherZero (HKLM-x32\...\WeatherZero) (Version:  - Weather Zero)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinZip 26.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}) (Version: 26.0.15033 - Corel Corporation)
ZoneAlarm (HKLM-x32\...\{4073CD02-7996-48D7-AFDF-297676C27CA6}) (Version: 3.005.0089 - Check Point Software)
ZoneAlarm Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Check Point Software Ltd.) Hidden
Zoom (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
 
Packages:
=========
Bubble Shooter Delight -> C:\Program Files\WindowsApps\GSoftTeam.BubbleShooterDelight_1.1.22.0_x64__65ca9qnt7cjzg [2022-04-02] (G Soft Team)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-31] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2977571575-3800452491-4211310233-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\MIKE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2022-08-16] () [File not signed]
ContextMenuHandlers1: [PDFSuite2021_ManagerExt] -> {D62D69E8-B2F4-4014-AACE-F8BB8974FFAB} => C:\Program Files\PDF Suite 2021\context-menu.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareShellExtension.dll [2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareShellExtension.dll [2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2022-08-16] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-08-16 21:19 - 2022-08-16 21:19 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2022-03-31 01:05 - 2019-01-26 21:23 - 000014848 _____ () [File not signed] C:\Users\MIKE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\AccentColor.64.dll
2022-03-31 15:51 - 2021-03-13 22:28 - 000221696 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2022-03-31 01:04 - 2019-10-17 08:38 - 000645120 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2022-03-31 01:05 - 2019-10-05 21:03 - 000483840 _____ (Helmut Buhler) [File not signed] C:\Users\MIKE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll
2022-08-19 12:03 - 2019-09-05 21:00 - 000076800 _____ (Igor Pavlov) [File not signed] G:\7-Zip\7-zip.dll
2022-03-31 01:04 - 2012-05-19 06:16 - 000083456 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sbdrop.dll
2021-03-21 07:49 - 2021-03-21 07:49 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\SQLite\SQLite.Interop.dll
2022-07-06 00:52 - 2022-07-06 00:52 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\ZANG\Common\x86\SQLite.Interop.dll
2022-07-06 00:52 - 2022-07-06 00:52 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\ZANG\UI\x86\SQLite.Interop.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-07-09 13:38 - 2019-07-09 13:38 - 000449536 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\PDF Suite 2021\libcurl.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\bearer\qgenericbearer.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 000047616 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\bearer\qnativewifibearer.dll
2022-09-02 17:13 - 2017-09-14 14:40 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qgif.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000036864 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qicns.dll
2022-09-02 17:13 - 2017-09-14 14:40 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qico.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qjpeg.dll
2022-09-02 17:13 - 2017-09-14 14:53 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qsvg.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qtga.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000353792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qtiff.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qwbmp.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000375296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qwebp.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 001237504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\platforms\qwindows.dll
2022-09-02 17:12 - 2017-09-14 14:53 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\Qt5Svg.dll
2022-08-13 01:01 - 2017-09-14 14:40 - 000884736 _____ (The Qt Company Ltd) [File not signed] G:\Program Files\MiniTool ShadowMaker\sqldrivers\qsqlite.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2020-11-21] (Logitech Inc -> Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: PDF Suite 2021 Helper -> {F0D4411A-8E0B-4254-99DF-7FC49E60F385} -> C:\Program Files\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-helper.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2020-11-21] (Logitech Inc -> Logitech, Inc.)
BHO-x32: PDF Suite 2021 Helper -> {F0D4411A-8E0B-4254-99DF-7FC49E60F385} -> C:\Program Files (x86)\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-helper.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
Toolbar: HKLM - PDF Suite 2021 Toolbar - {49B5689B-741D-46B7-8B3A-1F46EBA34C98} - C:\Program Files\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-plugin.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - PDF Suite 2021 Toolbar - {49B5689B-741D-46B7-8B3A-1F46EBA34C98} - C:\Program Files (x86)\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-plugin.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Lotus Organizer EasyClip.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run: => "NCH Sync Service"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\StartupFolder: => "ncsyncer.lnk"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B1C096DAAEBE093C92CE107BC9DA366B"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "btweb"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "toc"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "csrss"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "Pulngjtt"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{81F12201-D02F-4C1B-8673-C810574821B7}] => (Allow) C:\Program Files\Adaware Protect\openvpn.exe (Adaware Software (Lavasoft Software Canada Inc.) -> The OpenVPN Project)
FirewallRules: [{CB2ABA26-C63A-4CAF-8309-B9D62A1CBAA0}] => (Allow) C:\Program Files\Adaware Safe Browser\AdawareSafeBrowser.exe (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
FirewallRules: [{8A2FFCA2-628F-4812-9A84-44A348D23A3B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{9603EF2E-761F-4A52-86D7-0A4C70356045}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{DFBA5CF1-DAED-465A-B5AB-40C6DA5090B2}] => (Allow) C:\Users\MIKE\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{AC885293-68CA-4CDC-BE42-9A1EC0D33523}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{DE5DE842-53C9-4626-A4E1-37D396EBD42E}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{720C6A19-658C-41A2-96CC-FFE552D2C620}] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{F5F4965E-06A6-469B-BD33-21E18563932C}] => (Block) C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDRW.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{C439F25B-DC5B-41B8-9B55-2D7763DC5EEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4051C7E0-5BA3-4036-B180-54CD218EA219}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A9BE204-4870-4B94-B480-065FB371B5A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{31EB131A-49D6-46AE-8326-FA39C40B52B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0211380D-06D5-4470-B109-6AAF26E01119}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A63285A6-4D2D-46C5-B53F-64C4B47037B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5BB9C936-B858-404C-8ECE-F11D7985988F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3AF6F0E3-5DED-44CE-8F94-12434EB0E208}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9F5000BE-2A90-4041-88FE-D51B7F94C6B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{000FB1CC-9F3F-45F2-AE70-6B041F87A7BA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{600F663E-80D7-41A7-A72A-D744EEBBF36F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A3AEC20-19BA-409F-8BC9-FEEBD34779C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{064E012A-9926-4D29-986D-A2B509A7A8C4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{190E3705-50F3-49E5-8D1F-C7F0412C624B}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣㍸㡌⹲硥e => No File
FirewallRules: [{8A13810E-E235-4FF4-834F-4384EAC05E97}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣档潲敭牤癩牥攮數 => No File
FirewallRules: [{C9618DBF-DDCC-41AE-A211-2F6E4DF786F6}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣桃潲敭䅜灰楬慣楴湯䍜牨浯⹥硥e => No File
FirewallRules: [{7B65261D-AB34-4B1D-A89B-29CCEEE81BFD}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣彤乱攮數 => No File
FirewallRules: [{4670A6D9-C74C-470D-B65C-169C991C3B96}] => (Allow) C:\Users\MIKE\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{36D400CF-7E17-4826-95ED-65E6A136B140}] => (Allow) C:\Users\MIKE\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{30B9E433-9831-47D5-B9F7-AA5070F83926}] => (Allow) F:\Program Files (x86)\Iperius Backup\Iperius.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{C2D8F83B-3A05-4D29-9831-08C88A229C96}] => (Allow) F:\Program Files (x86)\Iperius Backup\Iperius.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{F0414353-0E10-43BF-AAA1-2E3C2A954DE8}] => (Allow) F:\Program Files (x86)\Iperius Backup\IperiusService.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{7651FDBA-F75F-4B22-B4F9-A78634032356}] => (Allow) F:\Program Files (x86)\Iperius Backup\IperiusService.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{B149F00E-7528-4E78-A8D2-312B20DD5AEF}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{D280120D-872D-4441-9E39-F2F3C5220FDC}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{2F85DBFD-3586-4B12-A381-E9CF09404377}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{88B76AB2-B9BA-45AF-8C1B-BC691150BF49}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{67F9199C-7006-4576-9064-4EA03C6ABD86}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CECA27F8-586B-4CFB-8FDD-C54CE1E69AA0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F135B854-4F7E-4F23-9D06-842673B4F229}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6B32B644-57A0-47B3-82F4-646C0F5CF37E}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{D63F23C7-6F0C-43BE-86FE-16A72A2C7DCA}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{4AABCAC0-F77B-4CD5-9ECE-48CFDF9DA9ED}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.25\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
20-08-2022 15:54:38 Installed Lotus SmartSuite - English
30-08-2022 00:14:33 Scheduled Checkpoint
31-08-2022 21:55:56 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/04/2022 05:55:12 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (09/04/2022 05:05:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-MQ5TQ99)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe-2147024864
 
Error: (09/04/2022 05:05:53 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-MQ5TQ99)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe-2147024864
 
Error: (09/04/2022 05:05:47 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-MQ5TQ99)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe-2147024864
 
Error: (09/04/2022 04:55:31 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (09/04/2022 04:55:15 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (09/04/2022 04:29:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.1865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2bb8
 
Start Time: 01d8c069e462e0f5
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: b7d87f0f-a299-4a3e-9fef-d9e1292e8840
 
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Hang type: Quiesce
 
Error: (09/04/2022 03:54:50 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
 
System errors:
=============
Error: (09/04/2022 06:41:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MQ5TQ99)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
Error: (09/04/2022 06:41:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The UsoSvc service terminated with the following error: 
The system cannot find the file specified.
 
Error: (09/04/2022 06:40:51 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (09/04/2022 06:39:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The bits service terminated with the following error: 
The system cannot find the file specified.
 
Error: (09/04/2022 06:39:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MQ5TQ99)
Description: The server {F087771F-D74F-4C1A-BB8A-E16ACA9124EA} did not register with DCOM within the required timeout.
 
Error: (09/04/2022 06:38:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The UsoSvc service terminated with the following error: 
The system cannot find the file specified.
 
Error: (09/04/2022 06:38:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (09/04/2022 06:37:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The bits service terminated with the following error: 
The system cannot find the file specified.
 
 
Windows Defender:
================
Date: 2022-08-28 23:27:01
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_G:\Corel X 5\COrel Draw X5\CorelDRAW.Graphics.Suite.X5.SP3.v15.2.0.695\Keygen\keygen.exe; file:_G:\Corel X5 Install\CorelDRAW.Graphics.Suite.X5.SP3.v15.2.0.695\Keygen\keygen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe
Security intelligence Version: AV: 1.373.798.0, AS: 1.373.798.0, NIS: 1.373.798.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
 
Date: 2022-08-28 23:26:31
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_G:\Corel X5 Install\CorelDRAW.Graphics.Suite.X5.SP3.v15.2.0.695\Keygen\keygen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe
Security intelligence Version: AV: 1.373.798.0, AS: 1.373.798.0, NIS: 1.373.798.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
 
Date: 2022-08-28 06:49:30
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-08-27 07:53:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2022-08-25 17:49:15
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Keygen
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_K:\193032 - Data-500gb\Filing\Downloads\SketchUp 2013 Pro\patch\Patch.exe; file:_K:\193032 - Data-500gb\Filing\Downloads\SketchUp 2013 Pro\patch\Patch.exe->(Aspack v2.2)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.373.798.0, AS: 1.373.798.0, NIS: 1.373.798.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
Event[0]:
 
Date: 2022-08-27 18:08:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2022-08-27 18:08:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2022-08-27 18:08:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2022-08-27 18:07:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2022-08-27 18:07:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out 
 
CodeIntegrity:
===============
Date: 2022-09-04 17:55:13
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareSecurityCenter.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2022-09-04 17:55:12
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Windows signing level requirements.
 
Date: 2022-09-04 14:54:35
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. V11.13B2 03/06/2012
Motherboard: MSI H67MA-E35 (MS-7680)
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 78%
Total physical RAM: 8102.86 MB
Available physical RAM: 1729.67 MB
Total Virtual: 11814.86 MB
Available Virtual: 4477.91 MB
 
==================== Drives ================================
 
Drive c: (WINDOWS) (Fixed) (Total:222.55 GB) (Free:120.37 GB) (Model: SanDisk SSD PLUS 240GB ATA Device) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:9.77 GB) (Free:9.64 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive f: (PROGRAMMES2) (Fixed) (Total:250.89 GB) (Free:208.42 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive g: (PROGRAMMES) (Fixed) (Total:170.13 GB) (Free:16.01 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive h: (CAD) (Fixed) (Total:170.06 GB) (Free:82.01 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive i: (DATA) (Fixed) (Total:165.18 GB) (Free:140.62 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive j: (FILLING) (Fixed) (Total:165.04 GB) (Free:131.72 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive k: (WINDOWS) (RAMDisk) (Total:222.55 GB) (Free:120.27 GB) (Model: SanDisk SSD PLUS 240GB ATA Device) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{8eb65112-0000-0000-0000-40a337000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{8eb65112-0000-0000-0000-a0c337000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{3156db60-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 8EB65112)
Partition 1: (Active) - (Size=222.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=517 MB) - (Type=27)
Partition 3: (Not Active) - (Size=524 MB) - (Type=27)
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3156DB60)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=670.4 GB) - (Type=0F Extended)
 
==================== End of Addition.txt =======================
 
Please can you help me get the computer back up and running properly and if possible give me directions to retreiving the Ransomware encrypted files.
 
Thank you
Mike Backler

 


  • 0

Advertisements

#2
DR M
Posted 04 September 2022 - 01:17 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, MikeBack.
 
The computer is infected.
 
Before we move on:

Please, adhere to the guidelines below. As soon as I have your approval, I'll be back to you with a set of instructions.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

P.S. Here now it's 10:20 p.m. I'll be back to you tomorrow afternoon, my time.


  • 0

#3
MikeBack
Posted 04 September 2022 - 01:31 PM

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Hi Dr M

 

Thanks for the reply, Please go ahead with the removal protocol.

I have 2 cracked programmes that I will remove tomorrow morning.

I have automatic notification setup so will watch for the next post.

Time hear is now 21.30 so I am an hour ahead of you.

Regards

Mike 


  • 1

#4
DR M
Posted 05 September 2022 - 11:42 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Mike.

 

Unfortunately there is evidence of potentially illegal software on your computer. You have also P2P program installed, so being infected should not surprise you. I am going to request you to completely uninstall all products for which you do not have a valid Product Key, including all "cracked" software", keygens, patches etc. 
 
If you are willing to do that please rerun a FRST scan after removal and attach both reports in your reply. If you prefer to leave the programs on your computer let me know that and I will be closing the Topic.

  • 0

#5
MikeBack
Posted 05 September 2022 - 03:23 PM

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi Dr M

The only 2 programmes that I am aware of were Corel V5 & V7 which I have uninstalled. I did download and install a trial version of Microsoft Office Project which still has 25 odd days left on the trial.
If by P2P programmes, you are referring to uTorrent, the programme is used to download GIS and Cadastral information for the Programme Planit GIS, which I use in my daily work.

Here are the new scans:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by MIKE (administrator) on DESKTOP-MQ5TQ99 (MSI MS-7680) (05-09-2022 22:26:16)
Running from F:\FRST64
Loaded Profiles: MIKE
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe <7>
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\UI\UI_Main.exe
(Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\ZoneAlarmCrashHandler.exe
(Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\ZoneAlarmCrashHandler64.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe <2>
(explorer.exe ->) (DATACAD LLC) [File not signed] H:\DataCAD 19\DCADWIN.EXE
(F:\Program Files\Mozilla Thunderbird\thunderbird.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <19>
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Mozilla Corporation -> Mozilla Corporation) F:\Program Files\Mozilla Thunderbird\thunderbird.exe <4>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\CCleanerBrowserCrashHandler64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIRPE.EXE
(services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> ) F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe
(services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware) C:\Program Files\Adaware Protect\AdawareProtectService.exe
(services.exe ->) (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware) C:\Program Files\Adaware Safe Browser\asb-updater.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\AR\AR_Service.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\MgrSvc\ZANG_MgrSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (MiniTool Software Limited -> ) G:\Program Files\MiniTool ShadowMaker\AgentService.exe
(services.exe ->) (MiniTool Software Limited -> ) G:\Program Files\MiniTool ShadowMaker\SchedulerService.exe
(services.exe ->) (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited) C:\Program Files\PDF Suite 2021\updater-ws.exe
(services.exe ->) (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited) C:\Program Files\PDF Suite 2021\ws.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (ENTER S.R.L. -> Enter Srl) F:\Program Files (x86)\Iperius Backup\Iperius.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22062.536.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\pacjsworker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2020-11-21] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdAwareTray] => F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareTray.exe [4876024 2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ZANG] => C:\Program Files (x86)\CheckPoint\ZANG\UI\UI_Main.exe [689712 2022-07-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38274576 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [MicrosoftEdgeAutoLaunch_B1C096DAAEBE093C92CE107BC9DA366B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [Adaware Protect] => C:\Program Files\Adaware Protect\AdawareProtect.exe [13100584 2022-02-08] (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRPE.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [221696 2021-03-13] (Bullzip) [File not signed]
HKLM\...\Print\Monitors\EPSON L386 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBRPE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\PDF Suite 2021 Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\suite_pdfpmon_v.4.12.26.3.dll [932984 2022-05-09] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\104.0.18088.104\Installer\chrmstp.exe [2022-08-25] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe [2022-08-11] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk [2022-08-20]
ShortcutTarget: Lotus Organizer EasyClip.lnk -> G:\lotus\organize\easyclip.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk [2022-08-20]
ShortcutTarget: Lotus QuickStart.lnk -> G:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2022-08-16]
ShortcutTarget: WinZip Preloader.lnk -> G:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Startup: C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar661.lnk [2022-09-03]
ShortcutTarget: Sidebar661.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00944AFF-0619-40DE-A03A-FB5FE5581298} - System32\Tasks\WinZip Update Notifier 3 => g:\program files\winzip\WZUpdateNotifier.exe -checkType="scheduled_3PM" -show (No File)
Task: {1A16D947-B6BA-4DF8-B313-BBAE39B493BB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (No File)
Task: {2644C805-175E-4399-AF27-ECD44C392B2F} - System32\Tasks\Firefox Default Browser Agent 18463BCB5DCCB97C => C:\Users\MIKE\AppData\Roaming\cuagivi [42064 2022-05-11] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
Task: {26533861-1B3F-4834-B2EF-7E583872D915} - System32\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {272B0913-36FC-47C7-A07F-706C5029D202} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
Task: {2A75D720-A63B-48AD-A24C-783CB76489EF} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3003312 2022-08-17] (Piriform Software Ltd -> Piriform Software)
Task: {2B254876-C624-45CA-8296-3E004D1DF8AF} - \CfvAhSLLDQlWYEnoaOG2 -> No File <==== ATTENTION
Task: {2CF13F1F-3532-424B-AD34-8EA39F03B81D} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
Task: {30FEF2E4-1EE2-405D-B6EE-B5919DC54351} - System32\Tasks\CheckPointUpdateTaskMachineCore => C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
Task: {31299575-26D4-4DC1-B112-448E60671B83} - System32\Tasks\CheckPointUpdateTaskMachineUA => C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
Task: {3DCD1A14-F338-49FF-8708-444C6542C139} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {4691906B-8494-4FE1-A02E-82B4F80D5D10} - \vEmwINtbCLGMnczEN2 -> No File <==== ATTENTION
Task: {540E697F-9DF3-4355-9A9E-F7603EC229C0} - \csrss -> No File <==== ATTENTION
Task: {5B4B48E1-C743-46C3-8702-8672BBBBA8D7} - System32\Tasks\Iperius Backup Startup at Logon => F:\Program Files (x86)\Iperius Backup\Iperius.exe [78243840 2022-03-18] (ENTER S.R.L. -> Enter Srl)
Task: {6001F320-7003-49E2-A2AE-B6A0A26616F1} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe (No File)
Task: {668DC191-9196-4ADF-8CD1-5D9D571B668B} - System32\Tasks\MiniTool Shadow Maker => C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe [1064816 2021-12-20] (MiniTool Software Limited -> )
Task: {702F1BB6-4797-4860-9319-1F97A6E303A1} - System32\Tasks\Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E} => C:\Users\MIKE\AppData\Roaming\Windows\System32\sihost.exe (No File) <==== ATTENTION
Task: {75D20A60-3379-42B3-8C42-0EB796AAAEF9} - \wWhkPIwCdffIdJo2 -> No File <==== ATTENTION
Task: {7F6DA135-149A-4547-AEFA-369F423FA919} - System32\Tasks\WinZip Update Notifier 1 => g:\program files\winzip\WZUpdateNotifier.exe -checkType="scheduled_9AM" -show (No File)
Task: {82A51A9B-99A6-4501-AF41-F931D6A2FC7E} - System32\Tasks\CCleanerSkipUAC - MIKE => C:\Program Files\CCleaner\CCleaner.exe [31990800 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9822DE25-D634-4FF6-90BA-FED411C2D62B} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe (No File)
Task: {9F598A09-66EB-43EE-85AC-33703681EDB5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0EF99EB-BD4E-4E47-AFB7-08F87B081D85} - System32\Tasks\GoogleUpdateTaskMachineQC => powershell -EncodedCommand "PAAjAHcAZwAjAD4AIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAAnAEMAOgBcAFAAcgBvAGcAcgBhAG0AIABGAGkAbABlAHMAXABHAG8AbwBnAGwAZQBcAEMAaAByAG8AbQBlAFwAdQBwAGQAYQB0AGUAcgAuAGUAeABlACcAIAAtAFYAZQByAGIAIABSAHUAbgBBAHMAIAA8ACMAcAB1AGcAIwA+AA==" <==== ATTENTION
Task: {AC0167B8-6904-4771-8B09-4A7982DB133D} - \GoogleUpdateTaskMachineUA{A5B67961-A8AA-4A82-B1BC-42CDB47388D0} -> No File <==== ATTENTION
Task: {AF0CF83C-3AC8-4248-B7F2-CA115928466F} - \Service\Diagnostic -> No File <==== ATTENTION
Task: {B58F938A-5986-45D0-BB03-C4A37B61CEB6} - System32\Tasks\WinZip Update Notifier 2 => g:\program files\winzip\WZUpdateNotifier.exe -checkType="scheduled_12PM" -show (No File)
Task: {C8FBB984-F7BF-47B1-A9E0-5D04F05A3BD7} - System32\Tasks\Adaware PC Cleaner automatic scan and notifications => C:\Program Files (x86)\Adaware PC Cleaner\ADCNotifications.exe (No File)
Task: {CC26E495-83AE-4C0F-885F-1BFF3F4C60C7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-08-12] (Piriform Software Ltd -> Piriform)
Task: {CE0B577D-14A9-454F-AB3A-D8FE6F41C19A} - \Microsoft\Windows\RemoteApp and Desktop Connections Update\System.Wecfile -> No File <==== ATTENTION
Task: {D5446511-D2AD-4206-8BA9-E6FE5798DF50} - System32\Tasks\PpJeBMjvQzKPa2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\ytMDPDBrkgoBXKVB\aUenFDy.wsf"
Task: {E92DF79E-AB7E-4406-ACB3-9A5312764DC8} - System32\Tasks\CorelUpdateHelperTask-933242852353D001C66F17F412989445 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (No File)
Task: {F11000A9-DA7B-436C-8A3D-09B8AC3BB2EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F228CC5B-5729-4D83-B080-F8D892629C08} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3003312 2022-08-17] (Piriform Software Ltd -> Piriform Software)
Task: {F361F553-A68E-4891-A6BB-F8C0130B7A3C} - System32\Tasks\Firefox Default Browser Agent B2BE9145F3E8D57B => C:\Users\MIKE\AppData\Roaming\sfagivi [45984 2022-05-11] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
Task: {FBDA4767-4A85-465C-BFA5-9CE066BA3825} - \OIJxiHdbDxlZJR -> No File <==== ATTENTION
Task: {FFB3E62D-7E37-4976-B891-54C66DAB7902} - \GoogleUpdateTaskMachineCore{1DB08101-2DBD-4B97-8846-0CEF848868FD} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRPE.EXE:/EXE:{D0CE59FD-8836-4087-A705-1B57FAF6917D} /F:UpdateWORKGROUP\DESKTOP-MQ5TQ99$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [{46D0C9A1-6702-4C6A-9A3B-2A6FFE5749D9}] => hxxp://35.236.159.79/win.pac <==== ATTENTION
AutoConfigURL: [S-1-5-21-2977571575-3800452491-4211310233-1002] => hxxp://35.236.159.79/win.pac <==== ATTENTION
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{9638cf81-a859-429a-8b25-e0a837345e8a}: [DhcpNameServer] 192.168.8.1 192.168.8.1
ManualProxies: 0hxxp://35.236.159.79/win.pac <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\MIKE\AppData\Local\Microsoft\Edge\User Data\Default [2022-09-05]
Edge Notifications: Default -> hxxps://forums.sketchup.com; hxxps://www.messenger.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\MIKE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2022-09-02]
Edge Extension: (ZoneAlarm Web Secure ) - C:\Users\MIKE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fbbeejhhfafmnamfpokhpooakngjhacn [2022-08-31]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [odbmjgikedenicicookngdckhkjbebpd]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [@sandblast] - C:\Program Files (x86)\CheckPoint\Endpoint Security\SandBlast\sandblast.xpi => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\CheckPoint\Endpoint Security\SandBlast\sandblast_quantum.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2022-03-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2022-08-07] [Legacy] [not signed]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-08-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/CheckPoint Update;version=3 -> C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\npZoneAlarmUpdate3.dll [2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
FF Plugin-x32: @tools.google.com/CheckPoint Update;version=9 -> C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\npZoneAlarmUpdate3.dll [2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-04-01] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1208.2\npCCleanerBrowserUpdate3.dll [2022-04-01] (Piriform Software Ltd -> Piriform Software)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default [2022-09-02]
CHR HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
CHR StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m"
CHR DefaultSearchURL: Default -> hxxp://search-cdn.net/fip/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> cdn
CHR DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&q={searchTerms}
CHR Extension: (Google Docs Offline) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-29]
CHR Extension: (Adblocker for Youtube™) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddmabhekhhonkmomaklnflhhgbfnioe [2022-08-17] [UpdateUrl:hxxps://clients59.google.com/service/update2/crx] <==== ATTENTION
CHR Extension: (Find-it.Pro Search) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\meejmcfbiapijdfaadackoblffmidlig [2022-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-23]
CHR Extension: (Google Translate) - C:\Program Files\aieoplapobidheellikiicjfpamacpfd [2022-08-17]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\MIKE\AppData\Roaming\Opera Software\Opera Stable [2022-09-02]
OPR DefaultSearchKeyword: Opera Stable -> find-it.pro
OPR Extension: (Adblocker for Youtube™) - C:\Users\MIKE\AppData\Roaming\Opera Software\Opera Stable\Extensions\idimnjcjkopkcbalclocjcbcmkkcfpec [2022-08-17]
OPR Extension: (Find-it.Pro Search) - C:\Users\MIKE\AppData\Roaming\Opera Software\Opera Stable\Extensions\meejmcfbiapijdfaadackoblffmidlig [2022-08-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adaware Safe Browser Update Service; C:\Program Files\Adaware Safe Browser\asb-updater.exe [1047592 2021-09-30] (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
R2 adawareantivirusservice; F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe [587104 2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
R2 AdawareProtectService; C:\Program Files\Adaware Protect\AdawareProtectService.exe [8627240 2022-02-08] (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 AR_Service; C:\Program Files (x86)\CheckPoint\ZANG\AR\AR_Service.exe [23088 2022-07-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 bits; C:\WINDOWS\System32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 bits; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\104.0.18088.104\elevation_service.exe [2010024 2022-08-17] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [196976 2022-04-01] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-08-12] (Piriform Software Ltd -> Piriform Software Ltd)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [3367016 2022-02-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [32744 2022-04-20] (Check Point Software Technologies Ltd. -> )
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [32744 2022-04-20] (Check Point Software Technologies Ltd. -> )
S3 dosvc; C:\WINDOWS\System32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dosvc; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2020-10-02] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
R2 MTAgentService; G:\Program Files\MiniTool ShadowMaker\AgentService.exe [783728 2021-12-20] (MiniTool Software Limited -> )
R2 MTSchedulerService; G:\Program Files\MiniTool ShadowMaker\SchedulerService.exe [228208 2021-12-20] (MiniTool Software Limited -> )
R3 PDF Suite 2021; C:\Program Files\PDF Suite 2021\ws.exe [2005552 2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
S3 PDF Suite 2021 Creator; C:\Program Files\PDF Suite 2021\creator\common\creator-ws.exe [567856 2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
R2 PDF Suite 2021 Update Service; C:\Program Files\PDF Suite 2021\updater-ws.exe [1649200 2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18624 2021-10-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16360768 2022-08-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [139424 2022-04-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 UsoSvc; C:\WINDOWS\system32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\NisSrv.exe [3125128 2022-08-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.5-0\MsMpEng.exe [133560 2022-08-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [55320 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [46504 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 ZANG_MgrSvc; C:\Program Files (x86)\CheckPoint\ZANG\MgrSvc\ZANG_MgrSvc.exe [25136 2022-06-30] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 zus; C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
S3 zusm; C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2022-08-31] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
S4 VBoxGuest; VBoxGuest [X]
S4 VBoxMouse; VBoxMouse [X]
S4 VBoxService; VBoxService [X]
S4 VBoxSF; VBoxSF [X]
S4 VBoxVideo; VBoxVideo [X]
S4 VBoxWddm; VBoxWddm [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [3864480 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2021-03-10] (Bitdefender SRL -> Bitdefender)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [76216 2021-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [156608 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 cposfw; C:\WINDOWS\System32\DRIVERS\cposfw.sys [106472 2022-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
S0 epelam; C:\WINDOWS\System32\drivers\epelam.sys [18912 2022-01-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Check Point Software Technologies)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [132048 2021-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [133416 2020-12-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [176008 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender LLC)
R0 Ignis; C:\WINDOWS\System32\drivers\ignis.sys [191592 2019-09-26] (Bitdefender SRL -> Bitdefender)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\ISWKL.sys [56184 2021-01-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193488 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [75216 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-09-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [615840 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-08-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [453904 2022-08-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94456 2022-08-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-05 09:48 - 2022-09-05 09:48 - 000047233 _____ C:\Users\MIKE\Downloads\1015AW04.TIF
2022-09-05 09:45 - 2022-09-05 09:45 - 000059388 _____ C:\Users\MIKE\Downloads\1015AV04.TIF
2022-09-04 18:01 - 2022-09-05 22:26 - 000000000 ____D C:\FRST
2022-09-02 18:04 - 2022-09-02 18:04 - 000092672 _____ C:\Users\MIKE\Downloads\ConvCalc.exe
2022-09-02 17:53 - 2022-09-02 17:53 - 000157759 _____ C:\Users\MIKE\Downloads\convert.zip
2022-09-02 17:47 - 2022-09-02 17:47 - 000427760 _____ ( ) C:\Users\MIKE\Downloads\euc12.exe
2022-09-02 17:12 - 2022-09-02 17:13 - 000000000 ____D C:\Program Files\MiniTool ShadowMaker
2022-09-02 17:12 - 2022-09-02 17:13 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2022-09-02 16:58 - 2022-09-02 17:03 - 002306440 _____ (MiniTool Software Limited) C:\Users\MIKE\Downloads\pdr-free-online.exe
2022-09-02 16:58 - 2022-09-02 16:58 - 002178432 _____ (MiniTool Software Limited) C:\Users\MIKE\Downloads\sm-online (1).exe
2022-09-02 16:52 - 2022-09-02 17:03 - 003055144 _____ (MiniTool Software Limited ) C:\Users\MIKE\Downloads\pw1206-free-online (1).exe
2022-09-02 16:44 - 2022-09-02 16:44 - 001264416 _____ C:\Users\MIKE\Downloads\recoverit_setup_full4174.exe
2022-09-02 16:40 - 2022-09-05 14:53 - 000000000 ____D C:\Users\MIKE\AppData\Local\CrashDumps
2022-09-02 16:33 - 2022-09-02 16:33 - 000000000 ____D C:\Users\MIKE\AppData\Local\mbam
2022-09-02 16:31 - 2022-09-02 16:31 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000193488 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000075216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-09-02 16:31 - 2022-09-02 16:31 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-09-02 16:31 - 2022-09-02 16:31 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-09-02 16:31 - 2022-09-02 16:28 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-09-02 16:31 - 2022-09-02 16:27 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-09-02 16:27 - 2022-09-02 16:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-09-02 16:27 - 2022-09-02 16:27 - 000000000 ____D C:\Program Files\Malwarebytes
2022-09-02 13:43 - 2022-09-03 20:57 - 000000000 ___HD C:\HarmonyBackup
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Users\MIKE\OneDrive\Documents\CP0Protection0Folder0Do notRemove
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Users\MIKE\AppData\Roaming\Harmony AgentProtectionFolderDo not!Delete
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Users\MIKE\AppData\Local\!Check-PointSecurity!FolderDon't!Remove
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\ProgramData\Harmony Zero-Day!ProtectionDirectoryDo NotDelete
2022-08-31 22:02 - 2022-08-31 22:02 - 000000000 ___RD C:\Program Files (x86)\!CPProtectionFolderDo NotDiscard
2022-08-31 22:00 - 2022-08-31 22:00 - 000001284 _____ C:\Users\Public\Desktop\ZoneAlarm.lnk
2022-08-31 22:00 - 2022-08-31 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
2022-08-31 21:59 - 2022-01-03 17:17 - 000018912 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\epelam.sys
2022-08-31 21:54 - 2022-08-31 22:01 - 000000000 ____D C:\ProgramData\CheckPoint
2022-08-31 21:47 - 2022-08-31 22:00 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2022-08-31 21:47 - 2022-08-31 21:47 - 000003462 _____ C:\WINDOWS\system32\Tasks\CheckPointUpdateTaskMachineUA
2022-08-31 21:47 - 2022-08-31 21:47 - 000003338 _____ C:\WINDOWS\system32\Tasks\CheckPointUpdateTaskMachineCore
2022-08-31 21:47 - 2022-08-31 21:47 - 000000000 ____D C:\Users\MIKE\AppData\Local\CheckPoint
2022-08-31 21:34 - 2022-08-31 21:34 - 000001894 _____ C:\Users\Public\Desktop\Stellar Data Recovery.lnk
2022-08-31 21:34 - 2022-08-31 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Data Recovery
2022-08-31 21:34 - 2022-08-31 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2022-08-31 21:33 - 2022-08-31 21:34 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2022-08-31 21:31 - 2022-08-31 21:34 - 000000000 ____D C:\Program Files\Stellar Data Recovery
2022-08-31 21:28 - 2022-09-02 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2022-08-31 21:28 - 2022-08-31 21:28 - 000000000 ____D C:\ProgramData\GridinSoft
2022-08-30 18:26 - 2022-08-30 18:26 - 008551608 _____ (Malwarebytes) C:\Users\MIKE\Downloads\adwcleaner.exe
2022-08-30 18:24 - 2022-08-30 18:24 - 002556344 _____ (Malwarebytes) C:\Users\MIKE\Downloads\MBSetup-589F50F7-37335.37335.exe
2022-08-30 17:58 - 2022-08-30 17:58 - 001085512 _____ (CheckPoint Software Technologies Ltd.) C:\Users\MIKE\Downloads\ZaarSetup.exe
2022-08-30 17:56 - 2022-08-30 17:56 - 004968864 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\MIKE\Downloads\StellarDataRecoveryProfessionalWindows.exe
2022-08-30 17:45 - 2022-08-30 17:45 - 001182144 _____ (Emsisoft Ltd.) C:\Users\MIKE\Downloads\decrypt_STOPDjvu (1).exe
2022-08-30 17:45 - 2022-08-30 17:45 - 000905704 _____ (Gridinsoft LLC) C:\Users\MIKE\Downloads\install-antimalware-ag.exe
2022-08-30 15:37 - 2022-08-30 15:37 - 017650536 _____ C:\Users\MIKE\Downloads\adawarewebinstaller (1).exe
2022-08-29 22:32 - 2022-08-29 22:32 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\OWL Studio
2022-08-20 17:01 - 2022-08-20 17:01 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12 Labours of Hercules V - Kids of Hellas Collectors Edition
2022-08-20 16:59 - 2022-08-20 16:59 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12 Labours of Hercules 6 - Race for Olympus CE
2022-08-20 16:58 - 2022-08-20 16:58 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12 Labours of Hercules VII - Fleecing the Fleece CE
2022-08-20 16:42 - 2022-09-02 18:21 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\northerntale3_realore_en
2022-08-20 16:42 - 2022-08-20 16:42 - 000000000 ____D C:\Users\MIKE\AppData\Local\northerntale3_realore_en
2022-08-20 16:34 - 2022-08-20 16:35 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\vikingsaga2_realore_en
2022-08-20 16:34 - 2022-08-20 16:34 - 000000000 ____D C:\Users\MIKE\AppData\Local\vikingsaga2_realore_en
2022-08-20 15:55 - 2022-08-20 15:55 - 000000186 _____ C:\WINDOWS\ODBCINST.INI
2022-08-20 15:55 - 2022-08-20 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotus SmartSuite
2022-08-20 15:55 - 1999-08-08 06:17 - 000041232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Odbccp32.cpl
2022-08-20 15:55 - 1999-08-08 06:17 - 000024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Odbc32gt.dll
2022-08-20 15:55 - 1999-08-08 06:17 - 000024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Ds32gt.dll
2022-08-20 15:55 - 1999-01-12 00:00 - 000026224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Odbc16gt.dll
2022-08-20 15:55 - 1999-01-12 00:00 - 000004656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Ds16gt.dll
2022-08-20 15:35 - 2022-08-20 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any PDF to DWG Converter
2022-08-20 13:22 - 2022-08-20 13:22 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\OpenOffice
2022-08-20 12:32 - 2022-08-20 12:32 - 000000895 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2022-08-20 12:32 - 2022-08-20 12:32 - 000000895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2022-08-20 12:25 - 2022-08-20 12:25 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Nero
2022-08-19 15:05 - 2022-08-19 15:05 - 000003120 _____ C:\WINDOWS\system32\PHDCRWJ3.ocx
2022-08-19 15:04 - 2022-08-19 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataCAD 16
2022-08-18 03:59 - 2022-09-02 13:43 - 098566144 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-08-18 03:42 - 2022-08-18 03:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-08-17 15:51 - 2022-08-17 15:51 - 000000000 ____D C:\Users\MIKE\AppData\LocalLow\uTorrent.WebView2
2022-08-17 15:51 - 2022-08-17 15:51 - 000000000 ____D C:\Users\MIKE\AppData\LocalLow\uTorrent
2022-08-17 15:50 - 2022-08-19 12:37 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\uTorrent
2022-08-17 15:50 - 2022-08-17 15:50 - 000000882 _____ C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2022-08-17 15:45 - 2022-08-17 15:45 - 000003120 _____ C:\WINDOWS\system32\PJM5CA8D.ocx
2022-08-17 15:45 - 2022-08-17 15:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataCAD 19
2022-08-17 15:45 - 2014-04-15 09:03 - 001208320 _____ (Eleco plc) C:\WINDOWS\SysWOW64\O2CPlayer.OCX
2022-08-17 15:45 - 2012-02-08 08:27 - 000142336 _____ (DATACAD LLC) C:\WINDOWS\SysWOW64\AECExtension.dll
2022-08-17 15:39 - 2022-08-17 15:43 - 280715844 _____ (Acresso Software Inc. ) C:\Users\MIKE\Downloads\DataCAD16Setup (1).exe
2022-08-17 15:33 - 2022-08-17 15:36 - 301328056 _____ (##ID_STRING195##) C:\Users\MIKE\Downloads\DataCAD19Setup (1).exe
2022-08-17 15:17 - 2022-08-17 15:18 - 000774202 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2022-08-17 12:56 - 1980-01-01 00:00 - 000005383 ____R C:\Users\MIKE\OneDrive\Documents\.MIKE.lnk
2022-08-17 11:44 - 2022-08-17 12:43 - 000003226 _____ C:\WINDOWS\system32\Tasks\Adaware PC Cleaner automatic scan and notifications
2022-08-17 11:44 - 2022-08-17 11:44 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Adaware PC Cleaner
2022-08-17 11:43 - 2022-08-31 22:02 - 000000000 ____D C:\Program Files (x86)\Adaware PC Cleaner
2022-08-17 11:43 - 2022-08-17 11:43 - 000001197 _____ C:\Users\Public\Desktop\Adaware PC Cleaner.lnk
2022-08-17 11:43 - 2022-08-17 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adaware PC Cleaner
2022-08-17 11:42 - 2022-08-17 12:03 - 000000000 ____D C:\ProgramData\Adaware PC Cleaner
2022-08-17 01:29 - 2022-08-21 17:16 - 000000004 _____ C:\ProgramData\rc.dat
2022-08-17 01:27 - 2022-08-22 12:57 - 000000004 _____ C:\ProgramData\lock.dat
2022-08-17 01:27 - 2022-08-17 01:27 - 000000008 _____ C:\ProgramData\ts.dat
2022-08-17 01:26 - 2022-08-21 19:38 - 000000416 _____ C:\ProgramData\lir.bats
2022-08-17 01:19 - 2022-08-17 01:19 - 000003702 _____ C:\WINDOWS\system32\Tasks\Shell Infrastructure Host Task {H5J7S8H9D6-2S6E8R2K4-8G6M3C2D3E}
2022-08-17 01:04 - 2022-08-17 01:04 - 000000000 ___HD C:\ProgramData\Cnaoa
2022-08-17 01:02 - 2022-08-17 12:42 - 000003720 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 18463BCB5DCCB97C
2022-08-17 01:02 - 2022-08-17 12:03 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoinSurf
2022-08-17 01:02 - 2022-08-17 01:02 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\CoinSurf
2022-08-17 01:01 - 2022-08-17 15:02 - 000000000 ____D C:\Users\MIKE\AppData\Local\CoinSurf
2022-08-17 01:01 - 2022-08-17 01:02 - 000000000 ____D C:\Users\MIKE\AppData\Local\SquirrelTemp
2022-08-17 01:01 - 2022-08-17 01:01 - 000003720 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent B2BE9145F3E8D57B
2022-08-17 01:01 - 2022-08-17 01:01 - 000000000 ____D C:\Program Files\aieoplapobidheellikiicjfpamacpfd
2022-08-17 01:00 - 2022-08-17 02:47 - 000000000 ____D C:\Users\MIKE\AppData\Local\db6d7c00-82b1-4a07-8b07-2008ce2674eb
2022-08-17 01:00 - 2022-08-17 01:01 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\WfHriMQZTb
2022-08-17 01:00 - 2022-08-17 01:01 - 000000000 ____D C:\Users\MIKE\AppData\Local\8e0fdd7b-ab61-4db6-ac6d-59e7db5d89d0
2022-08-17 01:00 - 2022-08-17 01:00 - 000003878 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineQC
2022-08-17 01:00 - 2022-08-17 01:00 - 000000560 _____ C:\Users\MIKE\AppData\Local\bowsakkdestx.txt
2022-08-17 01:00 - 2022-08-17 01:00 - 000000000 ____D C:\SystemID
2022-08-17 00:59 - 2022-08-17 00:59 - 000000000 ____D C:\Users\MIKE\AppData\Local\Yandex
2022-08-17 00:58 - 2022-08-17 02:47 - 000000000 ____D C:\Program Files (x86)\PowerControl
2022-08-17 00:40 - 2022-09-02 13:48 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\toc
2022-08-17 00:39 - 2022-08-31 22:30 - 000000000 ____D C:\ProgramData\ytMDPDBrkgoBXKVB
2022-08-17 00:39 - 2022-08-17 00:39 - 000003044 _____ C:\WINDOWS\system32\Tasks\PpJeBMjvQzKPa2
2022-08-17 00:38 - 2022-08-31 18:18 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\zTj5YsYumo
2022-08-17 00:37 - 2022-08-31 18:12 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\odnKu
2022-08-17 00:37 - 2022-08-31 18:05 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\M7akc1
2022-08-17 00:37 - 2022-08-17 00:38 - 000004734 __RSH C:\ProgramData\ntuser.pol
2022-08-17 00:36 - 2022-08-31 18:08 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\TxiDKrf44
2022-08-17 00:35 - 2022-08-22 12:59 - 000000000 ____D C:\ProgramData\DiskOptimizer
2022-08-17 00:35 - 2022-08-17 00:40 - 000000000 ____D C:\Program Files (x86)\blSearcher
2022-08-16 22:55 - 2022-08-16 22:55 - 000000000 _____ C:\ProgramData\UpdateLock-D5E4229F55884A18
2022-08-16 22:53 - 2022-08-16 22:53 - 001495520 _____ (Corel Corporation) C:\Users\MIKE\Downloads\wzpdfpro1.exe
2022-08-16 22:48 - 2022-08-16 22:48 - 000000000 ____D C:\Users\MIKE\AppData\Local\OneDrive
2022-08-16 22:31 - 2022-08-17 15:52 - 000000000 ____D C:\Users\MIKE\AppData\Local\BitTorrentHelper
2022-08-16 22:26 - 2022-08-16 22:53 - 000000000 ____D C:\Users\MIKE\AppData\Local\WinZip
2022-08-16 22:26 - 2022-08-16 22:26 - 000003658 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2022-08-16 22:26 - 2022-08-16 22:26 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2022-08-16 22:26 - 2022-08-16 22:26 - 000003656 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2022-08-16 22:26 - 2022-08-16 22:26 - 000001850 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk
2022-08-16 22:26 - 2022-08-16 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2022-08-16 22:22 - 2022-08-16 22:22 - 000001885 _____ C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk
2022-08-16 21:41 - 2022-08-16 21:41 - 000002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2022-08-16 21:41 - 2022-08-16 21:41 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2022-08-16 21:41 - 2022-08-16 21:41 - 000000000 ____D C:\WINDOWS\PCHEALTH
2022-08-16 21:40 - 2022-08-16 21:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-08-16 21:40 - 2022-08-16 21:40 - 000000000 ____D C:\WINDOWS\SHELLNEW
2022-08-16 21:40 - 2022-08-16 21:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2022-08-16 21:38 - 2022-08-16 21:38 - 000000000 __RHD C:\MSOCache
2022-08-16 21:23 - 2022-08-16 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-08-16 21:23 - 2022-08-16 21:23 - 000000000 ____D C:\Program Files\7-Zip
2022-08-16 21:19 - 2022-08-16 21:19 - 000001264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2022-08-16 21:19 - 2022-08-16 21:19 - 000001252 _____ C:\Users\Public\Desktop\Express Zip File Compression.lnk
2022-08-16 21:19 - 2022-08-16 21:19 - 000000000 ____D C:\Users\MIKE\NCH Software Suite
2022-08-13 21:27 - 2022-08-13 21:27 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\AlawarEntertainment
2022-08-13 21:21 - 2022-08-13 21:21 - 000001254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
2022-08-13 21:21 - 2022-08-13 21:21 - 000001242 _____ C:\Users\Public\Desktop\Doxillion Document Converter.lnk
2022-08-13 02:48 - 2022-08-13 02:48 - 001451192 _____ (Igor Pavlov) C:\Users\MIKE\Downloads\7z1902-x64.exe
2022-08-13 02:25 - 2022-08-13 02:25 - 002154224 _____ (NCH Software) C:\Users\MIKE\Downloads\DoxillionDocumentConverter (1).exe
2022-08-13 01:02 - 2022-09-03 20:58 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\QtProject
2022-08-13 01:01 - 2022-09-02 17:13 - 000003076 _____ C:\WINDOWS\system32\Tasks\MiniTool Shadow Maker
2022-08-13 01:01 - 2022-09-02 17:13 - 000000989 _____ C:\Users\Public\Desktop\MiniTool ShadowMaker.lnk
2022-08-13 01:01 - 2022-09-02 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker
2022-08-13 01:01 - 2021-03-09 18:41 - 000037336 _____ C:\WINDOWS\system32\pwdrvio.sys
2022-08-13 01:01 - 2019-11-08 10:14 - 003600896 _____ C:\WINDOWS\system32\pwNative.exe
2022-08-13 01:01 - 2019-11-08 10:14 - 000012504 _____ C:\WINDOWS\system32\pwdspio.sys
2022-08-13 01:00 - 2022-09-02 17:12 - 000001035 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk
2022-08-13 01:00 - 2022-09-02 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2022-08-10 01:04 - 2022-08-10 01:04 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-08-10 01:04 - 2022-08-10 01:04 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-08-10 01:03 - 2022-08-10 01:03 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-08-10 01:02 - 2022-08-10 01:02 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-08-10 01:02 - 2022-08-10 01:02 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-08-10 01:02 - 2022-08-10 01:02 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-08-10 01:02 - 2022-08-10 01:02 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-08-10 01:02 - 2022-08-10 01:02 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-08-10 00:39 - 2022-08-17 15:27 - 000000000 ___HD C:\$WinREAgent
2022-08-07 16:02 - 2022-08-07 16:02 - 000002251 _____ C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
2022-08-07 16:02 - 2022-08-07 16:02 - 000000000 ____D C:\ProgramData\UDL
2022-08-07 16:02 - 2022-08-07 16:02 - 000000000 ____D C:\ProgramData\Sony Corporation
2022-08-07 16:01 - 2022-08-10 01:57 - 000000951 _____ C:\WINDOWS\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D}.job
2022-08-07 16:01 - 2022-08-07 16:01 - 000004144 _____ C:\WINDOWS\system32\Tasks\EPSON L386 Series Update {D0CE59FD-8836-4087-A705-1B57FAF6917D}
2022-08-07 16:00 - 2018-06-15 04:14 - 000187392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\E_YLMBRPE.DLL
2022-08-07 16:00 - 2018-06-15 03:04 - 000083968 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\E_YD4BRPE.DLL
2022-08-06 22:58 - 2022-08-06 22:58 - 003055144 _____ (MiniTool Software Limited ) C:\Users\MIKE\Downloads\pw1206-free-online.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-05 22:04 - 2022-06-15 16:12 - 000000000 ____D C:\Program Files (x86)\Corel
2022-09-05 22:04 - 2022-04-01 11:08 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Corel
2022-09-05 22:00 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-05 21:59 - 2022-04-01 11:19 - 000000000 ____D C:\ProgramData\Corel
2022-09-05 21:41 - 2022-04-01 00:39 - 000000000 ____D C:\Program Files\CCleaner
2022-09-05 21:26 - 2022-03-28 07:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-09-05 20:59 - 2022-03-31 01:05 - 000000000 ____D C:\Users\MIKE\AppData\Local\Sidebar7
2022-09-05 15:42 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-09-05 15:35 - 2022-03-23 14:43 - 000000000 ____D C:\Users\MIKE\AppData\Local\Packages
2022-09-04 08:35 - 2022-03-30 15:26 - 000000000 ____D C:\ProgramData\Mozilla
2022-09-04 08:33 - 2022-03-30 15:26 - 000000000 ____D C:\Users\MIKE\AppData\LocalLow\Mozilla
2022-09-04 06:02 - 2022-03-28 07:11 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-04 06:02 - 2022-03-28 07:11 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-09-04 06:02 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-03 21:03 - 2022-03-28 07:18 - 000774202 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-09-03 21:02 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-09-03 20:54 - 2022-04-01 00:46 - 000000000 ____D C:\ProgramData\Adaware Protect
2022-09-03 20:54 - 2022-03-30 12:02 - 000000000 ____D C:\Program Files\TeamViewer
2022-09-03 20:54 - 2022-03-28 07:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-09-03 20:54 - 2022-03-27 23:37 - 000000000 ____D C:\Users\MIKE
2022-09-03 20:53 - 2021-03-15 13:09 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-03 17:16 - 2022-03-27 23:37 - 000002387 _____ C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-02 16:39 - 2022-06-15 17:35 - 000000000 ____D C:\Users\MIKE\AppData\Local\BrightTRAMP
2022-09-02 16:31 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-09-02 16:08 - 2022-03-28 07:10 - 000598656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-08-31 21:58 - 2022-05-02 11:36 - 000000000 ____D C:\ProgramData\Package Cache
2022-08-31 21:56 - 2022-06-15 22:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Service
2022-08-31 21:42 - 2022-06-15 17:38 - 000000000 ____D C:\Program Files (x86)\WeatherZero
2022-08-31 18:07 - 2022-04-01 00:39 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-08-26 17:49 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-08-25 17:50 - 2022-04-01 00:42 - 000002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2022-08-25 17:50 - 2022-04-01 00:42 - 000002359 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2022-08-25 17:50 - 2022-04-01 00:41 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2022-08-23 23:33 - 2022-05-07 11:56 - 000000000 ____D C:\Users\MIKE\AppData\Local\VirtualStore
2022-08-23 23:33 - 2022-03-23 14:43 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Adobe
2022-08-23 21:20 - 2022-03-30 23:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2022-08-22 15:44 - 2022-04-01 01:03 - 000003254 _____ C:\WINDOWS\system32\Tasks\Iperius Backup Startup at Logon
2022-08-22 12:48 - 2022-04-01 01:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iperius Backup
2022-08-21 13:23 - 2022-03-30 15:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-08-20 15:55 - 2022-04-10 16:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-08-20 15:55 - 2021-03-11 17:26 - 000000000 ____D C:\NotesSQL
2022-08-20 14:03 - 2022-07-28 23:00 - 000001605 _____ C:\Users\Public\Desktop\e-Sword.lnk
2022-08-20 14:03 - 2022-07-28 23:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
2022-08-20 13:53 - 2022-03-23 17:13 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-20 13:41 - 2022-05-25 17:43 - 000000867 _____ C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2022-08-20 13:41 - 2022-05-25 17:43 - 000000763 _____ C:\Users\Public\Desktop\IrfanView.lnk
2022-08-19 15:05 - 2022-03-30 16:14 - 000000067 _____ C:\WINDOWS\iltwain.ini
2022-08-18 12:40 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-08-17 15:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Cursors
2022-08-17 15:28 - 2021-10-26 17:15 - 000000000 ____D C:\Temp
2022-08-17 15:27 - 2022-03-23 12:15 - 000000000 ___HD C:\$SysReset
2022-08-17 15:27 - 2021-12-21 14:11 - 000000000 ____D C:\1001bit_pro
2022-08-17 15:27 - 2021-03-15 09:58 - 000000000 ___HD C:\OneDriveTemp
2022-08-17 15:27 - 2021-03-08 14:10 - 000000000 ____D C:\office2007
2022-08-17 12:40 - 2022-03-23 14:45 - 000000000 ___RD C:\Users\MIKE\OneDrive
2022-08-17 12:03 - 2022-05-25 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2022-08-17 12:03 - 2022-04-02 13:26 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-08-17 12:03 - 2022-04-02 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-08-17 03:48 - 2022-03-28 09:09 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-08-17 03:48 - 2022-03-28 09:09 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d84262be31ca1e
2022-08-17 01:12 - 2022-03-14 15:09 - 000000000 __SHD C:\found.003
2022-08-17 01:12 - 2022-03-13 16:41 - 000000000 __SHD C:\found.002
2022-08-17 01:12 - 2022-03-08 20:14 - 000000000 __SHD C:\found.001
2022-08-17 01:12 - 2022-03-08 12:29 - 000000000 __SHD C:\found.000
2022-08-17 01:03 - 2022-03-23 17:14 - 000000000 ____D C:\Program Files\Google
2022-08-17 01:01 - 2022-03-30 23:19 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\NCH Software
2022-08-17 00:40 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-08-17 00:38 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-08-16 22:50 - 2022-04-02 13:30 - 000000000 ____D C:\ProgramData\WinZip
2022-08-16 22:27 - 2022-03-23 14:43 - 000000000 ____D C:\Users\MIKE\AppData\Local\ConnectedDevicesPlatform
2022-08-16 22:21 - 2022-04-01 14:36 - 000000000 ____D C:\Users\MIKE\AppData\Local\Adaware
2022-08-16 21:52 - 2018-08-21 00:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-08-16 21:40 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-08-16 21:33 - 2018-08-21 00:03 - 000000000 ____D C:\Program Files\Microsoft Office
2022-08-16 21:30 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-08-16 21:30 - 2018-04-12 01:38 - 000000076 _____ C:\WINDOWS\win.ini
2022-08-16 21:19 - 2022-03-30 23:17 - 000000000 ____D C:\ProgramData\NCH Software
2022-08-16 21:19 - 2022-03-30 23:17 - 000000000 ____D C:\Program Files (x86)\NCH Software
2022-08-16 21:08 - 2022-04-01 00:46 - 000000000 ____D C:\Users\MIKE\AppData\Roaming\Adaware Protect
2022-08-16 06:30 - 2018-08-21 09:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-08-11 08:32 - 2022-03-23 17:14 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-08-11 08:32 - 2022-03-23 17:14 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-08-10 16:12 - 2022-03-28 07:16 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-08-10 16:12 - 2022-03-23 17:20 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-08-10 16:12 - 2022-03-23 17:20 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-08-10 01:55 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-08-10 01:55 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-08-10 01:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-08-10 01:07 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-08-10 01:02 - 2022-03-28 07:14 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-08-10 01:02 - 2020-11-19 01:12 - 000415530 __RSH C:\bootmgr
2022-08-10 00:37 - 2022-03-23 16:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-08-10 00:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-08-10 00:33 - 2022-03-23 16:58 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-08-07 16:02 - 2022-04-07 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2022-08-07 16:02 - 2022-04-07 17:03 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2022-08-07 16:02 - 2022-03-31 09:52 - 000000000 ____D C:\ProgramData\EPSON
2022-08-07 16:01 - 2022-03-31 15:47 - 000000000 ____D C:\Program Files (x86)\epson
2022-08-07 14:46 - 2022-04-27 15:22 - 000000000 ____D C:\Users\MIKE\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ========

2022-08-17 01:27 - 2022-08-22 12:57 - 000000004 _____ () C:\ProgramData\lock.dat
2022-08-17 01:29 - 2022-08-21 17:16 - 000000004 _____ () C:\ProgramData\rc.dat
2022-08-17 01:27 - 2022-08-17 01:27 - 000000008 _____ () C:\ProgramData\ts.dat
2022-05-11 03:57 - 2022-05-11 03:57 - 000248375 ___SH () C:\Users\MIKE\AppData\Roaming\biegdst
2022-05-11 03:57 - 2022-05-11 03:57 - 000042064 ___SH (Microsoft Corporation) C:\Users\MIKE\AppData\Roaming\cuagivi
2022-04-08 12:13 - 2022-04-08 12:13 - 000440003 _____ () C:\Users\MIKE\AppData\Roaming\PicoPDF.dmp
2022-05-11 03:57 - 2022-05-11 03:57 - 000160970 ___SH () C:\Users\MIKE\AppData\Roaming\scsvjbe
2022-05-11 03:57 - 2022-05-11 03:57 - 000045984 ___SH (Microsoft Corporation) C:\Users\MIKE\AppData\Roaming\sfagivi
2022-05-11 03:57 - 2022-05-11 03:57 - 000248375 ___SH () C:\Users\MIKE\AppData\Roaming\ujiwacr
2022-08-17 01:00 - 2022-08-17 01:00 - 000000560 _____ () C:\Users\MIKE\AppData\Local\bowsakkdestx.txt
2022-06-13 17:21 - 2022-06-13 17:21 - 000006422 _____ () C:\Users\MIKE\AppData\Local\recently-used.xbel

==================== FLock ==============================

2022-09-03 20:57 C:\HarmonyBackup

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by MIKE (05-09-2022 22:30:36)
Running from F:\FRST64
Microsoft Windows 10 Pro Version 21H2 19044.1889 (X64) (2022-03-28 05:16:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2977571575-3800452491-4211310233-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2977571575-3800452491-4211310233-503 - Limited - Disabled)
Guest (S-1-5-21-2977571575-3800452491-4211310233-501 - Limited - Disabled)
MIKE (S-1-5-21-2977571575-3800452491-4211310233-1002 - Administrator - Enabled) => C:\Users\MIKE
WDAGUtilityAccount (S-1-5-21-2977571575-3800452491-4211310233-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: adaware antivirus (Enabled - Up to date) {FFB95045-56CC-82A1-7DEC-4BB6C6BF7C0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\uTorrent) (Version: 3.5.5.46348 - BitTorrent Inc.)
12 Labours of Hercules 6 - Race for Olympus CE (HKLM-x32\...\12 Labours of Hercules 6 - Race for Olympus CE) (Version: 1.0.0.2 - LeeGT-Games)
12 Labours of Hercules V - Kids of Hellas Collectors Edition (HKLM-x32\...\12 Labours of Hercules V - Kids of Hellas Collectors Edition) (Version: 1.0.0 - LeeGT-Games)
12 Labours of Hercules VII - Fleecing the Fleece CE (HKLM-x32\...\12 Labours of Hercules VII - Fleecing the Fleece CE) (Version: 1.0.0.2 - LeeGT-Games)
7-Zip 19.02 alpha (x64) (HKLM\...\7-Zip) (Version: 19.02 alpha - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{6452120E-72FC-49D7-AB36-7042CC9746FB}) (Version: 31.0.0 - 8GadgetPack.net)
adaware antivirus (HKLM-x32\...\{CC7DEE8D-CA32-4162-8B8F-067A2D970B7D}_AdAwareInstaller) (Version: 12.10.191.0 - adaware)
Adaware PC Cleaner v7.2.0 (HKLM-x32\...\Adaware PC Cleaner_is1) (Version: 7.2.0 - Adaware Software)
Adaware Protect (HKLM\...\{BA732CF8-C0FC-4E40-A327-71B9F4C38318}) (Version: 1.2.439.4251 - Adaware) Hidden
Adaware Protect (HKLM-x32\...\Adaware Protect) (Version: 1.2.439.4251 - Adaware Software)
Adaware Safe Browser (HKLM\...\{5669F509-0665-430A-85E9-881F6F7D9F00}) (Version: 1.1.18.0 - Adaware) Hidden
Adaware Safe Browser (HKLM-x32\...\Adaware Safe Browser) (Version: 1.1.18.0 - Adaware Software)
AdAwareInstaller (HKLM\...\{CC7DEE8D-CA32-4162-8B8F-067A2D970B7D}) (Version: 12.10.191.0 - adaware) Hidden
AdAwareProxyEngine (HKLM\...\{707ADB61-AFA1-4647-887C-45D61879779E}) (Version: 1.2.56.0 - adaware) Hidden
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.002.20191 - Adobe)
AntimalwareEngine (HKLM\...\{A3B73EF9-E184-4128-81D9-AB76BAB83C6A}) (Version: 3.1.283.0 - adaware) Hidden
AntispamEngine (HKLM\...\{28E6F5DF-7885-4023-B8DC-526F3B03A9B7}) (Version: 2.7.1.465 - adaware) Hidden
Any PDF to DWG Converter 2013 (HKLM-x32\...\Any PDF to DWG Converter_is1) (Version: - AnyDWG Software, Inc.)
AvcEngine (HKLM\...\{A2EBCEC7-5F2E-444C-8AE9-14868B85E711}) (Version: 3.45.318.0 - adaware) Hidden
blSearcher 1.12 (HKLM-x32\...\{316AD48E-91B4-4910-9006-34C0A68371E9}_is1) (Version: 1.3.0.12 - BLSearcher)
Bolt PDF Printer (HKLM-x32\...\BoltPDF) (Version: 2.03 - NCH Software)
Bullzip PDF Printer 12.2.0.2905 (HKLM\...\Bullzip PDF Printer_is1) (Version: 12.2.0.2905 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 6.03 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 104.0.18088.104 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1208.2 - Piriform Software) Hidden
Check Point Early Launch Anti-Malware driver (HKLM-x32\...\{C08A1E50-6748-470E-8F9E-09CADEED73B1}) (Version: 8.68.63.1 - Check Point Software Technologies Ltd.) Hidden
Check Point SBA (HKLM\...\{5C8F5BF9-5AAE-44E4-BDE4-6D3A94C33A47}) (Version: 86.62.5012 - Check Point Software Technologies Ltd.) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (HKLM\...\{66C10F29-31F0-4A9B-B2CF-465F488AE086}) (Version: 15.0.487 - Corel Corporation) Hidden
CrystalDiskInfo 8.16.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.16.1 - Crystal Dew World)
DataCAD 16 (HKLM-x32\...\{0E9D81AE-03F0-42B2-A9BE-75D347CFF537}) (Version: 16.04.01 - DATACAD LLC)
DataCAD 19 (HKLM-x32\...\{65C9BB7F-1A20-4133-9167-9999518E1773}) (Version: 19.03.01.04 - DATACAD LLC)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 6.23 - NCH Software)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{E244A764-EDD0-46B0-8689-661F6B28D9E5}) (Version: 3.10.0069 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L386 Series Printer Uninstall (HKLM\...\EPSON L386 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{AA6AE72A-371E-4454-9066-3D02BB4BC4E9}) (Version: 3.3.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{14898485-6509-496B-8C30-D5DB8C1C8639}) (Version: 4.6.3 - Seiko Epson Corporation)
e-Sword (HKLM-x32\...\{30589E5B-46DD-446F-B3DA-5D9F5AE5CC3E}) (Version: 13.00.0000 - Rick Meyers)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 9.33 - NCH Software)
FirewallEngine (HKLM\...\{61DA9936-116C-4EBF-9DAC-34E1748B936A}) (Version: 3.0.1.32 - adaware) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
GIMP 2.10.30 (HKLM\...\GIMP-2_is1) (Version: 2.10.30 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.81 - Google LLC)
Google Earth Pro (HKLM\...\{DE181B35-ACEF-4DB0-86D9-731D5767ABB1}) (Version: 7.3.4.8642 - Google)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Iperius Backup version 7.6.0.0 (HKLM-x32\...\Iperius Backup_is1) (Version: 7.6.0.0 - Enter Srl)
IrfanView 4.50 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.50 - Irfan Skiljan)
K-Lite Codec Pack 13.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Logitech SetPoint 6.70 (HKLM\...\sp6) (Version: 6.70.55 - Logitech)
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version: - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.27 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.25 - Microsoft Corporation)
Microsoft Office 64-bit Components 2016 (HKLM\...\{90160000-002A-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2016 (HKLM-x32\...\{90160000-00E1-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2016 (HKLM-x32\...\{90160000-002C-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM-x32\...\{90160000-001F-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2016 (HKLM\...\{90160000-002A-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2016 (HKLM\...\{90160000-0116-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2016 (HKLM-x32\...\{90160000-006E-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2016 (HKLM-x32\...\{90160000-0115-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\OneDriveSetup.exe) (Version: 22.166.0807.0002 - Microsoft Corporation)
Microsoft Project MUI (English) 2016 (HKLM-x32\...\{90160000-00B4-0409-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Project Professional 2016 (HKLM-x32\...\{90160000-003B-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Project Professional 2016 (HKLM-x32\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037 (HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30037 (HKLM\...\{529D20E8-132A-4F1A-A25F-9211B8C943AC}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30037 (HKLM\...\{C874FB5A-1C85-460A-A4A9-CBCC3FAE7880}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 Finalizer (HKLM-x32\...\{5950473A-825B-3019-AF86-55F2F9A95FCB}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Module linguistique Français (HKLM\...\{BA14C6F7-A633-3E88-831B-FCC197A5A17D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket (HKLM\...\{36B98E65-CA52-348C-9ED7-77B926A16C2D}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA (HKLM\...\{73A36613-1F8F-3D94-B28A-4CC0E3CAECB5}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN (HKLM\...\{DDDF762A-2D1D-36A3-9B70-70BD62B4EDCF}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩 (HKLM\...\{2F884A17-E051-3DB7-B093-6274C98740F6}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack (HKLM\...\{73A64813-E631-3807-8E78-BA679EDA09A8}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support (HKLM\...\{5707EC26-AA9F-32C6-B7C1-347A3482CEC0}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件 (HKLM\...\{FB501A6E-CA6D-36DA-8860-17F0E6D89155}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包 (HKLM\...\{CD56C9B9-FB98-372B-8BC7-FDA312CD2511}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket (HKLM-x32\...\{CAAC553D-EE02-32D2-9F7E-FBC5C22E4C08}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA (HKLM-x32\...\{B8FD8F53-7E58-3DE5-A8FC-CB2B5CCF38CE}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français (HKLM-x32\...\{3371699A-C1EF-3AC3-B094-D338191FA6E9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN (HKLM-x32\...\{A3EB1DE3-9D3F-34C2-BDE6-5A8A4B98CC37}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩 (HKLM-x32\...\{955E1388-E1F1-320A-A018-24616ED60F95}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack (HKLM-x32\...\{859C7535-6862-3867-B97E-816795E8AB65}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support (HKLM-x32\...\{CF06B8C4-F6FC-3A4B-ADD0-04A1CAC3DD86}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件 (HKLM-x32\...\{0FE6DE07-8CBA-3F73-86B4-51B91E506D24}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包 (HKLM-x32\...\{7259BDDA-D888-309D-ADE1-84AA0CB24FE9}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support (HKLM\...\{9D6CE289-E12C-38BB-9999-E2377EC118B7}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support (HKLM-x32\...\{7C931D41-F302-3494-868C-320A4F4DD9F9}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
MiniTool Partition Wizard 12.6 DEMO (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited)
MiniTool ShadowMaker PW Edition (HKLM-x32\...\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1) (Version: 3.6 - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.7.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.7.0 (x64 en-US)) (Version: 91.7.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 91.8.1 (x64 en-US)) (Version: 91.8.1 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\Mozilla Thunderbird 91.13.0 (x64 en-US)) (Version: 91.13.0 - Mozilla)
OnlineThreatsEngine (HKLM\...\{D2D51E1D-F784-4076-AE9D-924D9EFD04A5}) (Version: 3.0.3.37 - adaware) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Suite 2021 (HKLM\...\{E3FB8DAB-D5DF-4E92-9110-EC0601392352}) (Version: 19.0.22.5120 - Interactive Brands Malta Limited) Hidden
PDF Suite 2021 (HKLM-x32\...\PDF Suite 2021) (Version: 19.0.22.1837 - Interactive Brands Malta Limited)
PDF Suite 2021 OCR TESS Module (HKLM\...\{E6C764F8-F894-459D-9EA3-FD05F613B6AD}) (Version: 19.0.22.5120 - Interactive Brands Malta Limited) Hidden
PicoPDF PDF Editor (HKLM-x32\...\PicoPDF) (Version: 3.15 - NCH Software)
SketchUp 2018 (HKLM\...\{C702DD60-EBF4-4961-8B7D-F209B361F985}) (Version: 18.0.16975 - Trimble, Inc.)
Stellar Data Recovery (HKLM\...\Stellar Data Recovery_is1) (Version: 10.2.0.0 - Stellar Information Technology Pvt Ltd.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.33.7 - TeamViewer)
toc (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\toc) (Version: 1.55 - NewGame Dest Corp)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
WeatherZero (HKLM-x32\...\WeatherZero) (Version: - Weather Zero)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinZip 26.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}) (Version: 26.0.15033 - Corel Corporation)
ZoneAlarm (HKLM-x32\...\{4073CD02-7996-48D7-AFDF-297676C27CA6}) (Version: 3.005.0089 - Check Point Software)
ZoneAlarm Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Check Point Software Ltd.) Hidden
Zoom (HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
Bubble Shooter Delight -> C:\Program Files\WindowsApps\GSoftTeam.BubbleShooterDelight_1.1.22.0_x64__65ca9qnt7cjzg [2022-04-02] (G Soft Team)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-31] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2977571575-3800452491-4211310233-1002_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\MIKE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2022-08-16] () [File not signed]
ContextMenuHandlers1: [PDFSuite2021_ManagerExt] -> {D62D69E8-B2F4-4014-AACE-F8BB8974FFAB} => C:\Program Files\PDF Suite 2021\context-menu.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareShellExtension.dll [2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareShellExtension.dll [2021-12-08] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => G:\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2022-08-16] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-08-16 21:19 - 2022-08-16 21:19 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2022-03-31 01:05 - 2019-01-26 21:23 - 000014848 _____ () [File not signed] C:\Users\MIKE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\AccentColor.64.dll
2022-03-31 15:51 - 2021-03-13 22:28 - 000221696 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2022-03-31 01:04 - 2019-10-17 08:38 - 000645120 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2022-03-31 01:05 - 2019-10-05 21:03 - 000483840 _____ (Helmut Buhler) [File not signed] C:\Users\MIKE\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll
2022-08-19 12:03 - 2019-09-05 21:00 - 000076800 _____ (Igor Pavlov) [File not signed] G:\7-Zip\7-zip.dll
2022-03-31 01:04 - 2012-05-19 06:16 - 000083456 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sbdrop.dll
2021-03-21 07:49 - 2021-03-21 07:49 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\SQLite\SQLite.Interop.dll
2022-07-06 00:52 - 2022-07-06 00:52 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\ZANG\Common\x86\SQLite.Interop.dll
2022-07-06 00:52 - 2022-07-06 00:52 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\ZANG\UI\x86\SQLite.Interop.dll
2016-05-09 09:20 - 2016-05-09 09:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-07-09 13:38 - 2019-07-09 13:38 - 000449536 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\PDF Suite 2021\libcurl.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\bearer\qgenericbearer.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 000047616 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\bearer\qnativewifibearer.dll
2022-09-02 17:13 - 2017-09-14 14:40 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qgif.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000036864 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qicns.dll
2022-09-02 17:13 - 2017-09-14 14:40 - 000030720 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qico.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qjpeg.dll
2022-09-02 17:13 - 2017-09-14 14:53 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qsvg.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qtga.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000353792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qtiff.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qwbmp.dll
2022-09-02 17:13 - 2017-09-14 14:49 - 000375296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\imageformats\qwebp.dll
2022-09-02 17:13 - 2017-09-14 14:41 - 001237504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\platforms\qwindows.dll
2022-09-02 17:12 - 2017-09-14 14:53 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\MiniTool ShadowMaker\Qt5Svg.dll
2022-08-13 01:01 - 2017-09-14 14:40 - 000884736 _____ (The Qt Company Ltd) [File not signed] G:\Program Files\MiniTool ShadowMaker\sqldrivers\qsqlite.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2020-11-21] (Logitech Inc -> Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: PDF Suite 2021 Helper -> {F0D4411A-8E0B-4254-99DF-7FC49E60F385} -> C:\Program Files\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-helper.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2020-11-21] (Logitech Inc -> Logitech, Inc.)
BHO-x32: PDF Suite 2021 Helper -> {F0D4411A-8E0B-4254-99DF-7FC49E60F385} -> C:\Program Files (x86)\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-helper.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
Toolbar: HKLM - PDF Suite 2021 Toolbar - {49B5689B-741D-46B7-8B3A-1F46EBA34C98} - C:\Program Files\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-plugin.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - PDF Suite 2021 Toolbar - {49B5689B-741D-46B7-8B3A-1F46EBA34C98} - C:\Program Files (x86)\PDF Suite 2021\creator\plugins\IEAddin\creator-ie-plugin.dll [2021-11-08] (PDF SUITE (7270356 Canada Inc) -> Interactive Brands Malta Limited)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Lotus Organizer EasyClip.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run: => "NCH Sync Service"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\StartupFolder: => "ncsyncer.lnk"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B1C096DAAEBE093C92CE107BC9DA366B"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "btweb"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "toc"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "csrss"
HKU\S-1-5-21-2977571575-3800452491-4211310233-1002\...\StartupApproved\Run: => "Pulngjtt"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{81F12201-D02F-4C1B-8673-C810574821B7}] => (Allow) C:\Program Files\Adaware Protect\openvpn.exe (Adaware Software (Lavasoft Software Canada Inc.) -> The OpenVPN Project)
FirewallRules: [{CB2ABA26-C63A-4CAF-8309-B9D62A1CBAA0}] => (Allow) C:\Program Files\Adaware Safe Browser\AdawareSafeBrowser.exe (Adaware Software (Lavasoft Software Canada Inc.) -> Adaware)
FirewallRules: [{8A2FFCA2-628F-4812-9A84-44A348D23A3B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{9603EF2E-761F-4A52-86D7-0A4C70356045}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{DFBA5CF1-DAED-465A-B5AB-40C6DA5090B2}] => (Allow) C:\Users\MIKE\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{720C6A19-658C-41A2-96CC-FFE552D2C620}] => (Block) %ProgramFiles% (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe => No File
FirewallRules: [{F5F4965E-06A6-469B-BD33-21E18563932C}] => (Block) %ProgramFiles% (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDRW.exe => No File
FirewallRules: [{C439F25B-DC5B-41B8-9B55-2D7763DC5EEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4051C7E0-5BA3-4036-B180-54CD218EA219}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A9BE204-4870-4B94-B480-065FB371B5A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{31EB131A-49D6-46AE-8326-FA39C40B52B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0211380D-06D5-4470-B109-6AAF26E01119}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A63285A6-4D2D-46C5-B53F-64C4B47037B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5BB9C936-B858-404C-8ECE-F11D7985988F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3AF6F0E3-5DED-44CE-8F94-12434EB0E208}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9F5000BE-2A90-4041-88FE-D51B7F94C6B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{000FB1CC-9F3F-45F2-AE70-6B041F87A7BA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{600F663E-80D7-41A7-A72A-D744EEBBF36F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A3AEC20-19BA-409F-8BC9-FEEBD34779C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{064E012A-9926-4D29-986D-A2B509A7A8C4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{190E3705-50F3-49E5-8D1F-C7F0412C624B}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣㍸㡌⹲硥e => No File
FirewallRules: [{8A13810E-E235-4FF4-834F-4384EAC05E97}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣档潲敭牤癩牥攮數 => No File
FirewallRules: [{C9618DBF-DDCC-41AE-A211-2F6E4DF786F6}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣桃潲敭䅜灰楬慣楴湯䍜牨浯⹥硥e => No File
FirewallRules: [{7B65261D-AB34-4B1D-A89B-29CCEEE81BFD}] => (Allow) 㩃啜敳獲䵜䭉居灁䑰瑡屡潒浡湩屧潴屣彤乱攮數 => No File
FirewallRules: [{4670A6D9-C74C-470D-B65C-169C991C3B96}] => (Allow) C:\Users\MIKE\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{36D400CF-7E17-4826-95ED-65E6A136B140}] => (Allow) C:\Users\MIKE\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{30B9E433-9831-47D5-B9F7-AA5070F83926}] => (Allow) F:\Program Files (x86)\Iperius Backup\Iperius.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{C2D8F83B-3A05-4D29-9831-08C88A229C96}] => (Allow) F:\Program Files (x86)\Iperius Backup\Iperius.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{F0414353-0E10-43BF-AAA1-2E3C2A954DE8}] => (Allow) F:\Program Files (x86)\Iperius Backup\IperiusService.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{7651FDBA-F75F-4B22-B4F9-A78634032356}] => (Allow) F:\Program Files (x86)\Iperius Backup\IperiusService.exe (ENTER S.R.L. -> Enter Srl)
FirewallRules: [{B149F00E-7528-4E78-A8D2-312B20DD5AEF}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{D280120D-872D-4441-9E39-F2F3C5220FDC}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{2F85DBFD-3586-4B12-A381-E9CF09404377}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{88B76AB2-B9BA-45AF-8C1B-BC691150BF49}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{67F9199C-7006-4576-9064-4EA03C6ABD86}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CECA27F8-586B-4CFB-8FDD-C54CE1E69AA0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F135B854-4F7E-4F23-9D06-842673B4F229}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6B32B644-57A0-47B3-82F4-646C0F5CF37E}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{D63F23C7-6F0C-43BE-86FE-16A72A2C7DCA}] => (Allow) G:\Program Files\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{4AABCAC0-F77B-4CD5-9ECE-48CFDF9DA9ED}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.25\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

20-08-2022 15:54:38 Installed Lotus SmartSuite - English
30-08-2022 00:14:33 Scheduled Checkpoint
31-08-2022 21:55:56 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
05-09-2022 22:05:17 Removed Corel Graphics - Windows Shell Extension.
05-09-2022 22:06:43 Removed Corel Graphics - Windows Shell Extension 64 Bit.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/05/2022 10:58:02 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (09/05/2022 10:54:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.19041.1865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3a54

Start Time: 01d8c169a68fc2c7

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: ffdd2257-3bf9-405b-8909-cb8721e042ec

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (09/05/2022 10:11:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.1865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3638

Start Time: 01d8c1635ed6b438

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 1609bb11-d61b-43e3-917c-59d65a160835

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Activation

Error: (09/05/2022 10:08:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

Error: (09/05/2022 09:55:34 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (09/05/2022 09:12:42 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (13912,D,50) WebCacheLocal: An attempt to open the file "C:\Users\MIKE\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/05/2022 09:03:18 PM) (Source: ESENT) (EventID: 439) (User: )
Description: DllHost (10980,D,0) WebCacheLocal: Unable to write a shadowed header for file C:\Users\MIKE\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.

Error: (09/05/2022 09:03:18 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (10980,D,0) WebCacheLocal: An attempt to open the file "C:\Users\MIKE\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (09/05/2022 11:00:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The UsoSvc service terminated with the following error:
The system cannot find the file specified.

Error: (09/05/2022 10:58:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (09/05/2022 10:58:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Client License Service (ClipSVC) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/05/2022 10:58:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Client License Service (ClipSVC) service to connect.

Error: (09/05/2022 10:58:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (09/05/2022 10:58:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UsoSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/05/2022 10:58:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the UsoSvc service to connect.

Error: (09/05/2022 10:58:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-MQ5TQ99)
Description: DCOM got error "1053" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}


Windows Defender:
================
Date: 2022-08-28 23:27:01
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...94&enterprise=0
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_G:\Corel X 5\COrel Draw X5\CorelDRAW.Graphics.Suite.X5.SP3.v15.2.0.695\Keygen\keygen.exe; file:_G:\Corel X5 Install\CorelDRAW.Graphics.Suite.X5.SP3.v15.2.0.695\Keygen\keygen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe
Security intelligence Version: AV: 1.373.798.0, AS: 1.373.798.0, NIS: 1.373.798.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-08-28 23:26:31
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...94&enterprise=0
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: file:_G:\Corel X5 Install\CorelDRAW.Graphics.Suite.X5.SP3.v15.2.0.695\Keygen\keygen.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: F:\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareService.exe
Security intelligence Version: AV: 1.373.798.0, AS: 1.373.798.0, NIS: 1.373.798.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-08-28 06:49:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-27 07:53:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-25 17:49:15
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...63&enterprise=0
Name: PUA:Win32/Keygen
Severity: Low
Category: Potentially Unwanted Software
Path: containerfile:_K:\193032 - Data-500gb\Filing\Downloads\SketchUp 2013 Pro\patch\Patch.exe; file:_K:\193032 - Data-500gb\Filing\Downloads\SketchUp 2013 Pro\patch\Patch.exe->(Aspack v2.2)
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.373.798.0, AS: 1.373.798.0, NIS: 1.373.798.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2
Event[0]:

Date: 2022-08-27 18:08:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2022-08-27 18:08:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2022-08-27 18:08:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2022-08-27 18:07:41
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2022-08-27 18:07:41
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.373.798.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19500.2
Error code: 0x80072ee2
Error description: The operation timed out

CodeIntegrity:
===============
Date: 2022-09-05 22:58:02
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\adaware antivirus\adaware antivirus\12.10.191.0\AdAwareSecurityCenter.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2022-09-05 22:58:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V11.13B2 03/06/2012
Motherboard: MSI H67MA-E35 (MS-7680)
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 83%
Total physical RAM: 8102.86 MB
Available physical RAM: 1359.48 MB
Total Virtual: 11814.86 MB
Available Virtual: 4049.19 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:222.55 GB) (Free:119.7 GB) (Model: SanDisk SSD PLUS 240GB ATA Device) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:9.77 GB) (Free:9.64 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive f: (PROGRAMMES2) (Fixed) (Total:250.89 GB) (Free:208.42 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive g: (PROGRAMMES) (Fixed) (Total:170.13 GB) (Free:22.18 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive h: (CAD) (Fixed) (Total:170.06 GB) (Free:81.01 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive i: (DATA) (Fixed) (Total:165.18 GB) (Free:140.62 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive j: (FILLING) (Fixed) (Total:165.04 GB) (Free:131.72 GB) (Model: WDC WD10EZRX-00A8LB0 ATA Device) NTFS
Drive k: (WINDOWS) (RAMDisk) (Total:222.55 GB) (Free:120.27 GB) (Model: SanDisk SSD PLUS 240GB ATA Device) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{8eb65112-0000-0000-0000-40a337000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{8eb65112-0000-0000-0000-a0c337000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{3156db60-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 8EB65112)
Partition 1: (Active) - (Size=222.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=517 MB) - (Type=27)
Partition 3: (Not Active) - (Size=524 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3156DB60)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=250.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=670.4 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

Thanks
Mike
  • 0

#6
DR M
Posted 06 September 2022 - 11:22 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Mike.

 

What about SketchUp 2013 Pro?

 

What about Adware antivirus? Did you intentionally install it? Although a legal program, sometimes comes bundled with adware, and therefore it is detected as such by some of our cleaning tools.
 
And the most important: what about the operating system itself? Is it activated with an OEM or a Retail license? 

 

Perhaps these questions seem to you too much, but as I said in my first post to you, having pirated programs is the best and easiest way to infect your computer. In case the operating system is not legally activated, there is no need to spend time to clean the system, since it is going to be infected soon or later. And there is also the legal part and the Forums rules.
 
Let's check that:

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter:
slmgr /dli
  • After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.

  • 0

#7
MikeBack
Posted 06 September 2022 - 03:02 PM

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Hi Dr M

 

I took over the computer from a college who died in 2017.  I did not know that SketchUp 2013 Prop was on the machine, I only know that SketchUp 2018 Pro is installed and operational and is licensed, the only reference that I can find on the machine to SketchUp 2013 are the components from SketchUp, no active programme. 

 

With regards to Windows itself.   The computer crashed in 2020 after a Ransomware attack.  it was taken back to Proline, the suppliers of the machine to be repaired and returned in running order.  I have no idea whether it is an OEM or Retail version

 

The screen shot asked for is below:

 

                                                             

 

 

Thank you

 

Mike

Attached Thumbnails

  • Capture.JPG

  • 0

#8
DR M
Posted 07 September 2022 - 09:34 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Hi.
 
It is neither OEM nor Retail licensed. It is activated with the help of the KMS service. KMS Client and Volume MAK product keys, are volume license keys that are not-for-resale.  They are issued by organizations for use on client computers associated in some way with the organization. In your case, the license is activated with the help of a hack tool, that's why you see that it is going to expire in 96 days. 
 
Having said that, unfortunately I can't help you, until you legally activate Windows with a legal license. Meaning, buy a Retail license.
 
I have for you some questions in order to understand the situation.
 
When did you buy this computer, what operating system was installed? Do you remember anything about it? E.g. Windows XP, Vista, Windows 7 Home, Windows 10 Pro? If it is a laptop, you can check for a label on its back and see what is says. 

  • 0

#9
MikeBack
Posted 07 September 2022 - 10:59 AM

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Hi Dr.M

 

I acquired the computer in Nov. 2017 when a fellow architect passed away and I took over his outstanding projects.  When I got it, it had Windows Pro 10 running as the operating system.

Since then it has been to 3 different computer specialists, 1 to put in a new 1Tb Harddrive, and 2 because of virus problems, the first virus/ransomware attack was with a so-called windows update, this last one when I was looking for a trial version of Micrsoft Project

 

On the side of the computer there is a label stating :

 

Windows 7 Pro     

PROLINE   a bar code   and then     FOG-04435

PRODUCT KEY  XXXXXXXXXXXXXXXXXXX   bar code and then X16 - 90691

On the bottom of the label  0186 - 726 - 460 - 817

 

i have always thought that that this was a legal copy of Windows 10, as the chap who died said that he had upgraded to Windows 10 under the free upgrade that was offered when V10 first came out.

 

Regards

Mike

 

Edited by DR M: Product key deleted


  • 0

#10
DR M
Posted 07 September 2022 - 01:52 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Since the computer came with Windows 7 Pro and there is a valid key, the upgrade to Windows 10 Pro should be free and the activation be valid. No need to use any method to activate, rather than this key.

 

So, someone did that without asking you. 

 

See this article here: How to change the product key on Windows 10 | Windows Central

 

Try to change the product key using settings. The product key is the key on the sticker at the back of the computer.

 

Let me know if the change was successful. 


  • 0

Advertisements

#11
MikeBack
Posted 07 September 2022 - 03:05 PM

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Hi Dr.M

 

Tried to activate using the Win7 product key as suggested.  Got this reply.  What does it mean?

 

Thanks

Mike

 

 

Attached Thumbnails

  • Capture-1.JPG

  • 0

#12
MikeBack
Posted 08 September 2022 - 02:59 PM

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hi Dr.M

I have now tried for the second time to activate using the Win 7 pro key without any luck.

The message that I get back states "The last product key (ID: 00330-50000-00000-AAOEM) you entered can't be used on this copy of Windows. (0x800705B4)

Does this mean that I must totally reinstall Win 10 Pro or I just need to purchase a valid copy of the programme and use the product key from the new copy?

I do not want to have to go through the process of re installing all the programmes on the computer. I have urgent work that I need to get completed and do not have the luxury of time to reinstall everything.

Thank You

Regards

Mike
  • 0

#13
DR M
Posted 09 September 2022 - 10:54 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Mike. 
 
Let's try this:

  • Press Windows icon key on your keyboard, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command and press Enter to execute it:
powershell "(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey
  • If the command returns a key, run the two commands below, each one followed by Enter. 
slmgr /ipk <Windows 10 activation key> 
slmgr /ato

Replace <Windows 10 activation key> with the key from the first command's output.

 

Let me know the result.


  • 0

#14
MikeBack
Posted 10 September 2022 - 07:20 AM

MikeBack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Hi DR M

 

When I did as requested, I got this reply:

C:\WINDOWS\system32>(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey
.OA3xOriginalProductKey was unexpected at this time.
C:\WINDOWS\system32>
 
If this is to look for an old key on the system, I do not think that it will find one.  The SSD was replaced after it crashed and Windows was reloaded.
 
Regards
Mike 

  • 0

#15
DR M
Posted 10 September 2022 - 12:49 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Mike.

 

It seems that you didn't copy/paste the whole content in the first command. 

 

Please try again. Use copy/paste and make sure to select everything in the code below (starting from the word powershell till the end):

powershell "(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP